Governance, Risk and Compliance, Government Regulations

Kaseya: FedRAMP Certification ‘Not Only Important But Critical’

Share
CI/CD Pipeline

MSP platform vendor Kaseya has begun the complex path to pursuing FedRAMP certification status in a move that it hopes will help MSPs and other customers attract and expand their cloud business from federal Department of Defense (DoD) contractors.

Kaseya is making a multi-million investment to seek FedRAMP certification because it is a critical step in growing the businesses of their MSP customers, the company said in an October 1 announcement. Kaseya provides AI-powered cybersecurity and IT management software and services for MSPs and partners.

Important and Critical for MSPs Serving DIB

“It is not only important, but it is critical and required for any MSPs that want to service the 80,000+ DoD supply chain contractors in the defense industrial base (DIB)", Max Pruger, general manager of Kaseya’s Audit and Compliance Suite, told ChannelE2E.

FedRAMP, the Federal Risk and Authorization Management Program, was established in 2011 to provide specific, strict rules and security standards for the adoption and use of vendor-provided cloud services by the federal government. FedRAMP created secure and protected processes that allow federal agencies to use modern cloud technologies while carefully protecting federal data. The FedRAMP Authorization Act was signed into law in December of 2022 as part of the FY23 National Defense Authorization Act.

For Kaseya and its MSP customers and partners, this complex FedRAMP certification process, which could take six months or more, is a worthwhile effort that could likely help them secure more business opportunities and revenue in the future. Its effects are broad, said Pruger. “Kaseya pursuing FedRAMP provides new and lucrative revenue opportunities for MSPs while providing a higher level of security to their end customers.”

In addition, FedRAMP is required for all cloud SaaS applications that involve controlled unclassified information (CUI), he said. “Without FedRAMP, MSPs will not be able to support their DoD customers.”

Kaseya is pursuing FedRAMP certification across its entire software stack, said Pruger.

The FedRAMP approval is also important for MSPs as the U.S. government is continuing to roll out a wide range of other Cybersecurity Maturity Model Certification (CMMC) and other compliance certification requirements that vendors will have to follow to secure business with the DoD and other government agencies.

Any cloud software from a vendor that deals with CUI must meet FedRAMP requirements. Kaseya "is one of the first MSP-centric platform vendors to make a tangible commitment to achieving FedRAMP authorization," said Pruger.

Kaseya Bringing in FedRAMP Expertise and Consultants

To help with its FedRAMP certification efforts, Kaseya has also hired Jon DePerro, a former counterintelligence officer for the U.S. Army, as its new VP of FedRAMP and Compliance. DePerro has more than 20 years experience supporting and building compliance procedures and systems, according to the company. 

Kaseya has also hired cybersecurity and compliance services consultant and third-party assessment organization (3PAO) SERA BRYNN to guide it through its pursuit of FedRAMP certification. Under the FedRAMP process, cloud service provider (CSP) applicants must be audited by a 3PAO to ensure that they meet the FedRAMP standards before they can provide cloud services to federal customers.

Analyst: FedRAMP Certification is a ‘Smart Strategy’

Shelly Kramer, the managing director and principal analyst for SiliconANGLE Media and theCUBE Research & Advisory, told ChannelE2E that Kaseya’s FedRAMP plans are part of its broader growth goals in a competitive marketplace.

“Pursuing FedRAMP authorization is a smart strategy for any company … because U.S. federal agencies are required to use only certified cloud services,” said Kramer. “Vendors interested in FedRAMP certification must undergo extensive testing, interviews, and examination by 3PAOs demonstrating the data protections their organizations provide. It is simple: If you want to do business with the feds, FedRAMP certification is key.”

At the same time, over the last few years, Kaseya has made concerted efforts to grow and scale by way of acquisition and “is likely on the IPO track at some point in the not-too-distant future,” Kramer said. “As a result, expanding capabilities and being able to extend its customer base into the federal sector is a smart, strategic move.” 

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.