Responding to security threats
Federal, state, and local agencies are vulnerable to cyber-attacks for many reasons. But the biggest factor is their inability to keep pace with the changing tools and technology deployed by their attackers. The dizzying rate of change has left them flat-footed, facing seemingly insurmountable technical barriers.
In order to identify, stop, and remediate the damage of cyberattacks, government agencies are now pursuing multiple approaches. These include:
- Embracing the 2011 “Cloud First” Whitehouse policy in an effort to take advantage of the cloud value proposition and security capabilities.
- Investing in third-party technologies to help quickly mitigate security breaches, audit failures, and known gaps in their security profile.
- Requiring internal and external services and products to meet more rigorous certifications, such as NIST 800-53, to help improve their overall security profile and the effectiveness of their controls.
These are good point approaches, but they still lack the vision and implementation speed needed to keep up with the changing technology landscape and the threat from cyber criminals. This gap has created a multibillion-dollar opportunity for cloud-based SaaS providers with federal certifications such as FISMA, FedRAMP, and DISA. According to IDC, the federal government alone will spend $6.7 billion on cloud technologies in 2016 and $11.5 billion by 2019.
There is no doubt that companies are making a significant investment to build security and compliance solutions. In March, the annual RSA Conference hosted over 40,000 attendees, 400 sessions, and nearly 1,000 vendors. For the most part, though, these vendors are focused on commercial opportunities. This is due to the time and money it takes to achieve federal certifications such as FISMA, FedRAMP, and DISA.
If you are a SaaS provider interested in the government marketplace, your SaaS certification process could be streamlined and costs minimized by working with a Cloud Service Platform (CSP) that has already achieved these federal certifications for their IaaS and PaaS services. This enables you to reduce your certification down to the SaaS layer and reuse the CSP’s certifications. Microsoft and Amazon are two leading CSPs that have already achieved US Government FISMA, FedRAMP, and some DISA certifications.
Bridge Partners helps CSPs and third-party SaaS providers work together to enter the government market. The effort and timetables will vary for every SaaS provider, depending on your compliance and security maturity, but you could achieve your certifications at a lower cost and on an accelerated timetable. A CSP interested in partnering with a SaaS provider will be interested in their potential government revenue opportunity as well as the SaaS provider’s financial health and management ability.
Those that can meet these CSP expectations will be in a position to become an early government cloud SaaS market entrant and create a competitive advantage over other third-party SaaS providers.
For organizations interested in pursuing this multibillion-dollar marketplace, we recommend that you do the following:
- Assess the need for your SaaS solution by US government agencies. Does your solution have demonstrated evidence in the commercial marketplace? If not, we recommend focusing on commercial cloud implementations first. The exception is if you already have government customers that have implemented your on-premises solutions. If those same customers are candidates for your SaaS offering, you should move forward.
- Select the best government CSP. Selecting the right CSP is a critical component of your success in the government marketplace. If you want to meet the requirements of your target customers, you’ll need to pay special attention to security, privacy, and compliance policies when evaluating prospective CSPs.
- Achieve your federal, state, and local certifications. Most organizations have not invested in control assessments or the required policy, documentation, and technical requirements to achieve certifications. You should be fully aware of these requirements and ask if your organization is prepared to invest the time and money needed to succeed.
- Co-sell your SaaS solution. In order to sell to government agencies, you should leverage your CSP. If they have a strong government sales organization, you’ll benefit from their credibility, relationships, and access. And, since CSP sellers are compensated based on resource consumption (e.g. compute, storage, network, etc.), they are motivated to sell applications that drive consumption, not just their platform.
Success won’t come overnight. But for organizations that have the management support, technical skills, compliance maturity, and patience, the government cloud services market presents a multibillion-dollar opportunity.
Want to learn more about how Bridge Partners is helping SaaS solution providers achieve government certifications at a lower cost and on an accelerated timetable? Click here to get in touch.