The newly announced StateRAMP Authorized Vendor List gives state and local government IT and procurement officials confidence in their cloud service provider’s data security capabilities and provides a central location for sourcing service providers using or offering infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), and/or platform-as-a-service (PaaS) solutions that process, store, and/or transmit government data.
The program aims to drive consistent cybersecurity defenses across vulnerable state and local government organizations. It is modeled in part after FedRAMP, and is based on a “certify once, use many” concept that saves time and reduces costs for both service providers and government agencies. Like FedRAMP, StateRAMP relies on independent third-party assessment organizations (3PAOs) to conduct assessments.
“StateRAMP will help state and local government agencies improve their cybersecurity posture and drive more consistent cyber defenses. With the ever-increasing cyber threats, attacks, and breaches, participation and expertise from companies including Zscaler is critical to success,” said David Cagigal, Former CIO of Wisconsin. “It is encouraging to see government and industry come together and continually evolve to better serve constituents across the country.”
“Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector. We were involved with FedRAMP from the beginning and are very encouraged to see and support the 'certify once use many’ approach that FedRAMP coined being adopted at the state level,” said Stephen Kovac, Chief Compliance Officer at Zscaler. “FedRAMP and now StateRAMP are excellent examples of how policy driver compliance programs can be incredibly efficient, speed up innovation, and build upon the partnerships between private industry and the government.”
“Zscaler was a fantastic partner to conduct testing the StateRAMP Fast Track process. Their documentation, system information, and audit results were professional, accurate, and provided in a well organized and easy to review structure,” said Noah Brown, PMO Director, StateRamp. “The PMO thanks the Zscaler team for the communication, attention to detail, and for working diligently to answer our questions as we worked through this process.”
As hybrid work continues, state and local governments continue to accelerate digital transformation initiatives. But transformation also increases risk with a dramatically expanded attack surface that must be protected. ZPA and ZIA are the core of the Zscaler Zero Trust Exchange, providing innovations that help customers accelerate digitalization with confidence.
“We’ve completely changed the cybersecurity posture of the State of Oklahoma, with Zscaler playing an integral part of our transformation,” said Matt Singleton, CISO, Office of Management and Enterprise Services, State of Oklahoma. “We now have unprecedented visibility into the environment. We can respond faster and forecast where we may have issues and address those areas before they become a problem.”
ZPA is a zero trust solution that connects authorized users directly to agency-approved private applications without being placed on the network, which dramatically reduces cyber risk. This approach significantly improves application performance and the user experience and reduces the attack surface and the associated risk of malware, ransomware, and other threats. The experience is identical whether the agency application is hosted in the government data center, or in destination clouds such as AWS GovCloud, Azure Government, or the Google Cloud Platform.
ZIA is a cloud security service that transforms networks by delivering cloud-based internet and web security that scales to all users, whether they are on or off network. ZIA leverages a cloud-native proxy to allow organizations to secure all online and SSL traffic. By securely following all users, applications, and devices, regardless of location, ZIA enables a zero trust approach to SaaS application and website access that helps reduce risk and restore compliance.
For more information on StateRAMP, visit https://stateramp.org/