Manage episode 298391779 series 2119173
Tom Fox’s guest this week is Heather Buker. Heather is the Product Manager at Allgress and oversees the full life cycle of development and QA processes. She has spent her professional life in the world of computer engineering until making her way into the cybersecurity space. Tom welcomes her to this week’s show to talk about a new innovation from Allgress around authorizations to operate in the federal sector.
All About Allgress
Heather explains that Allgress is for highly regulated industries such as technology, government, and healthcare. “Allgress in general is a global provider of next-generation audit, compliance, security, and risk management solutions for organizations and their business partners to meet business risk objectives,” she says. Allgress enables organizations to streamline these processes and manage assessment monitoring in a more simplified way, and without the need for a contingent of consultants.
Fed Ramps & ATOs
Tom asks Heather to explain what fed ramps and ATOs are and why they’re important. Fed ramps are federal risk and management programs that are government-wide. The programs provide a standardized approach to security assessments and continuous monitoring for cloud-based services. An ATO is the government giving you the authorization to operate a compliant cloud-based service. ATOs and fed ramps are necessary if you sell your service to the federal government. After acquiring your fed ramp or ATO, then you can focus on maintaining the continuous monitoring that the ATO provides.
How Allgress Maintains Your Federal ATO Effectively
“We're going to give you the dynamic preparedness assessment; we're going to automatically determine your impact level based on a survey; we're going to guide you through [attaining an ATO] step by step,” Heather tells Tom. Allgress completely streamlines this process via automation and creates the audit trail that its clients need. “When the auditors come and they have questions, you're gonna have all of the answers, and it's going to be in the single pane of glass view that Allgress provides,” she adds. Allgress provides all the evidence and policies necessary for when you’re testing to the federal controls.
The Impact of COVID-19 & What’s Next
The pandemic put a spotlight on the need for GRC solutions and exposed those companies that didn’t have those processes in place. It was a reminder to organizations that we never know when unexpected risk may strike, how we may be impacted, and how it may affect our organizational systems. Businesses have to start preparing for unexpected risks within our organizations. Heather explains to Tom that Allgress helps with this by automating organizational and partner risk assessment and leading them in the direction of a recovery plan. Businesses also need to be putting more importance on the usability of their products.
“User adoption is something that's so difficult to achieve when you introduce a new product to your workforce... It's imperative that GRC solutions continue to become more user-friendly and reduce that learning curve so that users are going to adopt the technology more quickly and with ease,” Heather remarks.