Will S
Jason LefkowitzHard to read this as anything other than a torpedo directly under the waterline of FedRAMP's credibility
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
"The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services."
Viss@jalefkowit lol compliance
SysAdmin1138@jalefkowit Vendor lock-in is a mind altering drug, to be sure.
Lyons@jalefkowit I have worked for orgs that didn't pursue FedRAMP because of how onerous the process is. Maybe we shouldn't have companies so powerful the federal government just rolls over and lets them fuck everything up.
Dave Wilburn 
Oh, it's an onerous process for sure. The real question, as with any of these compliance regimes, is whether much of it actually does any damned good.
@DaveMWilburn @lyonsinbeta Right now it seems to be in the worst possible place, where it is too much of a hassle for small vendors to afford, but does not provide any meaningful guarantees that the large vendors who can afford it are actually doing anything
Perhaps, but have you considered the benefits to the consulting and compliance testing firms?
Without the FedRAMP jobs program, all of those people would have to find real jobs.
aneel@jalefkowit Yeah. Having worked in a trust & security team at a midsized company that was actively pursuing FedRAMP certification for years, I can’t imagine how my former cow-orkers who devoted a huge chunk of their career to this must feel
Gentleman Programmer@jalefkowit
> But even Microsoft’s own engineers had struggled over the years to map the architecture of its products, according to two people involved in building cloud services used by federal customers.
I never worked for Microsoft but this is familiar to me.