Cloud Service Providers & Users

How Sera-Brynn’s services support cloud-based innovation:

For Cloud Services Providers –

Sera-Brynn is an independent, Third Party Assessment Organization (3PAO) under the FedRAMP program. FedRAMP, the term for the Federal Risk and Authorization Management Program, is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 3PAOs perform an assessment of CSP systems per FedRAMP requirements, provide evidence of compliance, and play an ongoing role in ensuring CSPs meet requirements.

For Organizations Migrating to a Cloud Computing Environment –

Sera-Brynn can advise on cloud architecture, best practices, compliance with NIST, ISO 27000 or other frameworks, and risk control issues.

For Organizations Seeking Security Testing within an Existing Cloud Environment –

Sera-Brynn regularly performs vulnerability assessments and penetration testing within the cloud environment, including Azure and AWS.

For U.S. Department of Defense Contractors –

Sera-Brynn can advise on and assess cloud computing environments for compliance with Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

For Federal Contractors –

Sera-Brynn can assist with cybersecurity compliance needs that arise from federal contractual requirements.

What is Cloud Computing?

In simple terms, it is just storing and accessing data over the Internet, as opposed to your computer’s hard drive.

In the commercial world, cloud computing can refer to software-as-a-service, infrastructure-as-a-service and platform-as-a-service.  Other terms include on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.

The U.S. Department of Defense defines cloud computing to mean enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing — including networks, servers, storage, applications and services — that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This can include other commercial terms, such as on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.