ORock Technologies announced that ORock HighCloud, the company’s new cloud service for U.S. Federal Government agencies, received a “FedRAMP Ready” designation from the Federal Risk and Authorization Management Program for both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). This Government-Only Community Cloud is built on Red Hat OpenStack Platform and Red Hat OpenShift Container Platform.
The “FedRAMP Ready” designation indicates that a government approved third-party assessment organization (3PAO) attests to ORock’s readiness for the FedRAMP Authorization process and that the FedRAMP PMO has reviewed and approved a Readiness Assessment Report (RAR). The RAR documents the cloud service’s capability to meet FedRAMP security requirements.
ORock HighCloud is an enterprise-grade cloud environment that provides secure, compliant, and scalable access to IaaS and PaaS services, including computing, storage, virtualization, networking, and performance monitoring resources. It features a flat-rate billing model with no data egress fees for lower total cost of ownership as well as extensive use of open source technologies (hardened and supported by Red Hat) to increase flexibility while minimizing vendor lock-in.
Architected to meet strict government requirements for security, performance, cost predictability, and control, ORock HighCloud utilizes ORock’s private, carrier-grade fiber optic backbone network with dedicated connectivity between all points of presence and no upstream cloud service provider (CSP). Additional security features include ORock’s use of Red Hat Security Enhanced Linux, FIPS 140-2 encryption, and SOC 2 Type II data centers. Managed services are provided entirely by U.S. citizens in ORock’s U.S.-based Network Operations Center (NOC) and Security Operations Center (SOC).
Cloud services that meet the FedRAMP High baseline are intended to process and store the government’s most sensitive unclassified data in cloud computing environments, including data that involves the protection of life, identity, and financial ruin. High Impact data is usually found in law enforcement and emergency services systems, financial systems, health systems, and others in which the loss of confidentiality, integrity, or availability could be expected to have severe or catastrophic adverse effects on organizational operations, organizational assets, or individuals. Information on the security controls involved in FedRAMP’s High Baseline can be found here.
“Earning ‘FedRAMP Ready’ status at the High Impact Level is a critical achievement for ORock,” said Gregory Hrncir, co-founder and chief executive officer of ORock Technologies. “This important milestone is a testament to both the security of our infrastructure and the expertise of our team. It also gets us one step closer to offering our Federal Government customers a FedRAMP High, fit-for-purpose alternative to support their hybrid cloud and multi-cloud strategies, while complying with FedRAMP security mandates.”