Since faster time to value is critical for organizations, cumbersome compliance regulations are a stumbling block to this objective.
Anitian Inc. hastens the process of software vendors accessing the more than $200-billion public sector and federal market, according to Ryan Farris (pictured), vice president of products and engineering at Anitian. This includes taking away the headache of writing an 800-page system security plan as part of the FedRAMP compliance process.
“If you know anything about FedRAMP and if you’ve looked into it, it takes a long time to achieve FedRAMP,” Farris stated. “So when customers go into this cold, they usually find that it’s an 18-month journey, maybe a 24-month journey. And so Anitian helps shorten that journey with lower costs and faster time to market.”
Farris spoke with theCUBE industry analyst Lisa Martin during the “Cybersecurity — Detect and Protect Against Threats” event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Anitian enables enterprises to unlock more government revenue streams by shortening and easing the FedRAMP compliance process. (* Disclosure below.)
FedRAMP compliance is a mind-boggling affair
The path to FedRAMP compliance is a rocky one, according to Farris. It includes coming up with a technical deployment story, which is voluminous.
“So if you’re doing it without Anitian, then you have to go on that journey and learn about three primary things,” he stated. “One thing is, how do I just write the entire package? There’s another piece of it around what does my environment look like? There can be either a dozen or maybe up to 100 things that you have to tweak and change. The third thing is keeping you compliant in your AWS environment after you’ve achieved that readiness state.”
Attaining FedRAMP Authority to Operate, or ATO, is not the end of the journey, because the process is continuous. Nevertheless, Anitian has helped disrupt the federal market that traditionally took multiple years and multiple millions of dollars to get FedRAMP ready, according to Farris.
“So the journey does not stop once you achieve FedRAMP ATO,” he stated. “It goes on and on and on, and Anitian helps customers maintain and keep them there in that fully compliant state after achieving ATO. So if you’re waiting for a revenue stream from, say, a government entity, we can get you there faster and get you to a state of FedRAMP certification in a shorter time period.”
Creating an aha moment in the compliance process
Using a “mental model,” Farris helps enterprises understand what it entails to onboard the FedRAMP compliance procedure, which plays an instrumental role in developing an aha moment.
“So when I’m on the phone with prospects, and I’m talking to them about embarking on a journey, I kind of get them to a mental model where they treat their application VPC or their application environment as sort of ‘A,’ and we deploy a separate VPC into their cloud account,” he stated. “I think once customers really start to understand and synthesize that mental model, then they kind of have this aha moment.”
Using the best-case scenario, Anitian renders a three-month accelerated time frame for enterprises to onboard the FedRAMP process. This plays an instrumental role in accelerating time to value regarding compliance and readiness, according to Farris.
“They’re like, ‘Oh, OK, now I really understand how your platform can accelerate this journey into a period that is no more than say two or three months of onboarding,’” he noted. “We look at the timeframe between the moment you deploy and the moment you start writing about that FedRAMP package and when you’re audit-ready.”
For seamless FedRAMP compliance, collaborating with different personnel, including the CISO, CFO and CEO, comes in handy, according to Farris. This plays an instrumental role in unlocking new revenue streams in the federal market.
“The CISO is probably the best persona to engage with, but it varies from customer to customer,” he stated. “I run engineering and product, so I’m usually … talking to and engaging with the CISO. But the folks that cut the check are either the CEO or the CFO that really want to widen that revenue stream that they don’t have access to.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:
(* Disclosure: Anitian Inc. sponsored this segment of theCUBE. Neither Anitian nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)