04 April 2024

Recap of the 2024 Cloud Compliance Summit

Aquia and AWS hosted the 2024 Cloud Compliance Summit on March 19. Looking for an overview of the topics discussed? We've got you covered!

Ashling Knight
Ashling Knight Vice President of Communications LinkedIn

Aquia was thrilled and honored to host the 2024 Cloud Compliance Summit alongside Amazon Web Services (AWS) on March 19 at their headquarters in Arlington, VA, and virtually via livestream. The event was filled with insightful discussions and expert panels on navigating the cloud compliance landscape — particularly, as it relates to the Federal Risk and Authorization Management Program (FedRAMP), continuous monitoring (ConMon), SaaS strategy, and OSCAL. For those who couldn’t join us on March 19, fear not! We’ve pulled together a comprehensive recap of the day’s happenings below.

Chris Hughes standing in front of a blue banner that says Securing the Digital Transformation. He is wearing a microphone and holding a slide clicker as he delivers the opening remarks for the event.

Chris Hughes, co-founder and president of Aquia, kicked off the summit, setting the stage with his opening remarks on the history of FedRAMP, the trajectory of the program, and the perpetual challenge of aligning governance, risk, and compliance (GRC) practices with the lightning pace of DevOps.

Following Chris’s keynote, we got a look into FedRAMP from a federal agency’s perspective, where Shawnte Singletary of the Centers for Medicare and Medicaid Services (CMS) and Will Lindsey of Aquia provided invaluable insights into the intricacies of FedRAMP authorization. Moderated by Aquia’s Chief Growth Officer, Kalid Tarapolsi, the session explored how FedRAMP advisors aid cloud service providers (CSPs) in navigating the complex landscape of compliance, akin to how AWS enables businesses to focus on their core operations by offloading infrastructure management.

Close-up of three men in front of a blue banner that says The Experts CISOs Trust. Lloyd Evans is in the center speaking into a microphone.

One of the recurring themes was the importance of robust GRC tools in streamlining compliance processes, a topic further elucidated in our breakout tracks. In track one, Zyad Nabbus of DataLock Consulting Group and Nathalie Baker of Aquia guided us through the pre-assessment journey, where they emphasized the significance of understanding FedRAMP’s nuances and pitfalls to avoid along the path to authorization to operate (ATO). They were followed by Kaus Phaltankar of Caveonix and Mario Lunato of Aquia, who shared insights into the power of harnessing GRC tools for pre-authorization success.

Simultaneously, track two delved into post-FedRAMP authorization challenges, with Erik Dominguez and Adam Chun from Emagine IT and Allie DiPietro from Aquia dissecting the intricacies of ConMon and Revision 5 updates. We gleaned insights into the evolving landscape of compliance assessments and the imperative of integrating security practices into organizational culture. They were followed by Travis Howerton of RegScale, Lloyd Evans of Aquia, and Dave Pannu of AWS, who painted a compelling picture of, “Vision 2030” — an automated future, where AI and GRC tools alleviate the burdens of manual toil while reinforcing the shared responsibility model.

Four panelists sit on bar-height chairs in front of a blue banner. One of them is speaking in an animated fashion, using his hands to make a point as a crowd looks on.

Following lunch, the day continued with general sessions that offered a panoramic view of compliance in the federal sector, with insights from industry subject matter experts like Justin Fanelli of the Department of the Navy, James Saunders of the Office of Personnel Management (OPM), and Nick Sinai of Insight Partners, alongside Aquia’s CEO David Maskeroni. Their panel shed light on navigating the SaaS landscape in the federal government and Department of Defense (DoD) and explored the benefits of leveraging FedRAMP for enhanced security posture.

Next, AWS took center stage, unveiling insights into compliance acceleration and AWS GovCloud. In their sessions, Ted Steffan, Shawn Asfeld, and Travis Goldbach walked us through how AWS empowers organizations to embark on their compliance journey with confidence and agility.

Next was an outstanding line-up of movers and shakers in the industry, including Chris Hughes of Aquia, Sonny Hashmi of Unqork (former Commissioner, Federal Acquisition Service at the General Services Administration (GSA)), Howard Levenson, and Bryanna Tucci of AWS. They discussed key considerations for doing business with the government, such as self-hosting vs. SaaS, how to leverage marketplaces to accelerate sales, and some of the longstanding challenges with FedRAMP.

Two speakers sit on bar-height chairs in front of a blue banner. Alla Seiffert sits on the left, listening intently as Eric Mill, on the right, speaks while using his hands to demonstrate his point.

The session led into what was a highlight of the day for many: a fireside chat with Eric Mill, the executive director for cloud strategy at GSA, and Alla Seiffert, head of U.S. regulated industries and federal public sector policy at AWS. Here, Eric shared some major changes we’re likely to see from the FedRAMP program in the coming year — from potential pilot programs to new policies and more.

The day culminated in a thought-provoking discussion on OSCAL — the future of compliance automation. Moderated by Chris Hughes, luminaries such as Dr. Michaela Iorga of the National Institute of Standards and Technology (NIST), John Yeoh of the Cloud Security Alliance (CSA), and Phyllis Lee of the Center for Internet Security (CIS) underscored the pivotal role of codifying compliance as code, heralding a paradigm shift in regulatory practices.

And, of course, we can’t forget the wonderful networking reception, thanks to support from our partner, Emagine IT.

Room full of people talking with beverages in their hands and food in the background. One person is holding a small dog while speaking with another person.

When we set out to host this event, we hoped that it would serve not only as a platform for knowledge exchange but also as a testament to the collaborative spirit driving progress in the realm of cloud compliance. We firmly believe that, together, we can create a future where compliance is not just a mandate but a seamless enabler of innovation and security.

If you missed the event and are interested in catching up, you can view all of the sessions described above on YouTube.

Also, if you’re interested in learning more about the routes you can take to approach FedRAMP authorization and scale your business within the federal government and DoD, we’d love to chat. Contact us today.

If you have any questions, or would like to discuss this topic in more detail, feel free to contact us and we would be happy to schedule some time to chat about how Aquia can help you and your organization.

Categories

AWS Cloud Compliance FedRAMP GRC SaaS Security