• Search in Protiviti.com

Global Leader in Design Software Hardens Its Platform Infrastructure to Meet FedRamp Compliance Requirements

Published on June 16, 2023

Challenge

This global leader in software for designers, builders, engineers and others has worked to provide a solid platform across a multitude of industries. However, recent changes in FedRamp compliance requirements drove them to develop a new instance of its product platform, hardening their infrastructure for customers in the public sector.

Client snapshot:

Profile  

This client is a global leader in design software, with products spanning architecture, engineering, construction, product design, manufacturing, media and entertainment.

Client Situation

The client company needed to develop a new public sector product platform, replacing one that had been in service for years. This required an architecture designed to meet new FedRamp compliance requirements.

Work Performed

Protiviti introduced native AWS solutions to create a centralized logging infrastructure, along with multiple out-of-the-box AWS WAF rules.

Outcome/Benefits

The client now has a secure AWS infrastructure that meets internal security policies and FedRamp requirements.

 

Solution

Protiviti’s approach to addressing the client’s increased security needs was multi-faceted. To ensure success, the team needed to:

  • Design, architect, and develop centralized logging solutions to consolidate and store logs from Amazon CloudWatch, Amazon GuardDuty, AWS Network Firewall, AWS CloudFront, and Amazon Security Hub.
  • Map AWS WAF rules against defined client FedRamp requirements to show compliance with the requirements.
  • Design, test and implement WAF rules in the FedRamp environments.
  • Develop DivvyCloud enforcement testing procedures and templates using Terraform to test new DivvyCloud enforcement rules for non-compliant AWS resources
     

Using AWS

As part of the engagement, Protiviti utilized native AWS solutions to create a centralized logging infrastructure that can be deployed by any application teams in the FedRamp environment. This includes a variety of AWS services used for log sourcing, transformation, streaming, delivery, and storage. AWS Kinesis (Data Streams and Data Firehose), CloudWatch Log Group and S3 were the three primary services used in this design. In addition, multiple out-of-the-box AWS WAF rules were implemented, along with the flexible custom rule feature.

Lastly, Protiviti leveraged Amazon Access Analyzer and Amazon Access Advisor to discover over-permissive roles and users, and evaluated setup and operational processes on security services such as Amazon Cognito, Amazon GuardDuty, AWS Network Firewall, AWS Certificate Manager and Amazon Route53.

Outcome

By implementing the AWS security suite, Protiviti was able to help the client develop a secure AWS infrastructure that meets not only their internal security policies but also the FedRamp security requirements required by the agencies. Additionally, the detailed documentation and artifacts produced for the client helped them establish compliance in front of FedRamp auditors.

Protiviti enabled the client to ensure continuous compliance with FedRamp regulations, that is critical to its business strategy and success.

Protiviti empowered the client to ensure continuous compliance with FedRamp regulations, critical to its business strategy.

Secure your cloud environment with Amazon Web Services (AWS)

Cloud technology is revolutionizing businesses globally and transforming entire industries across sectors and regions. It facilitates the creation of innovative business models, improves customer and partner relations, and enables a smooth transition from outdated systems to flexible, scalable, and efficient IT infrastructure.
Learn More

Identifying Components of a Secured AWS Foundation

Amazon Web Services (AWS) provides several ways for organizations to securely adopt, develop and manage their AWS environments, including the security perspective of the AWS Cloud Adoption Framework (AWS CAF), the security pillar of the AWS Well-Architected Framework and numerous security services provided by AWS.
Read More

Automate AWS Digital Identity and Access Management Review

Often, there exists the need to perform one-time and regular reviews of Identity and Access Management (IAM) health to answer some of the basic, yet critical questions security professionals care about: 1) Who is entitled to perform what actions against what resources? 2) Are there orphan identities? 3) Am I granting service access to identities that do not utilize them?
Read More
Loading...