The FedRAMP ATO journey can be daunting for many Cloud Solutions Providers. From understanding the time and cost investments to understanding how to meet the compliance requirements, it can seem like a never-ending uphill battle. But there is a simpler, faster, cheaper way to achieve your FedRAMP ATO!
Speaker 1: On behalf of Rackspace and Carahsoft We'd like to welcome you to today's podcast focused around growing your government business faster. Where Lorenzo Winfrey and Mike Eppes, Senior Product Managers at Rackspace technology will discuss how to achieve FedRAMP and add value to your solutions quicker, cheaper and easier.
Leslie Rogers: Thank you so much, Sierra. And thank you, everyone for joining us today for our Rackspace tech chat hosted by Carahsoft. My name is Leslie Rogers, and I am the public sector marketing manager at Rackspace technology and I'll be moderating today's discussion. Let me introduce you to our speakers. With us today from Rackspace, we have Mike Eppes, one of our Rackspace Government Solutions Senior Account Executives, the federal cloud guy and our resident reverend of cloud, who has worked across the federal sector with companies like Dell and DLT, to create and execute federal cloud strategies. He holds AWS and Azure certifications, and has the extraordinary ability to get anyone and everyone excited to talk about all things cloud. And we also have with us today, Lorenzo Winfrey, a Senior Product Manager for Rackspace Government Solutions, with the amazing talent of making a product discussion totally not boring. He's an AWS community builder and a 13 year Defense Intelligence Agency veteran, where he led the cloud broker team comprised of 30 personnel responsible for setting project priorities, program management, and managing commitment of sponsors, stakeholders and resources in the successful migration of 50 software applications to the AWS cloud over a two year period. His team's work represented an impressive 222% growth in DIA cloud footprint, improved application performance and availability across the enterprise. So basically, this is the guy you all wanted to sell your solutions to. So he really understands both sides. And once again, we encourage you to drop your questions in the chat as we go. So just to set the stage for you remind you why you're here, with Bloomberg estimating the federal government cloud spending over $8.5 billion by fiscal year 2023, cloud solution providers that as you all have an incredible opportunity right now for substantial growth in the government space. But with a traditionally cumbersome and expensive federal aid to process as we all know, how can you fast track your way to process and position your business for success? That's what we're here to discuss today. So I thought we'd get started with our conversation with really setting the stage around FedRAMP. And why it's so important, and also why it's so challenging. So here we go. A lot of agencies look at FedRAMP. And its security controls at low, medium, and high levels as an end game for cloud solutions are the ceiling rather than the floor. And that's not really the case. So Michael and Renzo, can you guys talk a little bit about the importance of FedRAMP as the foundation for cloud service offerings, and why it doesn't just end there. So Zo, we'll go ahead and get started with you.
Lorenzo Winfrey: Excellent, excellent. So definitely, I think that's a great question. And as you see what you know, what the federal government is trying to do with FedRAMP, and trying to kind of turn it into that this foundation for where they want to see a cloud and kind of SaaS solutions going on to make sure that we can access those things in a secure manner. From my time in the government, I think that a lot of government is sometimes slow in adoption, they always get there, right. And so this is kind of one of those things, one of those transitions, one of those major transitions, where, if you're an organization that sells to the government, you don't want to be on the wrong side of this curve, right. So they may be a little slower and adopt in commercial, but they will get there, they will shrink the footprint in terms of their on premise part of their portfolio. And they will be looking to shift that to the cloud. On that, you know, it's been a major press going on at think everybody knows now for maybe five, seven years now. And so thank you want to definitely be there on the front side of this wave to be able to shape the conversation, and to be able to kind of help the government understand the value of your solution sets.
Mike Eppes: The most prized possession that that our government has is that data. And so as the train starts to leave the station, and as we start to move down this path to cloud, as Rachel says, we may not be there, but guaranteed we're going to get there. And so this idea of standardizing that security posture, that security profile is not only a good thing, it's a must and so for our ISVs or for our commercial companies that are looking to get into this government space. It's one of those things where it's why we exist as rack spaces, is how do we help them get on boarded this train and start to create that security posture because not only are there a lot Security that's it's called out today. It's where we're going. Right? So it's not where the puck is today, but where it's headed. And so FedRAMP is a process. It's not a destination. And so we believe in security. We've built our platform around security, but not with security today in mind, security is where the federal government's going as well.
Leslie Rogers: So our next question, which is a little bit of a follow on to the first question. So even if FedRAMP is codifying into law, this time, which there's been a lot of talk about that processor, do you think there really are going to be major reforms of the program or probably not going to shift a lot? Mike, what do you think about that?
Mike Eppes: Yeah, so I think the law that's being positioned now is good, I think there's some things that we would obviously like, we can hope for, as a building block. Reciprocity is not necessarily a part of this. And so which drives all the more that our commercial partners want to really prepare for this, because it's not a true do once and repeat. Because it's not reciprocal across agencies just yet, that we want to kind of prepare our security posture a little bit broader, if you will. And so even though I think that the law is good, it's not what we're going to go. It's not where it's our final destination. Let's say that.
Leslie Rogers: Zo, do you have anything to add to that one?
Lorenzo Winfrey: Yeah, no, I mean, I definitely agree. Right? I mean, the government, when it comes down to it, in terms of the rules and regulations, you know, a lot of times they are they like the way they do things, right. So there, I think there's a lot of statistics, I think it was reported a couple years ago about how much of the portfolio today, or agencies are leveraging cloud services that aren't authorized, right. And so as that starts to become more codified and more clear, you just got to believe that that's going to help drive agencies to adopt fairer and more broadly. And as you have this kind of transition and change in regard across the government as well, they're going to want to see the same things that they see in the commercial space in the government space, which is one of the things that I made a big focus on is why can't we do it the same way. And so I think there's just going to continue to see that trend over the next few years.
Leslie Rogers: So every year, we see that there's a greater emphasis on moving to the cloud and adopting cloud solutions and applications. So why is now any different from in the past? And why is it even more important for cloud solution providers to find ways to accelerate getting their solutions FedRAMPed?
Mike Eppes: Yeah, I'll jump on that one. So obviously, COVID is really expedited A lot of us, right, there's a lot of need to consume these cloud resources, budgets are aligning to that. But even cloud budgets are increasing. And so this push and this drive for cloud is bigger, better and more advanced than it's ever been. And so that starts with the obvious. The other two, I think, that are important. They're just kind of the obvious things. If you're a commercial vendor, or an ISV, wanting to sell the government, there's two things that you probably care about the most, it is the mission, because it's somewhere we hope that inside us we care about this mission, the government, but it's also about money, right. And so there's an opportunity in a market that has probably been locked into yet. And we'll talk a little bit about it later, but 230 turn 18 platforms or software's out of the 12,000 that are there, there's a great opportunity to impact mission and to be able to impact money, if you will.
Lorenzo Winfrey: Agreed, Mike, I mean, I think that, you know, obviously COVID has been a major driver. But the interesting thing about that, I think is, you know, there have been folks throughout the community and agencies making the argument that we can do things differently than they've ever been done before. And you know, there's there was there was hesitancy, hesitancy there. And I think COVID is forced a lot of those kind of ideas to come to fruition, and what have they learned, they've learned that it's true, they've learned that they can be more agile, that they can be more mobile, and they can deliver solutions that not only are able to meet mission needs, but are able to leverage latest technology, I think that cat is, is out of the bag. And so I think now you're going to see more and more of that and trying to get that value. Right? Because, you know, as Mike mentioned, you know, ultimately, it's about the mission, right? It's about delivering solutions and supporting the mission in a way that is both economical, and that in a way in a way that allows organizations and agencies leaning forward. And cloud solutions are what's going to do that, and making those solutions more broadly available in a way that agencies understand that they've been vetted from a security perspective, which is always, you know, a major, major concern during that last one of the things that favorite program does, I think is going to make it much easier to transition those solutions into the government and then from there kind of expand out adoption. And then kind of that second thing and I don't want to miss it is there is absolutely a changing of the guard. As far as decision makers in government are getting younger. Right? They've grown up with a lot of these solutions. And they want to drive that same innovation and technology that they see at home and they've grown up using it into the government space.
Leslie Rogers: Great answer. Thank you. Alright, so let's talk about the journey. So February has traditionally been a very long, very expensive and often painful process. I've been through it with companies. And, you know, I think a lot of people here have had experience with it. But, you know, especially for smaller companies who may have an incredible solution that government could really benefit from, but don't have the resources to invest in FedRAMP. I'm going to kind of walk through a series of questions to ask you to walk us through an overview of the process some of the major challenges that you've seen over the years, and then let's talk strategy and how Rackspace services and solutions can help cloud solution providers address those challenges. And I definitely don't want to forget the benefits. Like when we promoted this tech jack, we really talked about some specifics like saving up to 70%, monthly operational savings and achieving FedRAMP readiness in as little as weeks to months. So I definitely want to make sure we're getting to the good stuff. So let's start with a 10,000 foot view of the process. Where does it start? And what are the most common things that are overlooked or mistakes that are commonly made during the start? The big blockers that ultimately impact the entire process? Mike, let's go ahead and start with you.
Mike Eppes: Yeah, good. Good question. First of all, say I think the PMO office has done a really good job of educating our community on what FedRAMP is the process, there's a lot of documentation on the PMO office. But with all that said, in my experience, what I've seen is that oftentimes, the mission is important. And we believe that people care about the mission, but they start to see the money. And they start to see this massive business opportunity in their eyes get really big, and they get super excited. And they go to their CFO, and they say, hey, all this business, we went to the marketplace, there's no other competitor, we want to talk to this market. And it's a Yeah, let's do it. They jump into it. And that's where the mistakes kind of start with this big guy. They show up and they go, Hey, we're ready to FedRAMP what's it going to cost? And by the way, I've got an RFP that's due in two days, and said, Well, everybody, everybody puts the pause button on it says, Well, we've not even done what we would call a baseline assessment. Oh, don't worry about the baseline assessment. Oftentimes, we've been building this application, it's super secure. And so we feel really good. The government's going to accept this. And it's cute, right? And all babies are cute. And you don't say that babies are ugly, but your baby's got a mole somewhere that is obvious to everybody. But you. And so what we see oftentimes is that for everybody a pump the brakes, there's, there's a path forward, that's going to get us there, and it's going to save us a lot of headache, make no assumptions. And let's do and Rackspace offers this a baseline readiness assessment, to start to look at the big showstoppers. Let's look at the tooling that you have. Let's start to look at the level of effort it's going to require let's look at your own internal cost. Let's help build this business case that understand not just can I get there? How much is it going to cost me? How quick can I do it? What's the level of effort who in my organization needs to be bought in and then kind of kind of scale out from there? Lorenzo?
Lorenzo Winfrey: I think you hit on something there, Mike, in terms of alignment across the organization, we see this a lot. And it happens. You know, it just kind of sometimes happens organically, sometimes there's a change in organization. But you get out of alignment from organization perspective, right. And so the business case has been made. And you just find that at a tactical level, you're just little bit out of alignment at the at the decision level. And that causes things to spin. So we think it's very important to build that strong, build a strong business case and to confirm, as you have alignment across your organization that FedRAMP and, and these high levels of compliance is something that you want to pursue. I think we also see a lot of times that organizations just significantly underestimate a monitor documentation that is required. You know, it just I mean, there's just a ton of documentation that has to be done. And whether that is just kind of how the system works, how to interconnections operate, you know, just all of these kinds of things. And I think that in addition to the things that organizations are often already doing, they definitely under underestimate the additional workload. Of course, that's something that we help with. But that's definitely something that is a major, I mean, you're talking you're talking about, you know, nearly 1500 pages of documentation in the weeds detail about how your application or solution operates, how it communicates encryption, that, you know, all these details, that a lot of times just gets taken for granted. We definitely also see that kind of lack of in house expertise, right. So a lot of times you think that hey, well, we know we've got a team that does this, right. But, you know, it's kind of that initial question about this is kind of a marathon right? So, you know, that continuous monitoring component, right? You know, do you have a robust organization that is going to be available to actively manage all of the requirements related to the favorite program with a 24/7 365 basis, you know, just I say make sure that you will possibly do that. So, it's definitely a number of things that we’ve seen customers run into, and it slowed down. And that's one of those things that we specialize in helping customers avoid.
Mike Eppes: And, Lorenzo, I think you said it. But one of the one of those big gaps is this lack of in house expertise, right, because most of our partners are really good at their mission, their business for their application, and they know it really well. But there's a whole other, and they've written wonderful code, and it works flawlessly. But there's a whole other set of in house people you need to creating policies and procedures that maybe otherwise wouldn't be associated with a commercial partner that we would see with our government agencies.
Leslie Rogers: That's a great point that both of you just brought up, because I've been through that process with a company two years, $2 million. But the commercial side just didn't understand that every I had to be dotted and T's to be crossed. And there's no shortcut around it. And so we had paperwork constantly coming back. So those points are incredible, because I think we all know what it's like to, you know, kind of you have the commercial side, and they may not really understand that this all has to happen a certain way. Right? In government.
Mike Eppes: Right. Well, listen, time is money. And so even if you account for the tool sets, and the actual cost and the physical hardware or whatever, time is still money. And so having to like you just said, Go back and rewrite documentation or retool things multiple times, not only delays, your time to value, but you know, in the delays the entire project. So getting that right from the beginning, I'm convinced this the most. And I'm not going to go say the most important factor, but it's the most important place where we begin.
Leslie Rogers: Awesome. All right, so what is the thing that takes the most time and effort? It's, it's a long process, right? But having been through this, what is the thing that takes the most time and effort? What's the hardest thing to account for when you look at time, effort cost? And you know, what is really driving that in that process? Zo, why don't we go ahead and go over to you to get started this time?
Lorenzo Winfrey: Definitely, definitely. I think that you got to commodity gate in the whole kind of security and compliance component of it. It is a massive, massive undertaking. And it's definitely one of those things that it's very difficult to kind of really account for, like it talks about those until you really get into it right until you start to dig into, particularly from a and I suppose it's a good component, right is, you know, FedRAMP is, you know, the whole the whole program. And the composite program is built around the concept of controls, right. So the security, you know, the security frameworks that your application or solution has to meet. And you have to be able to describe how your solution meets each one of these controls. And in a particular way, in a very detailed level, it's a little bit deceptive, because a single control is actually most of the controls because they have to be applied across your entire stack. So a perfect example of this right there. There's multiple password complexity requirements, password type of requirements. And so that requirement has to be implemented at the network level, right? It has to be implemented at the application level at the database level. So you're taking one control, but it has an impact across multiple levels of the stack. And so now you're having to coordinate with multiple teams, right? So now you got this initial team that's likely leading the favorite authorization process. But now you got to get your network guys, and you got to get stored guys in the room, right? You got to get all the guys in room and say, Hey, any of the infrastructure related to our FedRAMP authorization has to be configured in this way. And so it just turns into this bigger and bigger kind of undertaking. And I think that's one of the main things that we see where it you know, customers underestimate that lift and the level of coordination that has to happen. And you know, particularly with some of the larger, more complex solutions.
Mike Eppes: Yeah, I want to almost even back up and say it again, you know, a lot of folks will come to us and go, well, why do I need Rackspace? And we'll talk about that, because I have AWS and AWS is FedRAMP certified. And, and I take them to this real simple statement. And within your baseline AWS training is AWS makes a statement, we secure the cloud, you secure in the cloud, which says the thing you're going to build your application, you're going to build it on something, you are responsible for securing that boundary. And it's that boundary, which is the thing that people often misunderstand. Where is that boundary? Where are my responsibilities? And how does that work? And so Rackspace kind of steps in, and we say, look, if you were to kind of step up, sorry about that, if you were to step up and you say, look, you can inherit your AWS infrastructure, and you can lay your application and AWS is good at what they do, and you're good at what you do. But what about all the security that happens has to happen in the middle? One of the hard things that people underestimate is and most of our guys are partners under Standard data center. But the complexity like Lorenzo talked about just password authentication, and how it has to work itself all the way up through the stack to all parties involved, you know, your ITSM integrations, right, all your patching and your update and all that. And so there's this gap between this great, unbelievable infrastructure, and your unbelievable really good application with a great mission. There's a gap. And so with Rackspace, we say, Look, that's the thing we solve for and that's the thing that that we helped simplify your life for. So if you come to Rackspace, you say, look, what are the biggest things people mistakes they make? I'll just say, I think one of the largest mistakes they make is trying to build it themselves. It not only that complex, but super expensive. And so for us, within that little red zone, there becomes the majority of the showstoppers, the majority of the showstoppers that people struggle with exists within that zone that Rackspace, quite frankly, is pre-built out and can provide at scale. Zo?
Lorenzo Winfrey: I definitely think you hit the nail on the head there, Mike, always talk about, you know, anytime I'm going to a conversation with a customer, I was talking about core competencies. Now this thing back when we were out of the new government, we talked about a lot is like, what do I really do really well? And what functions are kind of tertiary to that? And how do we do more, and this is actually a driver about cloud adoption across a government, right? So I think is very apropos here, right is allowing the customer, right, allowing people who build great software, build great solutions, to focus on their core competency, which is doing that. And the rest of the things are not necessarily things that are in their core competency. They're just things that they have to do to deliver their core competency. And so we say, at Rackspace, hey, those things, right, the command, the infrastructure management, right, the continuous monitoring, all those things are in our core competency. And so we allow our customers to focus on building the best solutions, right? Do they possibly can delivering you know that that high level of customer experience to the customer, and we take care of kind of all those things that we kind of see here in the slide all those things down from the virtual list down, that are just things that you need to do to do the thing that you really want to do. So we definitely want to let our customers focus on the core compsci, delivering great solutions, and not have to worry about anything else and kind of transfer the risk related to all those components you see there over the red space. And let us take care of it.
Mike Eppes: I love what you said this can almost be a checklist of core competencies. In other words, if one of our partners said I'm not sure if I should build it, if I should buy it, or some hybrid approach, great. Here's a baseline assessment, you can take say, what's my core competencies? You know, do I truly want to tell my son Hey, I know it's your birthday, but I've got a major patching I've got to go deal with? Or do you want Rackspace to deal with that, and you get to really get family time back. But seriously, though, you, you get to go through that list and say, Look, the thing that probably matters the most. And the reason people went and started going to AWS and what's been so successful is because they developed a core competency, and they could guarantee certain SLA s. And so these are goals that go with that. And what Rackspace has done is said, look, we've taken that security and management compliance layer. And we've offered it to you as our core competency, so you only have to worry about what's happening at that top layer, which is your core competency.
Leslie Rogers: So in addition to helping the cloud service providers who are just starting this journey, never been on it before going through the process for the first time. What about there are a lot of other cloud service providers out there that have maybe, you know, been on this journey, and you know, have been thwarted in their efforts, they've fallen into some of those pitfalls, they need to restart. But they're like, I don't need to go back to square one. So you know, how do you advise people who are like starting from the beginning, but also those people who maybe don't have to go straight from the beginning, go all the way back from the beginning, but have some things and, you know, they just need to kind of get back on the path? Zo, why don't we go ahead and start with you on that one?
Lorenzo Winfrey: Great question. And I think this actually goes back to something Mike said a little bit earlier about, you know, one of the common mistakes that, you know, we see is right, really doing it yourself. Right. And so I think one of the things that we doesn't want to do is to leverage MSP, you know, like Rackspace, to help do those things, right. So you know, the fact that we're authorized our sales mean, we're familiar with the process we go through every, every year ourselves. So you know, we're not telling you things that we don't know about, right, we've, we've run this race, we run this marathon, we're here to help you get in shape, and help you run that marathon as well to make sure that you get across the finish line. So I definitely think if you've been through the process, if you feel like you're stuck, or if you've been through the process before and it didn't quite work out thing left. And MSP is a thing that you can do to significantly increase your probability of success because now you have a third party who is interested and committed to your to your success right now we want to get you over that we want to get you over that hump. We want to get you over that kind of finish line. And so now you have the resources of both your organization and that organization, they help you do all the things that you need to do, you know, in terms of being able to get authorized and to make it. And so by doing that kind of goes back to the point we made previously, as well about that allows you to then lean into your core competency, right? The things that you do the best when you know that you have a partner on the other side of that is handling those things that are outside of your core competency that allows you to put, put the full scope of your energy and creativity into the things that do fall within your core competency, which I think is a much use much better use of your time and will generate more value for organization. So I think that, you know, those are kind of definitely the two things that that jumped out to me, the gate. What about you, Mike?
Mike Eppes: Yeah, so one of the things I think about are those folks that went through the process, they got their CTO, they've got all their wounds, they understand it was difficult, but they finally got it. And they really thought we're going to go real big here. And we're going to start adding, and then for whatever reason, the business didn't come or just didn't come just yet. But yet they've got these massive year over year costs. You know, they you know, you look at the 24 by seven 365 support, and all the conman that comes along with all that they're absorbing that for that one contract, and the CFO is knocking on the door going, you remember that big, big business that you built? Well, it's not there, and I'm having to write big checks. And so you get you Rackspace gets to still become a unique partner, it says, look, we take what we've done, we've got most of the way to, I think we're up to 17. Now. And so we're able to take what we've done, you can leverage that we can replicate that on your behalf. And so all those costs that you had to build for you, and by you, you now get to offload and so we get to kind of pick up where you're at today. And then take the ball and run it to where you're headed tomorrow.
Leslie Rogers: Great. All right, now we're gonna get into it. Right? Can you talk specifically about Rackspace, government cloud solutions, and managed security services, how they help accelerate the federal aid to process and those main benefits? So Mike, we're gonna go ahead and start with you on this one?
Mike Eppes: Well, you know, I feel like that kind of dovetail into what zone I've been talking about. And so at the risk of repeating ourselves, I really think our process is fine tuned. And I'll just say, from the very beginning, from a partnership of saying, look, we've seen enough of the same mistakes, the mistakes that pm office has seen, and then the mistakes that we've seen our own, let us partner with you, and let us help you do that assessment, let us help walk you through a little bit slower, I can show you at the at the risk of being oversells II that we have a developed true process, and a developing group of partners that help us kind of manage through this. And I'll just say soup to nuts, from your first gap assessment, to workshops to help educate you on that all the way through an environment that comes with documentation already has ATOs that you can inherit, to really expedite. So in four steps, we expedite what is an 18 month plus process to not to not just help you, you go get you audit ready, but we provide you all that you need to be audit ready. Zo?
Lorenzo Winfrey: You know, coming out of the government space, I think the one of the you know, big things is, you know, we used to have, I think with former CIO and Intel, you know, and he's talk about, you know, the concept of, of kind of do once use many, right, you know, efficiency component. And so that's when we start talking about controls inheritance, which is definitely a major benefit here. And in Foundational Concept, kind of the fate route approach, you know, in and of itself, right. So when it comes to those controls that 325 controls, you have to be at a moderate level, and you know, 400 plus that you have to meet at the high level, you can either be responsible for all of them, and have to kind of, you know, build that whole kind of business case and infrastructure from ground up. Or you can work with a partner, and you can inherit those controls. And so when we talk about parents, because I think this is like a thing that isn't really talked about enough, it almost seems too good to be true. But it actually is, right. And so we talked about that chart, that kind of that other, you know, 80% of things that you're responsible for, right? So if you're on top of AWS, and they're doing their thing, and they're allowing you to hair to controls at the physical data center level, and those other at that other 80% of controls, right. So those passwords, encryption, you know, all these kind of things. Controls inheritance allows you to say that, hey, if you're on a managed service provider solution such as ours, you can literally, you know, check a box and say, we're inheriting that from Rackspace. And, you know, that's that, right, because we've already been authorized, we've already been assessed to take care of that particular component. When it is time for your assessment. You know, it's out of scope, right? They don't they don't have to look at it that stuff because say, hey, Rackspace, is authorized, that's taken care of, we're just gonna focus down on this kind of 20 you know, this this this smaller layer of Things that you're actually responsible for. And I think that that cannot be understated in terms of the amount of value that generates in terms of time to market. So that's just things that you don't have to be assessed against, which will help you get there faster from that perspective. And then from the cost, right, so the cost of being compliant with those controls, right? Rackspace has already made those investments, right, a node certified has already made those investments. So now you're able to jump on top of that piggyback on top of that, and then use that to accelerate your go to market which I think is really important. And then another thing, definitely want to make sure I mentioned is that beautiful part about this approach is that as the managed service provider kind of moves up that stack of compliance, right, so whether you're talking about different levels of FedRAMP, whether you're talking about DLT, SRG, impact level, right? As we move up that stack, our customers are able to basically make use that same benefit of inheritance, to say, Hey, we're already on a complete solution here, which reduces the scope of things that we now need to be compliant with, for us to achieve that same level of higher authorization as well, which I think is a major value add.
Mike Eppes: Yeah, I would agree. I mean, I look like the same thing that that our software partners are wanting to do is provide their software as a service, we've done that a little bit at a lower down the stack, and we're providing FedRAMP as a service, we're providing managed security and compliance as a service. And so the thing you're trying to do to make their life easier. So they don't have to onboard an application on prem, they'll have to manage the application on prem and all the security associated with that, we're providing the software vendor, the same thing. We're saying, look, we're going to provide you all that you need for your FedRAMP not just the code for you to go do it yourself, not just some document that right that you can you have to go tweak, we're going to provide you 80% of that all done for you all risk managed for you, all compliance managed for you, all of that coming with the majority of that 1500 page document that is super detailed, and that your three CIO will be super detailed about doing the other thing and, you know, kind of the shameless plug of this is, it's, I think it's super important to this. We've done all of that. And I'm going to make a statement that that it's free to be challenged. And I'm free to be wrong. So let's make sure that we have that. But as far as I'm concerned, commercially available, there is no other AWS or VMware that's in two flavors. We built this on commercially available FedRAMP managed secured environment, right, so you've got a great FedRAMP AWS environment that exists out there. But it doesn't mean that it's managed, we go back to the gap, we filled that gap wrapped a boundary around it that you get to take advantage of leading us to be the only AWS commercially available FedRAMP managed compliance environment.
Lorenzo Winfrey: You mentioned in AWS. Right, so reference government cloud on AWS. And of course, we have our private cloud option. But that kind of piggybacks into another component, which is, as part of our AWS solution, we also have a solution. I think we're in the middle of kind of changing a little bit, but it's called Rackspace teams, for AWS, the thing that is super unique here is so in the government, right when I was running our cloud broker team, and we were trying to migrate our sales to cloud from our on premise data center and kind of wind that thing down, the big challenge became having a talent like, Do I have the actual talent, the actual expertise, people familiar with the technology that will allow me to actually do this in an effective manner, and in a reasonable amount of time, and in a government with kind of all the hurdles to that? You know, it definitely was not an easy thing. And so what teams does is it gives you an expat access to a pot of rackers. Right? So Cloud architect, cloud engineers, folk to have world class expertise, when it comes to building our solutions in the cloud, and it puts them at your disposal. So if your organization that either feels like you don't have, you know, you want to do it, but you feel like, hey, we maybe don't have that expertise, that level expertise in AWS. And that's something that we can combine here to help you do that at a world class level and in a compliant manner to help you get authorized. So I think that that's definitely another huge benefit.
Mike Eppes: And just to kind of wrap all this up, Leslie, one of the things that we just launched in AWS Marketplace is a baseline configuration. When you go back and you look at we kind of talked about those big showstoppers having this baseline configuration. So we built that. Zo was a part of building that getting that on there. I just think it's super important for even people say, what is this Rackspace thing, right? And how does this whole thing work? You can even start to test drive some of the products we have in the marketplace today, where they're based on configuration. Zo, do you want to share a little bit more about that?
Lorenzo Winfrey: Definitely. Excellent point, Mike, so Rackspace Government Cloud Secure Configuration Baseline, we actually launched that into the AWS Marketplace this week, we have flavors, and for Windows 2016, 2019, and REL seven, and we've basically gone in is based on the same infrastructure and same kind of paradigm that we built our existing operating system baselines on it, we use in our favorite environment today. And anybody who's ever had to stiga image, know that it is no fun. You know, there's just a lot of just Nuance to it, I tell my guys that did it. For me, it's an art. And we've taken that art, and we've wrapped it up for you and drops it into a nice little package and AWS Marketplace, that you can definitely spin up and try for yourself and kind of, you know, see, you know that what we're doing in that space and kind of see the value that we're generating there. So we're super excited about it. And, you know, hope everybody will check it out.
Leslie Rogers: We know that ATO was not the end of the journey, as much as everyone would like that to be. Can you talk about what ISVs can expect post ATO with Rackspace? Zo, why don't we go over to you to get this one started?
Lorenzo Winfrey: So this is one that really excites me, you know, like, say, coming out of the government, and having different teams supporting you. One of the things that attracted me to Rackspace and attracted me to, you know, it really made me appreciate our solution set is, you know, kind of a metaphor I used before, right. So you know, it's not necessarily a sprint, it's a marathon, right? FedRAMP compliance is a marathon, you have to do what you need to do to prepare for it, you have to get compliant, and then you have to stay compliant. And one of the things that I think really separates Rackspace is our ability to stick with you throughout that entire journey, you know, when it's in terms of consultation and advisory on the front end, and in terms of helping you solve, you know, worth the meaning of technical issues that might occur during the actual build out and authorization process itself. And then after that, we stay with you, right, we help you stay authorized, we're constantly available to you to provide a consultation, that advisory, to help make sure that your solution is leveraging the latest technologies and doing that in a way that is going to be compliant. You know, we also as we expand our existing solutions, we're also there with you, right to push you and make sure that you're aware of the latest technology and the latest changes in technology to understand kind of how that fits into your solution. So I think that that's one of those big things is that that we're there, you know, we will be there. And then of course, we're going through that process ourselves every year. So we have firsthand experience. So we can help you navigate that process. And make sure that you're doing that in a way that gives you the best outcomes.
Mike Eppes: Yeah, I would just reiterate the same value we bring when you're providing and preparing for your audit that you inherit all of that. Remember, you continue to inherit that. So all that work you have to do and that every single year when you have to go through your reorder, we're going to Rackspace is doing it as well. And you continue to inherit that hair, the workload that we're putting in, you get to inherit all of that. So we become that extension again, of your team and your efforts.
Leslie Rogers: Great. So how can working with Rackspace for my FedRAMP it to also be beneficial for evaluating additional compliance revenue past like CMMC and StateRAMP? Zo, you want to get us started on that?
Lorenzo Winfrey: That's actually a good question. And it goes to candidates, you know, this, this this concept of building the foundation, right, and then just building on top of a strong foundation, right. So as you look at CMMC, what's going on with CMMC and of course, we're waiting for DOD to the kind of fully finalize out of those details, but we, you know, we do understand that they are looking into the concept of reciprocity with fair rap and how they can make that effective. And not to create, you know, too much additional strain there on like I said, we've, of course, had conversations with the, with the working group on that DHA kind of help have discussions there. And so, you know, they said a major benefit, of course, is that at some point, none of this work is in vain, right, you're able to leverage the existing investments that you've made, and that we've made to help you accelerate your compliance there. So I say we're still working on details on CMMC. But you know, everything that we've understood to this point is that we'll be able to build on other things that we've already done to help get us to those things faster. And then kind of the same thing with state rep. And that's another kind of just major area there where you've seen the, you know, a lot of states start to adopt kind of that fear around cost stroke and start building into their contracts. Right. And so now there's this huge movement of state round with a kind of just doing it themselves and kind of wanting to kind of put their own flavor on. And so that's another one of those areas that of course, we see a lot of opportunity there. And now we're tracking for like, it makes a lot of sense. And we absolutely feel like then the investment in the foundation that we have today with FedRAMP is going to be well positioned to accelerate compliance in those areas as well.
Leslie Rogers: Zo, do you want to talk a little bit about Rackspace as a CMMC RPO?
Lorenzo Winfrey: So Rackspace is a registered provider organization. Meaning that we can definitely help you from an advisory perspective in terms of looking at level of CMMC class, you're targeting and working out and build on the planet, on how you can achieve that. So that's something we can definitely do, and of course, just fits directly into our wheelhouse of kind of manage security, security compliance to date. You know, of course, you know, we definitely are monitoring, seeing and seeing and tracking it, you know, it's something that's going to have a massive impact on the way that business is done with the Department of Defense, Katie Erickson's been very kind of vocal kind of on that, and how do we position the defense industrial base to be able to continue to do what they do in terms of service and providing capability to DOD but doing that in a secure manner. And that's something that we're definitely ready and available to help our customers start to prepare for DOD to make sure that will pass.
Leslie Rogers: And, Mike, there's something interesting that I've heard you kind of talk about in discussion. And there's so many incredible cloud solutions out there. And yeah, we look at advancing the mission of our public sector customers. And so it's incredible to be a part of that journey. But then as the solutions come to bear, we've actually been able to work with some of those cloud solution providers ask partners to help bring those solutions forward. And you want to talk a little bit about that?
Mike Eppes: Well, so I think we have a great ecosystem partners, right. So when we have our partners come to us, and we help onboard them and help them through their ETL process, the relationship, and the journey doesn't just end with security, compliance, and FedRAMP, it moves on into the sales cycle. And so we have a full sales staff and sales team that are dedicated to say, hey, look, we want to not only just introduce you to our other sales partners, that are obviously incentivized to make sure that you're successful, we want you to be successful. And so as we're doing our own calling of solicitations and needs, inside our federal agencies and federal government, we want to bring to bear this portfolio of our unique partners. And so we're always excited when we get to talk to ISV partners, because we know there's another potential to add them to our capability. So not only are you leveraging our capability, we're then going to in turn leverage your capability to present a mission assault for our government.
Lorenzo Winfrey: That's, I think that's a really great point. You know, we have definitely a really great partners at you know, VMware and AWS. And that is, I think, a big point to ISVs that are that are going to, you know, potentially work with us is that I always say there's, there's, there's something to be said for having, you know, third parties committed to your success. And that's what you get with Rackspace, government cloud, right? You, we're committed to your success. And our partners are committed to your success. And so you have multiple third parties working on your behalf, you know, to help make sure that you are successful, and that you that you stay successful. I think that cannot be kind of that cannot be understated. You know, I think that our ecosystem, the ecosystem that we've built, is second to none. And that entire ecosystem is deployed in support of you, which I think not a lot of people can say.
Leslie Rogers: All right, well, we're almost out of time for this tech chat. But I wanted to go to you both Mike and Zo for any final thoughts you'd like to leave off with today. Mike, do you want to get started with some final thoughts?
Mike Eppes: Here's kind of where I'm at. I see a lot of people come because they're getting big because they're seeing the money and altruistic or not, I believe in the mission, I believe in the mission of the government. I believe in that, you know, the greatest country ever, and I want to support that, but the mission of you and your software and your business, I think, and I truly believe this mission will bring the money. And the question is how do I better partner in this mission? And how do I better deliver the software? How do I better deliver? And I'll never say fast, but I'll say faster? I'll never say cheap, but cheaper? How can they do that in such a way that that allows our mission within our software within our company to help add value and add to the mission of our collective partner, our US federal government? And so I look and say, Look, if the mission really matters, if it matters to you, then let's partner together. Let's expedite your mission and let's expedite your value to mission by leverage this our Rackspace inheritable security controls. Thank you.
Lorenzo Winfrey: You know, as my setup, we appreciate everybody coming out today and spending some time with us as a former DOD veteran, veteran as well as community. I got to be honest, the government needs you. They need your solutions. They need your innovation. They need your ideas. They always have and I think they always will. And I think now is a unique time in history, whereas a lot of opportunity and minds have been open to a lot of solutions, where folks weren't really sure about cloud and weren't really sure about SaaS solutions, and in the past year has really opened our eyes. And so I think is a tremendous opportunity for folks to come in with new technology and new ways of doing things and generate traction there. I always say, across the government, right, there's somebody somewhere, doing everything that you could think of, right? So no matter what space you're in, whether it's something that's super mainstream or not, there is some place in the organization that that piece of software that technology is critical. And so if you can get into this space and get FedRAMP authorized and get your solution in a manner that that'll be available to them to leverage, I think that can only provide great value all around.
Leslie Rogers: Thank you. Great. Well, I want to thank our awesome speakers, Lorenzo and, Mike. Fantastic discussion. I want to thank all of you for joining us today, taking time out of what we know is a very busy day for everyone. We really appreciate it. And on behalf of Rackspace government solutions and our entire team here at Rackspace technology. I hope you enjoyed our discussion and hope you have a great rest of your afternoon. Thank you all so much.
Speaker 1: Thanks for listening. If you'd like more information on how Carahsoft or Rackspace can assist you, please visit www.carahsoft.com or email us at RGS@carahsoft.com. Thanks again for listening and have a great day.