Ramping Up Secure Cloud: Zscaler Testimony to Senate Committee

At a U.S. Senate Homeland Security and Governmental Affairs Committee roundtable this week, I was honored to be selected to testify on behalf of Zscaler in support of bipartisan legislation to improve the FedRAMP program. FedRAMP promotes cloud adoption across the federal government by providing standardized security and risk assessments for cloud service offerings based on a “certify once, use many times” approach. Zscaler’s FedRAMP authorizations allow agencies to use our cloud security tools with confidence in knowing that they meet federal security requirements.

Senator Gary Peters (D-MI) chaired the roundtable and previously introduced bipartisan FedRAMP legislation to “make sure that agencies can procure cloud-based technology quickly, while ensuring these systems – and the information they store – are secure.” Senator Rob Portman (R-OH), the top-ranked Republican on the panel, noted that FedRAMP is “the conduit for a standard approach to assessing the security issues regarding cloud services” and probed participants for suggestions on how to improve the program and efficiencies.

David Shive, CIO, General Services Administration (GSA) likewise affirmed the program’s role, “We are relying on FedRAMP to help implement the President's executive order on cybersecurity, to support agencies as they migrate to a zero trust architecture and generally to accelerate the adoption of modern cloud tools that improve agency efficiency, and ultimately the public's experience with their government.” Ashley Mahan, Acting Assistant Commissioner, Technology Transformation Services, GSA also discussed how the FedRAMP program has continued to evolve and progress through the implementation of automation tools and modernizing its processes. 

In my testimony, I emphasized the importance of FedRAMP, and the role the program played during COVID response by enabling the government to more quickly shift to adopting cloud services, which have already been proven and accredited by Federal security standards.

Zscaler supports the Federal Secure Cloud Improvement and Jobs Act (S. 3099) and companion legislation that has already been approved by the U.S. House of Representatives. Importantly for cloud service providers, the legislation encourages reuse and reciprocal treatment by agencies of CSPs’ existing security authorizations. The FedRAMP bill would also boost resources for a small GSA program whose importance for agencies and industry partners has grown significantly as cloud adoption has accelerated across government. 

Zscaler’s mission is to make the cloud a safe place to do business and empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications anywhere, from any device. Like the FedRAMP program, Zscaler was born and built for the cloud. Two hundred billion transactions a day run across our platforms, and we make more than 200,000 updates each day to defend against new cyberattacks identified around the world. That is why we view FedRAMP as an important initiative and built our Zero Trust Exchange on two FedRAMP-High and Moderate-authorized platforms, as well as a Department of Defense Impact Level (IL) 5 certification.

We are proud to be a champion of the FedRAMP program and are grateful for the opportunity to share our experience and support efforts to move modernization forward securely. Find more information and archived video of the Senate roundtable here.