The Golden Ticket in the Federal Cloud Market
Recently announced acquisitions of Autonomic Resources, Carpathia, and Virtustream have all had one thing in common – a FedRAMP certification – the “Golden Ticket” in today’s crowded Federal cloud marketplace.
The Federal Risk and Authorization Management Program (“FedRAMP”) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. First announced in 2011 by the Office of Management and Budget (“OMB”), FedRAMP was meant to impose a standard security assessment for use by government agencies in evaluating cloud suppliers. Given the scarcity of such certifications, those who have received a certification find themselves in high demand, even though they previously may have been a small and specialized service provider.
According to a May report by MeriTalk, a newsletter for federal IT professionals, in 2014, 24 cloud service providers were awaiting FedRAMP approval; 16 of those 24 are still waiting. To date, the Joint Authorization Board (“JAB”), appointed by the GSA to review applications, has issued certifications to only 14 companies, sometimes for just one of many services that these firms offer. To be in the running for this FedRAMP certification, it takes 18 months or longer and a submission of 1,000 pages of technical and legal documentation; an effort that is estimated to cost between $4 and $5 million.
Despite these stringent application requirements and long waiting periods, three companies have proven their FedRAMP investment to be worth the wait: Autonomic Resources, Carpathia, and Virtustream. In February Computer Sciences Corporation (“CSC”) announced it had finalized its acquisition of the cloud computing infrastructure provider Autonomic Resources. Not only was Autonomic Resources the first in the line of a string of M&A transactions in the space, but it was also the first cloud service provider to achieve compliance under FedRAMP. The deal signals CSC’s intent to target the growing public sector cloud market, including the approximately $8 billion estimated to be spent on federal cloud by 2019. In March of 2015, EMC announced its plans to acquire Virtustream, a provider of advanced cloud software and managed services with a specialty hosting SAP applications, for $1.2 billion. Virtustream will become the core of EMC’s managed cloud services businesses and will help EMC convert its storage, security, and other business – including VMware – into a set of cloud-delivered services. Furthermore, QTS Realty Trust (“QTS”) announced it has reached an agreement to acquire Carpathia Hosting, Inc., for approximately $326 million. Carpathia is a leading hybrid cloud services and Infrastructure-as-a-Service (“IaaS”) provider offering a high level of security and compliance solutions to sophisticated enterprise customers and Federal agencies. The acquisition is slated to accelerate QTS’ federal business through Carpathia’s strong cloud footprint with Federal agencies. In addition, Carpathia adds access to government business through numerous Federal Authorizations to Operate (“ATOs”) with Federal Civilian and Department of Defense (“DoD”) agencies, and a Provisional ATO from the FedRAMP JAB.
Similar to the aforementioned companies, the handful of other companies that have also received this highly coveted and valuable certification are in a unique position to capitalize on their successes. Whether this means going after the current Federal cloud opportunities at agencies such as the Department of Homeland Security (“DHS”), the Department of Labor (“DOL”), or the Department of the Treasury, or pursuing an M&A strategy, these companies are now in a position to seek out the returns from their “Golden Ticket”.