Cloud-based integration for FedRAMP compliance

MuleSoft’s Government Cloud is an industry-leading FedRAMP-compliant cloud environment for building and deploying APIs and integrations with Anypoint Platform. MuleSoft’s US Federal Risk and Authorization Management Program (FedRAMP) compliant-solution enables government agencies to build and secure connections between their applications and citizen data.

Download this whitepaper to learn:

• How MuleSoft’s Government Cloud enables agencies to increase project delivery speed by 3x.
• Why FedRAMP compliance reduces on-premises infrastructure costs.
• How government agencies can develop, deploy, manage, and monitor integrations and APIs in the cloud to rapidly expand cloud services.

The following is an excerpt from our whitepaper. Fill in the form to download the full version.

Cloud-related IT spending represents one of the biggest areas of investment for government IT departments. Agencies at all levels of government have been pursuing Cloud First strategies for a number of reasons, but the speed and efficiency of project delivery via cloud-based infrastructure and applications is one of the most often cited.

While speed is paramount, the cost savings from adopting cloud-based infrastructure and applications do not trail far behind. According to McKinsey, moving to the cloud can reduce IT overhead costs by 30-40%, which, considering the budget size of government agencies, can easily reach tens of millions of dollars in projected savings.

Perceptions are also changing around the security of cloud based services. With cybersecurity incidents involving aging, on-premises government systems growing by 1,120% since 2006 6, what was once thought of as a major roadblock for government adoption now drives greater pressures to update or migrate off of decades old, on-premises systems.

Challenges persist in wide-scale adoption

What many government IT departments have found is that on-premises integration has emerged as a major stumbling block in moving to the cloud. As agency IT teams undergo major cloud migration projects or look to add new cloud based technologies to improve citizen engagement, these projects are added to the hundreds of other managed integrations on-premises. To support all of these needs, IT teams then have to spend an increasing amount of their limited budget and working hours provisioning and maintaining their on-premises middleware infrastructure to avoid performance bottlenecks.

Time for a new approach: integration Platform as a Service (iPaaS)

Integration Platform as a Service (iPaaS) has emerged as a cloud-based integration solution for connecting cloud applications to both applications deployed on-premises as well as other applications deployed in the cloud, and requires no on-premises hardware or software.

Enabling iPaaS in government with our Government Cloud deployment environment

Mulesoft’s Anypoint Platform has long been the leading choice of more than 1,100 enterprise-grade companies looking to design, deploy, and manage APIs and integrations from a single, cloud-based integration platform. Our API-led approach has helped IT teams achieve the speed and agility necessary to drive digital transformation within their companies while leveraging the infrastructure and pay-as-you-go benefits of cloud-based services.

However, government options for iPaaS have been limited to date due to FedRAMP (Federal Risk and Authorization Management Program) compliance standards required for usage in the federal government. Likewise at state and local levels, FedRAMP Authorization provides a level of vetting and trust needed for cloud-based integration of their sensitive data. MuleSoft has been working to address this problem by launching our Government Cloud, the first FedRAMP compliant environment in a single runtime engine designed for government agencies to develop, deploy, manage, and monitor integrations and APIs in the cloud.

MuleSoft has been working to address this problem by creating a FedRAMP-authorized deployment environment for Anypoint Platform, called Government Cloud, that meets the security and compliance standards set through FedRAMP. It is intended specifically for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs).

MuleSoft’s Government Cloud enables the public sector to leverage the industry-leading Anypoint Platform from a FedRAMP Authorized environment for cloud-based integration.

FedRAMP requirements met for MuleSoft’s Government Cloud

MuleSoft’s Government Cloud has received a FedRAMP Authorization at the moderate impact level as of August 2019. To obtain a FedRAMP Authorization, MuleSoft conducted security assessment and authorization activities in accordance with FedRAMP guidance, NIST 800-37. The security assessment was conducted by a third-party assessment organization (3PAO) in accordance with NIST 800-53A and FedRAMP requirements. The security assessment testing determined the adequacy of the security controls used to protect the confidentiality, integrity, and availability of MuleSoft’s Government Cloud and the data it stores, transmits, and processes.

MuleSoft’s Government Cloud environment is configured within Amazon Web Services (AWS) GovCloud. AWS GovCloud is a FedRAMP High Authorized, ITAR-compliant environment with provisional DoD IL2, IL4, and IL5 authorization. MuleSoft has hardened its configuration within AWS GovCloud to comply with FedRAMP-specific requirements to ensure that the confidentiality, integrity, and availability of government data is properly protected.

Security is at the heart of MuleSoft’s Government Cloud

Security is at the heart of MuleSoft, and the protection of government data is paramount. MuleSoft’s approach to cloud security is two-pronged:

• We do not inspect, permanently store, or otherwise interact directly with sensitive government data.
• We provide a highly secure environment in which government entities can perform sensitive data manipulations.

MuleSoft’s dedicated security team follows industry best practices, runs internal security audits, and maintains policies that span operations, data security, passwords and credentials, facilities and network security, and secure connectivity. MuleSoft ensures compliance with our security policies through regular audits. To this end, government agencies will always maintain control over their data, configuration, and workers.

Learn much more from our ebook: “Cloud-based integration for FedRAMP compliance”. Fill in the form to download the full version of our whitepaper.