How do I get the help I need without giving up the control I demand?
FedRAMP authorization is a long, complex process. Few companies have the internal expertise to achieve this milestone without significant external assistance. But which way to turn?
On the one side are the very large, experienced, expensive consulting organizations that shepherd you through the process and will build you a full-custom solution. But this manual approach takes a long time, costs lots of money, and in the end, you’ll likely be wholly dependent on their organization to operate and maintain it.
On the other side are the new breed of Managed PaaS providers who invite you to insert your SaaS application into their pre-built PaaS cloud, saving you time and money, but often forces you to forfeit visibility and control over your own solution.
In the middle is Anitian, with a balanced combination of customized assistance and pre-built technology that’s applied into your cloud environment, so you get the accelerated time-to-ATO that you need without sacrificing the control you require.
Consultant-heavy approach
Full-Custom
The traditional approach to obtaining FedRAMP assistance has been to hire a large consulting organization with established expertise in FedRAMP compliance. They will work with you to help customize your application and to add the necessary security controls and processes to meet FedRAMP requirements. This is a fully-customized, manual process that can be extremely lengthy and very expensive. You do end up owning the end solution and the ATO authorization, but often need to rely on continued support from the consulting company to operate and maintain your SaaS environment and your ATO authorization.
Technology-heavy approach
Managed PaaS
In an effort to reduce the time and cost of achieving FedRAMP ATO, some vendors offer a Platform-as-a-Service solution. With this approach, you insert your SaaS application into their PaaS environment. The platform includes a set of pre-defined security services, which provides the potential to speed-up the FedRAMP authorization process.
The downside is that you no longer fully control your own SaaS application and are dependent on the platform vendor to maintain their portion of the solution. You lose visibility and flexibility into the Cloud environment. If you decide to change vendors or bring your solution in-house, you will likely need to start over with your FedRAMP authorization process.
Managed PaaS suppliers vary as to their exact implementation – in some cases you don’t even own your own ATO listing. The PaaS suppliers also vary widely in their experience levels and FedRAMP expertise, and what post-ATO services they are able to provide.
balanced approach
Anitian FedRAMP Comprehensive
The Anitian approach combines the best of both techniques. Anitian has a FedRAMP team whose experience and deep expertise guides you through every phase of the FedRAMP process and has achieved many successful customer ATOs. And Anitian heavily leverages technology to accelerate your time to ATO, providing pre-authorized, pre-configured, cloud-native security services from either AWS or Azure cloud providers. These modules are integrated into your cloud environment, so you maintain complete control and visibility over your entire FedRAMP-authorized solution.
Anitian also provides a full-range of post-ATO support, with ConMon services and 24×7 SOC support. But you are not required to use these services to maintain your FedRAMP ATO: our customers continue to rely on Anitian for their ongoing FedRAMP support because they want to, not because they have to.
