Introducing Palantir FedStart: Helping SaaS companies do business with the Government
Editor’s Note: The following post is intended for SaaS companies seeking to provide solutions to the U.S. government at the speed of innovation but lacking the accreditations to do so. Palantir FedStart can help.
Each year, the U.S. federal government spends around $100 billion on software, representing a massive opportunity for your software company to make an impact — that is, if you can gain access. Obtaining the requisite federal accreditation for SaaS solutions is time consuming, labor intensive, and costly.
Even if your company can afford the $1M+ price tag, the opportunity cost of the lengthy accreditation process is enormous, and it hits young, innovative companies, such as Large Language Model and Generative AI startups, the hardest. Pursuing FedRAMP and Impact Level (IL) accreditations (explained in detail below) can require resource diversion — potentially for years — away from product innovation, revenue growth, customer support, fundraising, and everything else necessary to scale a company. Palantir’s own journey to FedRAMP and IL5 took over four years of navigating sponsorships and POCs, and ultimately 60 people from across 25 different teams working full-time for an entire year to achieve.
The Typical Accreditation Process — FedRAMP and IL5
The 2022 passage of the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act requires FedRAMP Authorization for any cloud computing products or services processing unclassified federal information. Similarly, the Department of Defense via Defense Information Systems Agency (DISA) defined the operating standards, known as Impact Levels (ILs), for software providers seeking to offer their services in government cloud environments.
Today, the onerous requirements to achieve FedRAMP or IL5 include the following:
- Months to years of work to identify and secure an agency sponsor who will sponsor your company entering the FedRAMP or IL5 process (and help you secure the sought-after “In Process” designation on the FedRAMP Marketplace). The sponsor will also ultimately grant an Authority to Operate (ATO) to put your company in the queue for final review with the FedRAMP Program Management Office (PMO). An alternative path is pursuing accreditation and sponsorship through the Joint Authorization Board (JAB). However, the JAB only selects around twelve products a year for Provisional Authorizations (citation), and that process can also take years.
- 18 months, on average, to build out your technical enclave and controls, write hundreds of pages of documentation, go through an audit with a third party assessment organization (3PAO), and ultimately participate in a final review with PMO and/or DISA to reach full accreditation.
- At least $1M in upfront costs for 3PAO auditors and compliance consultants or hires alone; more than that in engineering and infrastructure costs.
- Ongoing cost of a separate GovCloud infrastructure enclave staffed with U.S. Person-only support and engineering teams.
- Ongoing continuous monitoring and compliance, including monthly scan reports and Continuous Monitoring (ConMon) meetings, Plans of Action and Milestones (POA&Ms), and annual assessments of your controls. Companies typically hire compliance experts to manage the accreditation and maintain agency ATOs on an ongoing basis.
Introducing Palantir FedStart
Palantir FedStart is the proverbial scissors that can cut through all this red tape. FedStart serves as an on-ramp to help deliver your SaaS products to the government at the speed of innovation. Your company’s products are run within Palantir’s secure and accredited environment — no need for a separate FedRAMP or IL5 accreditation. If you can containerize your software, you can use FedStart in weeks to sell as an accredited solution for quick product delivery and impact. FedStart unlocks FedRAMP Moderate and IL5, the security accreditations required to sell to civilian agencies and the Department of Defense, respectively. FedStart is on track to support FedRAMP High and IL6 within the next year.
Since 2003, Palantir has been a trusted partner of the U.S. Government, supporting critical federal missions with solutions deployed on-premises, in the cloud, and at the edge. Last year, our cloud offering received its IL6 PA, joining the ranks of Microsoft and Amazon Web Services as the only cloud providers with that distinction. In all of these environments, federal accreditation was a serious hurdle we faced. Over the last 20 years, we have developed technology — Apollo and FedStart — that standardizes these deployments and ensures that every control is met by default, across all of our products, in every single environment. We are thrilled to now offer this technology for other companies’ use, in order to bring the best commercial technology to bear in the federal government space.
The FedStart Difference: Zero to ATO in weeks
We’re transforming how companies can meet FedRAMP’s rigorous accreditation standards by enabling your company to leverage two decades’ worth of Palantir investments in delivering software solutions to the U.S. Government.
Here’s what that looks like:
- Seamless integration: Containerized application integration into the FedStart Kubernetes infrastructure, which runs on top of AWS or Azure. FedStart manages all of the 400+ controls, including FIPS validated encryption, logging, authentication, vulnerability scanning, and more (so that you don’t have to).
- Accreditation-as-a-Service: Companies that are part of the FedStart program benefit from FedRAMP and IL5compliance managed by Palantir, with Palantir responsible on an ongoing basis for government ATO conversations, compliance artifacts, continuous monitoring, and control assessments.
- Usage-based pricing: Rather than being charged a fixed cost, FedStart fees are scaled according to business usage so that incurred costs are tied to value gained.
LLMs and Generative AI
We’re particularly excited about what FedStart means for government adoption of LLMs and Generative AI. The hurdles to accreditation impact not only the companies in the commercial sector seeking to do business with the government, but also the government itself and its ability to leverage cutting-edge technology that is available today. LLMs and Generative AI bring this problem into sharp relief: the companies most capable of delivering transformational value to the government are also the least equipped to navigate labyrinthine federal bureaucracy. These companies often operate with lean teams that haven’t worked with the government before and don’t have millions to spend, but they immediately understand how impactful their tech could be if deployed, from semantic search to operational copilots. We are actively partnering with companies in this space to bring such critical cutting-edge technology to the federal government.
Defense Tech
As the Financial Times recently reported, U.S. venture capitalists have agreed to more than 200 defense and aerospace deals in the first five months of 2023, worth nearly $17 billion.
If accreditation is a blocker for your company, but you know your products could make an impact with government customers, contact us here.
Introducing Palantir FedStart was originally published in Palantir Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.