Inside what cloud service providers spend to get FedRAMP authorized

(Getty Images)


Written by

How much does it cost on average for a cloud service provider to go through the authorization process to sell to government?

Finding the answer isn’t simple.

Providers vary in “size, complexity, and scope,” according a recent Federal Risk and Authorization Management Program blog post by Program Manager Matt Goodrich. But despite the differences, Goodrich interviewed four relatively similar cloud service providers to get a median cost to achieve certification: $2.25 million.

The vendors Goodrich interviewed shared some characteristics: They all owned their own infrastructure, and all went through the old authorization process (pre-FedRAMP Accelerated).

Goodrich said FedRAMP is comparing costs between the two processes to determine if they are getting a return on investment with the new process.

[Read more: Exclusive: FedRAMP embraces the need for speed]

Three of the four vendors were infrastructure-as-a-service solutions, and one was a software-as-a-service solution.

Even though the vendors were similar, Goodrich wrote that their costs ranged from a little less than $500,000 for one to a little more than $4 million for another due to things like bringing in outside consultants to help with documentation and whether a system was originally built to pass FedRAMP.

In the blog post, Goodrich also broke down the overall cost into average costs for five main areas: engineering ($1 million), documentation ($400,000), third-party assessment organization assessment ($500,000), FedRAMP Joint Authorization Board review ($250,000) and continuous monitoring ($1 million).

On average, about half the cost was spent on engineering and half on the process itself. Companies will then likely spend an additional $1 million a year on continuous monitoring, Goodrich noted.

-In this Story-

Cloud, FedRAMP, Tech