US government agencies are continuing to use non FedRAMP-compliant cloud services, 14 years after the Office of Budget and Management established the programme to ensure providers met federal security requirements.
Agencies are also paying wildly different amounts to ensure suppliers past muster, with costs ranging from the tens of thousands of dollars, to almost a million.
