Case Study

Orca Security Achieves FedRAMP® Ready Status More than 50% Faster than Average Timeline

March 8, 2023
Blog Images 2023 cs Scale AI 814x460

Orca Security first gained global market share with its SideScanning™ technology and Unified Data Model. Orca aimed to expand its cloud security capabilities into highly regulated and government-specific cloud environments. Achieving official FedRAMP® Ready status would build trust and demonstrate its platform was secure enough to earn FedRAMP Authority to Operate (ATO).

CHALLENGE

The Orca executive team knew that the Orca Cloud Security Platform was well-suited to securing federal cloud environments, but they were unsure of how to build a FedRAMP-compliant environment. With client expectations and first-to-market advantage hanging in the balance, Orca needed a partner with experience developing secure, audit-ready cloud environments at a rapid pace.

"We looked at the federal market and identified available solutions requiring agents, scanners, or both that cause friction in securing cloud ecosystems. Since Orca is completely agentless, the platform provides full visibility, enables faster risk resolution, and delivers continuous monitoring in multi cloud environments. This is what government IT needs, and this is what gives Orca first market-mover advantage."

DOUG HUDSON, VP PUBLIC SECTOR

APPROACH

After an exhaustive six-month evaluation process, Orca engaged Coalfire’s FedRAMP advisory and Accelerated Cloud Engineering (ACE) teams to help guide the development of its FedRAMP Software-as-a-Service (SaaS platform and advise on the associated control and compliance requirements. Orca decided to partner with Coalfire based on their experience with 70% of all new FedRAMP ATOs. “We chose Coalfire for having far more experience with FedRAMP engagements than their closest competitor, their cloud team’s direct expertise in building the environment, internal operational compliance requirements, and their advisory team working through the audit process,” said Hudson.

Advise

After learning about Orca’s goals and objectives, Coalfire helped the company define its strategy, investment needs, and anticipated ROI, which enabled Orca to gain internal buy-in and investment. Coalfire’s advisors explained the FedRAMP and agency sponsorship process to Orca’s team, and then worked with them to define and develop a comprehensive FedRAMP business strategy to move the project forward.

Migrate

Utilizing Coalfire’s ACE services, Orca deployed a FedRAMP-compliant environment with AWS services in less than 8 months, for nearly 80% less than historic costs. ACE simplifies the compliance process by utilizing pre-engineered, automated modules to develop secure, audit-ready cloud environments in as little as 60 days. AWS was the clear choice for Orca because of the scalability and variety of offerings. “Working with Coalfire and AWS through this process was straightforward, enabling us to gain FedRAMP Ready status,” said Hudson.

RESULTS

Orca was listed as FedRAMP Ready on the FedRAMP Marketplace in time to take advantage of maturing procurement practices that prioritize modern cloud operations under security first mandates. While the designation wasn’t easy, it was well worth it, as measured by new client acquisitions and increased revenues. The typical timeline to FedRAMP Ready status is 18 months, but Orca reached that milestone in less than half that time. “Orca achieved its FedRAMP Ready status significantly faster than average timelines,” explained Hudson. “Our roadmap for FedRAMP Moderate Authorization will include Azure Government as part of our FedRAMP ATO package. Overall, our path to FedRAMP Moderate authorization is on target to be completed within one year

“As a result of our teams’ efforts to get Orca embedded with the FedRAMP ecosystem, we’ve seen significant growth in our sales pipeline and are already well on our way to reaching next year’s revenue targets.” The company’s strategic planners can now move ahead with a deeper understanding of the FedRAMP environment and the associated compliance management requirements.

More on FedRAMP