Is TIC necessary for FedRAMP-approved apps?
- By Matt Leonard
- Aug 04, 2017
Agencies shouldn’t have to use a trusted internet connection for accessing cloud environments that already have been approved by the Federal Risk and Authorization Management Program, according to International Trade Administration CIO Joe Paiva.
Connecting to cloud services like Amazon, Salesforce or Office 365 is no different than a teleworker accessing the office network or agencies connecting to data centers, Paiva told a crowd at the ATARC Federal Cloud & Data Center Summit on Aug. 3.
“The definition of what’s ‘my network’ has changed,” he said.
Users in the office are using transport layer security when they connect to the agency's Amazon cloud, he told GCN. Their data is "never passing through the untamed wild.” The applications that have been FedRAMP approved and have full authority to operate "run in my environment, they’re not external,” he added.
All of the traffic to the public internet will still go through the TIC, he said.
The Office of Management and Budget has mandated the use of TIC since 2007 to reduce the number of connections to the outside internet. When asked if this setup was ignoring the mandate, Paiva said it was not.
“I just interpret it the way I think it makes sense to be interpreted,” he said.
Acting Federal CIO Margie Graves recently said that the federal TIC policy is in the process of being modified to address latency issues caused by TIC architecture in hybrid environments.
Paiva, however, said his concerns with TIC aren’t with latency, but rather with cost.
TIC offers little if any added value in these instances, he said. If there is, it is “at best, some miniscule, marginal, unnoticable portion,” he said.
And that limited value comes at a big cost, he added: “If you don’t know this, TIC is egregiously expensive.”
Matt Leonard is a former reporter for GCN.