Kaseya Working Toward Federal Compliance in 2025

The cybersecurity provider Kaseya is eager to ensure that it meets the cybersecurity standards that the federal government's FedRAMP program demands in order to fulfill its data protection needs properly.

Kaseya officially announced its federal compliance process to become FedRAMP-certified in October. This decision will allow Kaseya to provide its tools to government agencies and military organizations in the United States. It will also allow the company's tech stack to support federally required compliance demands better. It also coincides with Kaseya doing more to help lawmakers in Congress pass appropriate legislation for protecting American interests and ensuring MSPs have the federal compliance standards that they need. But what does the FedRAMP process look like for Kaseya currently?

Details on Kaseya FedRAMP Accreditation

Channel Futures met with Max Pruger, the general manager of Kaseya’s audit and compliance suite, to discuss the FedRAMP certification process, what it means for the company, and how things might change with the incoming Trump administration.

Kaseya's Max Pruger

Channel Futures: How did the FedRamp certification process start, and what is the state of things?

Max Pruger:  We started the process over a year ago. Internally, I put together a memo for the executive team and reported directly to [Kaseya CEO Fred Voccola] that there will be some changes to FedRAMP. And sure enough, at the end of November, the Department of Defense came out with a memo and effectively said if you are a cloud service provider like Kaseya, you will have to get FedRAMP-authorized or FedRAMP equivalency. Fred initially announced our intention last year during the M&A pre-day event. An attendee asked about FedRAMP and Fred said that we're committed to doing it, and we've allocated resources towards it. So, we spent the first three quarters of the year trying to meet or starting to meet the various FedRAMP controls. And then at the end of September, beginning of October, we had a press release where we went public with the intention. 

Related:Kaseya Launches Federal Compliance Process

CF: How long is the FedRAMP certification process expected to take?

MP: It's hard to say, because we have 40 different products, and while Kaseya has grown both organically, we also grow through acquisition. So you know, it depends on how the products were architected. And we've got everything across the board. We've got some applications are in Azure; some are built in AWS,Some are private cloud. Different products lend themselves more accessible to getting authorized. Not all products will be ready at the same time.

Related:Kaseya, CEO Voccola Guiding Congress on MSP Regulation

The goal is to have the first product authorized by the second quarter of next year. But the problem is that I can't provide any time frames because it's all outside of our control since it relies on third-party assessor organizations to determine if we’re good to go. It’s also taking the government six to eight months to check the packets of information we provide on our product.

The government has also announced that FedRAMP will change next year, so we don't know exactly what will happen. But the current standard is our North Star that we’re trying to adhere to.

CF: Are the upcoming changes related to the incoming Trump administration?

MP: The changes were planned and announced before Trump won the election. That said, the program is organized by the Office of Management and Budget, which oversees the President's implementation of his policies across the branches. 

CF: Should Kaseya customers expect any product changes in light of the FedRAMP authorization?

MP: There may be a separate version. When vendors try to get on the federal marketplace, they often have commercial and government versions. It's too early to say whether we will have that, but it's common to have two separate versions.