Recently, I attended a wine tasting festival with my wife and some friends and came away very impressed by the event, which was hosted by a collective of winemakers that all grow Spanish wines in the U.S.  No matter if they were big or small, each winery only had one six-foot table to exhibit, creating a very fair playing field.  What does vino Español have to do with IT?

Well, I admit that prior to the festival I would have struggled to successfully compare cloud computing to wine tasting. However, this festival featured so many wines using the same grape – in this case the popular Tempranillo varietal – tasting them was a great opportunity to experience the different components (taste, nose, etc.) that result from differences in just the soil, climate and vintner skill. It was a good way to pull some of the variables out of the equation.  And because each winery had the same sized exhibit, no one stole the show by looking bigger than other wineries.

In cloud computing, customers have to overcome similar issues when selecting their cloud computing service providers. Frequently, they ask “how do I select the service and who should I short list as a provider? ”

A recent government initiative is trying to simplify the adoption process and level the playing field by helping agencies select secure cloud computing service providers called the Federal Risk and Authorization Management Program, known as FedRAMP.  The program is designed to standardize the baseline security requirements that cloud-computing providers will have to adhere to in order to receive government contracts. Under FedRAMP, contractors will have to hire third-party assessment organizations that will verify whether they meet the basic security requirements.  Similar to tasting several different wines with the same style of grape, the government’s pro cloud computing stance removes many other variables and leveling the playing field a bit.

More importantly, when I hear about a government initiative or set of guidelines, usually I cringe first assuming it has been hard wired by “the big guys” as a means to lock other smaller providers out.   However FedRAMP is different!  Once you have established you have met the guidelines through FedRAMP, any new agency bid can reference a prior approval. With that approval in hand, they can now rely on the attributes of their solutions.  In other words, once they use the same grape, it's the other factors that decide whether you like the wine or not – and you are not guaranteed the business just because you are big.  Great idea and great policy – way to go FedRAMP!