APPLICATIONS
SOLUTIONS
How FedRAMP®’s Government-Grade Security Raises the Bar for Every LabArchives Customer
Author: Steve Maybo, Senior Director of Cloud & Information Technologies at LabArchives
GsP Shorts are intentionally quick reads — 3 minutes, tops. If that's still too much of a commitment, no judgment. Skip to the TL;DR. We won't tell anyone.
For most any product, you're either a provider or a customer who chooses a tier — good, better, or best. Laboratory data solutions are no different — the same choices exist:
Good - “Alignment” with ISO 27001 or SOC2 without actual audits — just trust us
Better - Actual ISO 27001 certification or SOC2 attestation audits — you can trust us
Best - FedRAMP authorizations that exceed “Better” — you can really trust us
What tier is the best choice for your important laboratory data? LabArchives chooses the best tier for itself and its customers — all of them, government and commercial.
ISO 27001 and SOC 2 are important checkboxes for the commercial cloud baseline, but adding FedRAMP for a government cloud takes that “better” foundation and layers some additional “best” security floors on top.
Deeper FedRAMP audits, documentation reviews and continuous monitoring across code, containers, systems, networks, and more so the vendor can sell to the government will only find more things that the commercial security baseline did not. Many findings and fixes for LabArchives’ government environment also find their way into their commercial environments that share many resources.
FedRAMP is a win-win for LabArchives’ government and commercial customers.
No cloud service provider pursues FedRAMP authorization because they woke up one morning feeling extremely enthusiastic about learning endless acronyms, writing volumes of documentation, having more audits and working even harder. They pursue it because there is at least one government contract on the other side of a very long and ongoing compliance gauntlet that makes ISO27001 or SOC 2 look like amateur hour.
What nobody puts in the business case — and what genuinely surprises many — is that the security rigor required to achieve and maintain a FedRAMP authorization to attract government customers can often dramatically improve the same product’s existing, commercial environments that have been sold to everyone, everywhere, for years.
You're welcome, commercial customers. You didn't even ask for a security upgrade. And it's free if your commercial cloud service provider goes to FedRAMP extremes — like LabArchives, which provides a FedRAMP-authorized ELN, inventory, and scheduling solution to the nation's medical research agency, the National Institute of Health (NIH).
ISO 27001 and SOC 2 are absolutely important checkboxes for a commercial cloud product’s security baseline. It’s probably part of your list of preferred requirements of any cloud offering. A FedRAMP authorization for a LabArchives’ government cloud takes that “better” commercial foundation and adds additional “best” government-grade security layers on top.
Deeper FedRAMP audits, exhaustive documentation/reviews and continuous monitoring/auditing across code, containers, systems, networks, and more can only scrutinize a cloud environment in ways that the commercial security checkboxes did not even want to think about.
The LabArchives’ FedRAMP authorization and its ongoing, integrated process highlights where its commercial environment that shares many common pieces, parts and people is also in need so many of those “best” standards can apply there.
Government grade security. No matter where the cloud product runs from. Why settle for better security when there is best security?
Most commercial SaaS products run on a security strategy best described as "reasonable effort." FedRAMP has no interest in reasonable effort. It demands perfection. It imposes strict remediation timelines that do not care about quarterly roadmap commitments or features that fell behind schedule. It prioritizes security over features.
If a vendor misses a FedRAMP finding deadline, they are filing formal documentation and presenting them to their government customer in required, monthly audit reviews. Even a low risk finding that commercial security standards could easily reason around deferring for months is an unacceptable, awkward moment that FedRAMP eliminates.
LabArchives’ FedRAMP authorization, whether you need it or not, means all customers don’t have to settle for a cloud service provider’s “reasonable effort.
FedRAMP is a win-win for LabArchives’ government and commercial customers.
FedRAMP authorization is an externally enforced, independently verified, federally funded security upgrade for all product offerings — commercial included. Government customers demand an exceptionally high bar for their FedRAMP cloud environments for good reasons. LabArchives’ commercial customers can have their cloud environments no matter where it is in the world and reap many of the benefits of LabArchives’ FedRAMP authorization. No charge. What benefits?
In a world where cloud data breaches are rising in numbers, cost and impact, getting better security is a good tier to choose. Demanding the best possible security is an even better tier to demand. When you compare laboratory data solutions, do you consider security as a critical feature for your important data? LabArchives does.
Does your commercial laboratory data solution also adhere to higher FedRAMP standards for government customers? LabArchives does.
In the next GsP Shorts: most vendors want to find less vulnerabilities and to make that possible, they just search with less effort. Stay tuned for a future article on how LabArchives’ FedRAMP authorization processes provide the best vulnerability search and rescue process for all customers — government and commercial.
Start for free and upgrade as your team grows