CASE STUDY
Modernizing Government Operations: Building Secure Cloud Infrastructure for Increased Efficiencies
A United States government agency recognized the need to adopt a cloud-based strategy to reduce expenses and enhance computational and processing capabilities to support its mission. The first system that was selected for an upgrade was the fraud investigation and analytics platform. Working with Aquia, the agency was able to secure its new systems and build authority to operate (ATO) packages at a Federal Risk and Authorization Management Program (FedRAMP) moderate level.
About the Customer
This case study documents the experience of an Aquia customer — a United States government agency responsible for the investigations of fraud and misuse of government funding.
The Challenge
A United States government agency recognized the need to adopt a cloud-based strategy to reduce expenses and enhance computational and processing capabilities to support its mission. Specifically, the agency needed to update and migrate its existing 15-year-old on-site data center and access program to the cloud.
The Solution
The agency worked with Aquia to migrate historical data from on-premises to the Amazon Web Services (AWS) cloud, secure the new systems, and build authority to operate (ATO) packages at a Federal Risk and Authorization Management Program (FedRAMP) moderate level.
The Results
The system significantly reduced the time needed for investigations, cutting it from 20 days to 10. As the agency continues its system expansion — adding more processes and computing capabilities — it will see a substantial drop in investigation time and an increase in the agency's investigation capacity.
A United States government agency responsible for the investigations of fraud and misuse of government funding recognized the need to adopt a cloud-based strategy to reduce expenses and enhance computational and processing capabilities to support its mission. Specifically, the agency needed to update and migrate its existing 15-year-old on-site data center and access program to the cloud.
The agency required assistance with securing its new systems and building ATO packages for them at a FedRAMP moderate level, necessitating the development of consistent procedures and secure operational and functional systems. The first system that was selected for an upgrade was the fraud investigation and analytics platform.
Creating a Secure Cloud-Based Infrastructure
Amazon Web Services (AWS) was the clear choice for a number of reasons. First, the agency alleviated the need for investing in physical properties by taking advantage of AWS's physical infrastructure security. Second, they utilized AWS GovCloud to ensure a secure environment for deploying applications and services in compliance with FedRAMP security controls.
Further, the agency benefits from integrated Identity and Access Management (IAM) features offered by AWS. It also utilized additional features like AWS Security Hub for monitoring and managing security aspects. The integration of data processing and storage solutions further contributed to its infrastructure, as well as the ability to leverage built-in Federal Information Processing Standard (FIPS) compliance for Amazon Simple Storage Service (Amazon S3) buckets.
Lastly, the agency developed a serverless environment within AWS, enabling them to leverage unique capabilities — particularly the scripting functionality that allows them to easily launch temporary compute instances for on-demand data processing. Overall, AWS provides the agency with the technology and tools to build a secure and efficient system that supports its mission.
Leveraging Aquia’s ATO Expertise
Aquia was selected because of its deep expertise in guiding a new system through getting an ATO and experience bringing together various AWS services to ensure operational security. Doing so involved integrating the dynamics of ports, protocols, and services, as well as ensuring that different AWS tools and features worked together seamlessly.
The agency was new to creating ATOs, so the team relied heavily on Aquia’s expertise in this regard. Aquia helped the customer define the new processes and ensure implementation standards were available that could be replicated for new systems as they are developed and deployed in the future.
Facilitating a Smooth Implementation
Aquia utilized AWS Security Hub for the initial implementation of cybersecurity within the environment. As the system developed and matured, Aquia shifted to using Amazon Elastic Compute Cloud (EC2) scripting to add third-party vulnerability scanning capabilities to further build the defense of the systems.
End-to-end encryption and data-at-rest storage solutions allowed the company to ensure that sensitive data remains encrypted and secured. AWS IAM made establishing the new system seamless from a development perspective.
As new features and items from the AWS collection are introduced along with external sets of data, the documentation within the AWS system and AWS Security Hub will help keep the agency on track, enabling a fast and smooth transition from development to production.
Providing Greater Transparency Within the Government
The system significantly reduced the time needed for investigations, cutting it from 20 days to 10. As the agency continues its system expansion — adding more processes and computing capabilities — it will see a substantial drop in investigation time and an increase in the agency's investigation capacity.
With the arrival of new datasets and their accessibility, the agency can conduct more comprehensive investigations and enhance the oversight of government spending, enabling greater transparency within the highest levels of government.
Aquia continues to work on new projects with the agency to help ensure the security of the new systems and assist them in obtaining ATO.
Request a Consultation
We’re in good company.
Subscribe to Our Newsletter
Sign up to receive news and updates from experts on the ever-changing cybersecurity threat landscape.