The path to FedRAMP Authorization is long and demanding, which makes each new member of this elite club worth celebrating.
Having walked this path ourselves back in 2019, the team at Virtru extends a warm welcome to Varonis Systems as they join the select circle of FedRAMP authorized data security platforms.
The Club is Growing
On May 19, 2025, Varonis announced their cloud-native Data Security Platform has achieved Federal Risk and Authorization Management Program (FedRAMP) Authorization, describing it as "the first in its category" to reach this milestone.
Virtru's own data security platform has been in the FedRAMP marketplace since achieving our first FedRAMP Authorization to Operate (ATO) at the Moderate level back in 2019, followed by expanded authorization in August 2023 sponsored by the CDC. We know firsthand the value this brings to government agencies and contractors seeking trusted solutions. We're pleased to see the data security platform category gaining more attention and additional certified options.
Why FedRAMP Matters (Especially Right Now)
FedRAMP authorization isn't just a badge of honor—it's a trust signal that enables federal agencies to adopt secure cloud technologies with confidence. And the timing couldn't be better for growth in this category.
On April 16, 2025, a new Executive Order on "Ensuring Commercial, Cost-Effective Solutions in Federal Contracts" was issued, directing federal agencies to "procure commercially available products and services...to the maximum extent practicable" instead of developing custom solutions. This order creates a significant advantage for FedRAMP-authorized commercial platforms like Virtru (since 2019) and now Varonis.
For organizations serving the public sector, FedRAMP certification now delivers double value:
- Validates rigorous security controls and practices
- Aligns perfectly with the new mandate to prioritize commercial solutions
- Creates a streamlined path through increasingly strict procurement reviews
- Demonstrates compliance with both security and fiscal responsibility requirements
StateRAMP, too: Securing Government at All Levels
While FedRAMP opens doors at the federal level, Virtru doesn't stop there. Our Data Security Platform also achieved StateRAMP Authorization in April 2025, expanding our government security credentials to state and local agencies as well.
StateRAMP mirrors FedRAMP's rigorous standards but focuses on state and local government needs, providing a standardized approach to assessing cloud products for these entities. This additional authorization means Virtru offers a comprehensive security solution across all levels of government—federal, state, and local.
Currently trusted by 17 state governments nationwide—including Arizona, Arkansas, Georgia, Utah, Colorado, Virginia, and West Virginia—Virtru's StateRAMP-authorized platform enables secure sharing of sensitive information without sacrificing usability or control.
A Rising Tide Lifts All Data Security
The growth of FedRAMP-authorized data security platforms signals an important industry trend: data-centric security is moving from specialized niche to essential mainstream practice. As more organizations recognize that protecting sensitive information requires controls that travel with the data itself, the federal government stands to benefit from having multiple strong options to choose from.
Virtru's platform—which provides encryption, access controls, and key management capabilities—has been serving federal customers since our initial authorization in 2019. Our CDC-sponsored expanded authorization in 2023 added capabilities like Virtru Secure Share for encrypted file-sharing with continuous control over shared data.
With Varonis joining the club, federal agencies now have additional choices for implementing data-centric security strategies aligned with zero-trust frameworks and compliance requirements—exactly what the new Executive Order encourages by mandating thorough market research before any custom solution can be approved.
Moving Forward Together (With New Momentum)
The expanding roster of FedRAMP-authorized data security solutions reflects the growing recognition that traditional perimeter defenses alone cannot adequately protect sensitive information in today's complex digital landscape.
The Executive Order's focus on commercial solutions creates powerful momentum for FedRAMP-authorized platforms. Agencies facing the new rigorous approval process for non-commercial products will increasingly look to established solutions like Virtru's that offer both security compliance and procurement policy alignment.
We welcome Varonis to the FedRAMP family and look forward to seeing how the federal data security ecosystem continues to evolve with innovation from multiple providers. After all, when it comes to protecting our nation's most sensitive data, more secure options means stronger overall protection.
Here's to raising the standard of data security across government—together.
