Cohesity earns ‘Authorized’ status for FedRAMP^®

Editor’s note: This blog is an updated version of a post originally published on May 24, 2023.

Cohesity Cloud Services for Government has earned FedRAMP^® Moderate Authorization. This authorization is a significant milestone that underscores Cohesity’s commitment to the public sector.

Cohesity Cloud Services is a portfolio of software as a service (SaaS) offerings that simplify data management and data security. The solution consolidates data in the cloud, breaks down data silos, and reduces infrastructure complexity, to increase agility and derive more value from data.

As agencies move applications and data offsite to the cloud, a modern, agile approach to data backup and recovery is needed. With Cohesity Cloud Services, government agencies could utilize a fully-managed backup as a service (BaaS) that will run on AWS GovCloud. As such, it’s an attractive product for agencies that seek to offer a simple, efficient, and secure option to protect and manage data while improving cyber resilience as they move to the cloud.

Cohesity has helped thousands of organizations modernize how they secure and manage their data, including more than 200 federal agencies. Once we are certified, federal agencies and other organizations that require FedRAMP moderate authorization can consider Cohesity Cloud Services for the protection of their data against ransomware and other cyber threats.

Why FedRAMP matters

FedRAMP stands for Federal Risk and Authorization Management Program. It’s a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services. FedRAMP was created to provide a cost-effective, secure, and streamlined way for the government to manage the risks associated with using cloud services and to accelerate the adoption of secure cloud solutions.

For IT leaders in the public sector, FedRAMP is important because it helps ensure that cloud services used by the government meet the necessary security requirements. In fact, FedRAMP is mandatory for all federal agencies and their contractors that use cloud services.

The shift to the cloud is a generational change in how computing gets done. By using FedRAMP-authorized cloud services, IT leaders can have confidence that the cloud service providers they work with have gone through a rigorous security assessment process and have implemented the necessary security controls to protect sensitive government data. This can save IT leaders time and resources by reducing the need for redundant security assessments and evaluations while also reducing the risk of security breaches and data loss.

Watch the demo: AWS EC2 and RDS Backup as a Service using Cohesity DataProtect delivered as a service in GovCloud

A rigorous process to achieve FedRAMP Authorization

To achieve FedRAMP status, Cohesity Cloud Services for Government underwent a rigorous security assessment to ensure that it meets the necessary security requirements to handle sensitive government data. This process includes an audit of Cohesity’s security controls, policies, and procedures to ensure that they meet or exceed the government’s security standards.

To become FedRAMP authorized, Cohesity will follow the three steps below:

1. Security assessment: The cloud service provider must undergo a security assessment, which includes an evaluation of its security controls, policies, and procedures. This assessment is conducted by an accredited third-party assessment organization (3PAO).
2. Authorization: After completing the security assessment, the cloud service provider must receive authorization from the government agency responsible for its data, such as the Department of Defense or the General Services Administration. This authorization is based on the results of the security assessment and ensures that the cloud service provider meets the necessary security requirements.
3. Continuous monitoring: Once authorized, the cloud service provider must undergo ongoing monitoring to ensure that it continues to meet the necessary security requirements. This monitoring is conducted by select third parties and includes regular security assessments and evaluations.

FedRAMP authorization means that our cloud services will be designed to meet the necessary security requirements to handle sensitive government data. This provides assurance to government agencies and other customers that the Cohesity Cloud Services for Government are secure and can be trusted to handle their data.

FedRAMP matters for IT leaders in state and local government and education

FedRAMP has become such a dominant approach to security and compliance that state agencies, local governments, and educational institutions require this designation as well. Learn how Cohesity has helped public sector organizations simplify their data security and management:

• United States Department of Agriculture
• University of California, Santa Barbara

FedRAMP benefits the enterprise

FedRAMP authorization can be important to enterprise IT leaders for the following reasons:

1. Increased trust and credibility: FedRAMP authorization demonstrates to customers and partners that Cohesity has met rigorous security standards and has implemented appropriate security controls to protect sensitive data.
2. Cost savings: Businesses can benefit from the cost savings associated with using FedRAMP-authorized cloud services. Cohesity Cloud Services for Government has already undergone a security assessment and authorization process. This can save you time and money compared to conducting your own security assessments.
3. Ability to work with government clients: If a private sector company provides cloud services to government clients, FedRAMP authorization can be a key differentiator. Having this authorization can make it easier for private sector companies to win contracts with Government agencies required to use FedRAMP-authorized cloud services.
4. Best practices: FedRAMP authorization involves adherence to best practices for cloud security, which can be valuable for private sector IT leaders looking to improve their own cloud security practices.

FedRAMP authorization may not be mandatory for private sector companies, but seeking this authorization for your data security and management solution can provide an upside.

Our continuing FedRAMP journey

The FedRAMP authorization isn’t something awarded to vendors in perpetuity—far from it. This authorization requires regular audits to ensure that our platform and services are governed and controlled according to the FedRAMP requirements. By definition, FedRAMP authorization is an ongoing commitment.

This authorization is the first major milestone for Cohesity on our journey to partner with the public sector to modernize data security and management. We invite you to join us and learn more:

• Read the press release
• Learn how public sector customers use Cohesity to improve their security posture
• Request a free trial of Cohesity Cloud Services to start your journey today!
• Watch all the Cohesity GovCloud demos to simplify and secure your backup and recovery:
  • GovCloud – Protecting your AWS Workloads with Cohesity BaaS
  • GovCloud – Protecting your VMware Workloads with Cohesity BaaS
  • GovCloud – M365 DataProtection