Cloud Service Providers & Users

Sera-Brynn is an independent, Third Party Assessment Organization (3PAO) under the FedRAMP program.

FedRAMP, the term for the Federal Risk and Authorization Management Program, is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 3PAOs perform an assessment of Cloud Service Provider (CSP) systems per FedRAMP requirements, provide evidence of compliance, and play an ongoing role in ensuring CSPs meet requirements.

Organizations Migrating to a Cloud Computing Environment

Sera-Brynn can advise on cloud architecture, best practices, compliance with NIST, ISO 27000 or other frameworks, and risk control issues.

Organizations Seeking Security Testing within an Existing Cloud Environment

Sera-Brynn regularly performs vulnerability assessments and penetration testing within the cloud environment, including Azure and AWS.

U.S. Department of Defense Contractors

Sera-Brynn can advise on and assess cloud computing environments for compliance with Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

Federal Contractors

Sera-Brynn can assist with cybersecurity compliance needs that arise from federal contractual requirements.

Sera-Brynn Articles


What is Cloud Computing?

In simple terms, it is just storing and accessing data over the Internet, as opposed to your computer’s hard drive.

In the commercial world, cloud computing can refer to software-as-a-service, infrastructure-as-a-service and platform-as-a-service.  Other terms include on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.

The U.S. Department of Defense defines cloud computing to mean enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing — including networks, servers, storage, applications and services — that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This can include other commercial terms, such as on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.