The Route to FedRAMP Authorization for Devo

I joined Devo in May of 2021 to lead the company’s FedRAMP efforts. After a lot of work from many talented, experienced people, we have reached our first public milestone. Devo is now officially listed as “In-Process” on the FedRAMP Marketplace!

First, I want to thank the Small Business Administration (SBA) for being our FedRAMP sponsor. We couldn’t have achieved this initial milestone without their support.

FedRAMP Background

For those unfamiliar with FedRAMP, here’s a bit of background that shows why it’s important for the United States and for Devo. Formally known as the Federal Risk and Authorization Management Program, FedRAMP is a government-wide program designed to provide a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP makes it possible for agencies to use modern cloud technologies, particularly for security and protection of federal information, and helps accelerate the adoption of secure, cloud-based solutions.

So, what does it mean to be “In-Process” on our FedRAMP journey? It means Devo is committed to bringing to market a FedRAMP-authorized version of the Devo Data Analytics Platform. This includes our full log management capabilities, as well as our Security Operations and Service Operations applications. As part of the authorization process, Devo will undergo an independent audit and then we’ll work with the SBA and the FedRAMP Program Management Office (PMO) to obtain our Authorization to Operate (ATO) and then, ultimately, we’ll achieve FedRAMP authorization. Our goal is to be FedRAMP authorized by the fall of 2022.

My journey into FedRAMP has been long. I spent many years in the Air Force where I supported multiple USAF acquisition programs, a significant number of which were for software. In that role I learned that no matter how much we wanted innovative companies to submit proposals to fulfill our requirements, proposals primarily came from the same limited number of large defense contractors. I also had to engineer, build and staff data centers around the world to get software into the hands of our warfighters. This took years to accomplish, and often we’d learn right before deployment that the functional and operational requirements for the software had changed. When I retired from the service, I wanted to help fix this from the other side.

My passion is putting innovative software into the hands of government departments, agencies and bureaus as quickly and efficiently as possible. But this only makes sense when the software is a product the government needs and wants to buy. This is where Devo enters the discussion. I joined the company because Devo brings a compelling offering to government customers.

The Devo Value Proposition for the Federal Market

A number of things excite me about the value Devo can deliver to the federal market, including:

  • A Single Data Operations Platform: Federal customers can send all of their data to Devo for their complete auditing and security needs. There is no need to send data to multiple systems.
  • Native Multitenant Operations: It’s easy to support multiple global teams across Federal agencies with one tool and be fully confident that each team has access only to the data they need.
  • Advanced Security Analytics: Federal teams will be able to leverage Devo’s SIEM technology, backed by a wide collection of threat intel feeds and by Devo’s built-in analytics, detections and machine learning capabilities.
  • Service Operations: Provides the ability to leverage those audit logs to monitor the performance of your entire environment and enables organizations to connect security with performance issues.
  • Capable of Handling Audit Logs and Much More: Devo is a broad platform. It can be used for audit records, but it also can ingest and make available for query a wide range of federal government data. That’s why Devo offers the potential for significant data operations simplification across many federal entities.

Reaching “In-Process” is a great first milestone for Devo. Next up is preparing to pass our audit. So, now back to work as there is much to do.