Why FedRAMP Approval of UCaaS Is Significant to Businesses


The General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP) recently approved a Unified Communications-as-a-Service (UCaaS) solution for the first time. This means federal agencies will be permitted to use a cloud-based UC platform. As the government continues to increase adoption of cloud services, more UCaaS solutions are likely to achieve FedRAMP compliance soon.

UCaaS makes sense for the federal government, which has been clinging to legacy systems for years despite exorbitant maintenance costs. Agencies can use UCaaS to reduce capital costs for hardware and software installation, as well as operational costs for on-premises management and maintenance, as they migrate away from archaic systems.

With UCaaS, all communications tools are integrated on a single platform that can be accessed from virtually any device and location. This is important to government agencies because a significant amount of government work is done remotely. Cloud-based UC also improves flexibility and user productivity, enhances data sharing, and reduces telecom costs.

FedRAMP is a government program of security protocols and standards that promote the use of cloud services while supporting the mandate that all federal information systems must comply with the Federal Information Security Management Act of 2002. FedRAMP emphasizes a standardized approach for the secure implementation of cloud services across federal government agencies, eliminating redundant, inconsistent assessments that are typically performed by multiple agencies. This process is costly, slow, wasteful and unnecessarily risky.

FedRAMP’s streamlined selection and authorization process was developed in collaboration with cybersecurity and cloud experts and is based upon strict security standards. FedRAMP is also vendor neutral, so the process can be applied to any cloud delivery model or service.

In the case of UCaaS solutions, as with other cloud services, there are specific requirements related to advanced security features, capacity, performance and technical architecture that must be met in order to receive FedRAMP approval. Cloud service providers must select and implement baseline security controls, have an independent system assessment performed by a third-party assessor, create and submit an agency authorization package, and deliver ongoing monitoring reports and updates. Continuous monitoring, which includes operational visibility, change control process and incident response, ensures transparency and timely decision-making.

UCaaS has matured as cloud technology and services have improved. In many cases, data in the cloud is more secure than data in an onsite data center. Performance issues that have traditionally frustrated cloud users have largely been corrected. If UCaaS is secure and reliable enough for the federal government, it’s good enough for businesses that face similar challenges.

Many organizations are held back by legacy communications systems and lack the in-house expertise to either make the necessary upgrades or implement a new solution. As more UCaaS solutions are certified by FedRAMP, companies can feel confident in their strategy to move their communication and collaboration tools to the cloud.