According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.
Cloud Service Providers (CSP) and FedRAMP
FedRAMP’s defines Cloud Service Provider Partners as “FedRAMP authorized vendors [that] offer cloud services that allow federal agencies to securely and quickly meet their mission needs.”
A CSP that wishes to become FedRAMP-certified must complete the pre-authorization, authorization and post-authorization phases in order to qualify for a High, Moderate, Low or Low-Impact level of SaaS service. FedRAMP certification is key for a CSP wanting do work with U.S. government agencies, as it opens the door to service offerings such as SaaS (Software-as-a-Service), IaaS (Infrastructure-as-a-Service) and PaaS (Platform-as-a-Service), as well as Managed Service (MS).
Blending SaaS and MS
By definition, a SaaS model involves software distribution in which the vendor hosts, manages and keeps its applications up to date for its customer base. SaaS is perfect for agencies that have plenty of staff to utilize the SaaS applications and perform the daily tasks of monitoring and reporting.
Another model that is gaining steam in the cloud very quickly, is the cloud-based MS. Though there are many types of managed services, the most popular type dictates a transfer of the daily IT or application management staff responsibilities from the customer to the vendor CSP. This model is great for agencies that require SaaS tool services but may not have the staff to properly manage the day-to-day requirements of monitoring and reporting.
Tripwire, a traditional software security tools vendor, has just released a set of enhanced security tools that includes both on-premise and SaaS offerings, allowing distribution of software and services to its clients via the cloud. A cross between a SaaS and a MS, Tripwire’s “ExpertOps Federal” combines Tripwire’s acclaimed security tool “Tripwire Enterprise” and Tripwire’s highly regarded “Remote Service Management” into one full-service SaaS offering. With ExpertOps Federal, Tripwire provides both the software tools and the staff needed to manage and operate the tools. ExpertOps Federal enhances your security team by providing the tools, the IT administration, the monitoring, the reporting and any other daily, weekly, monthly, quarterly or annual services that may be required.
Benefits of ExpertOps Federal for CSPs
Because security compliance and hardening require astute focus from the security team, disruptions can cause deadlines to be missed, reports to not be sent out on time and a general sense of insecurity to be felt by management. Securing your environment can be considered a long-term goal that’s constantly evolving, while daily IT and security operations carry their normal lifecycle. One constant remains, however: an auditor will show up eventually.
The Tripwire ExpertOps Federal service provides all the capabilities of Tripwire Enterprise in a private secure cloud platform managed by dedicated security engineers. With Tripwire ExpertOps, your IT team can focus on priority items that come up while experts keep an eye on compliance and other security requirements your auditor will ask about later.
ExpertOps Federal houses and manages all the server components of Tripwire Enterprise along with the managed data from your environment in a FedRAMP-certified secure cloud. The solution connects to your environment, allowing Tripwire’s engineers to manage your systems remotely. After the initial deployment, which is handled by the Tripwire team, a Managed Security Engineer will be in charge of managing, maintaining, and upgrading all components of the security solution. This security engineer from Tripwire is part of your team and can join weekly meetings/working sessions related to your security operations. Although your staff may change, the Tripwire expert will be a consistent resource with knowledge about your environment 24x7x365.
Besides the upkeep of the solution, the Managed Security Engineer will also be working with your team to serve as a resource for your day-to-day security needs. With the solution being self-managed and contained, this will cut down on any associated costs of training and of additional maintenance to keep the solution running and ready.
Tripwire ExpertOps Federal Service Tiers
Tripwire ExpertOps Federal saves organizations the additional costs of licenses, training and hardware and can reduce total cost of ownership by up to 30 percent or more compared to a typical Tripwire Enterprise deployment. Tripwire ExpertOps Federal offers three subscription service tiers:
- Essential: Essential includes best-in-class FIM plus one standard policy, basic operation and monitoring. This tier provides day-to-day maintenance of the TE console and managed nodes as a managed service for those who need change management or compliance information. This is ideal if you’re just getting started with change management or compliance practices.
- Advanced: The Advanced tier builds on the essentials with two standard policies, custom app monitoring, additional change requests, analysis and Dynamic Software Reconciliation (DSR). Receive tactical tuning assistance to ensure the most important information is highlighted for action. View customized reporting dashboards with detailed analysis and results, and get dedicated problem resolution support.
- Advanced Plus: The most robust and comprehensive Tripwire ExpertOps Federal subscription also includes custom policies, process assistance and unlimited change requests, as well as DSR and the Tripwire Enterprise Integration Framework. With the Advanced Plus tier, an assigned program coordinator will work with you to develop an operational use plan with best practice recommendations, as well as assistance with change reconciliation and prioritization of suggested remediation activities.
Learn more about Tripwire ExpertOps Federal here: https://www.tripwire.com/-/media/TripwireDotCom/Files/solution-brief/Tripwire_ExpertOps_Federal_services_brief.pdf
Authors note: This blog was co-authored between David Henderson and Logan Guzman.