Global Leader in Design Software Hardens Its Platform Infrastructure to Meet FedRamp Compliance Requirements Published on June 16, 2023ChallengeThis global leader in software for designers, builders, engineers and others has worked to provide a solid platform across a multitude of industries. However, recent changes in FedRamp compliance requirements drove them to develop a new instance of its product platform, hardening their infrastructure for customers in the public sector. Client snapshot: Profile This client is a global leader in design software, with products spanning architecture, engineering, construction, product design, manufacturing, media and entertainment. Client Situation The client company needed to develop a new public sector product platform, replacing one that had been in service for years. This required an architecture designed to meet new FedRamp compliance requirements. Work Performed Protiviti introduced native AWS solutions to create a centralized logging infrastructure, along with multiple out-of-the-box AWS WAF rules. Outcome/Benefits The client now has a secure AWS infrastructure that meets internal security policies and FedRamp requirements. SolutionProtiviti’s approach to addressing the client’s increased security needs was multi-faceted. To ensure success, the team needed to:Design, architect, and develop centralized logging solutions to consolidate and store logs from Amazon CloudWatch, Amazon GuardDuty, AWS Network Firewall, AWS CloudFront, and Amazon Security Hub.Map AWS WAF rules against defined client FedRamp requirements to show compliance with the requirements.Design, test and implement WAF rules in the FedRamp environments.Develop DivvyCloud enforcement testing procedures and templates using Terraform to test new DivvyCloud enforcement rules for non-compliant AWS resources Using AWSAs part of the engagement, Protiviti utilized native AWS solutions to create a centralized logging infrastructure that can be deployed by any application teams in the FedRamp environment. This includes a variety of AWS services used for log sourcing, transformation, streaming, delivery, and storage. AWS Kinesis (Data Streams and Data Firehose), CloudWatch Log Group and S3 were the three primary services used in this design. In addition, multiple out-of-the-box AWS WAF rules were implemented, along with the flexible custom rule feature.Lastly, Protiviti leveraged Amazon Access Analyzer and Amazon Access Advisor to discover over-permissive roles and users, and evaluated setup and operational processes on security services such as Amazon Cognito, Amazon GuardDuty, AWS Network Firewall, AWS Certificate Manager and Amazon Route53.OutcomeBy implementing the AWS security suite, Protiviti was able to help the client develop a secure AWS infrastructure that meets not only their internal security policies but also the FedRamp security requirements required by the agencies. Additionally, the detailed documentation and artifacts produced for the client helped them establish compliance in front of FedRamp auditors.Protiviti enabled the client to ensure continuous compliance with FedRamp regulations, that is critical to its business strategy and success. Protiviti empowered the client to ensure continuous compliance with FedRamp regulations, critical to its business strategy. Secure your cloud environment with Amazon Web Services (AWS) Cloud technology is revolutionizing businesses globally and transforming entire industries across sectors and regions. It facilitates the creation of innovative business models, improves customer and partner relations, and enables a smooth transition from outdated systems to flexible, scalable, and efficient IT infrastructure. Learn More Identifying Components of a Secured AWS Foundation Amazon Web Services (AWS) provides several ways for organizations to securely adopt, develop and manage their AWS environments, including the security perspective of the AWS Cloud Adoption Framework (AWS CAF), the security pillar of the AWS Well-Architected Framework and numerous security services provided by AWS. Read More Automate AWS Digital Identity and Access Management Review Often, there exists the need to perform one-time and regular reviews of Identity and Access Management (IAM) health to answer some of the basic, yet critical questions security professionals care about: 1) Who is entitled to perform what actions against what resources? 2) Are there orphan identities? 3) Am I granting service access to identities that do not utilize them? Read More Topics Cybersecurity and Privacy IT Management, Applications and Transformation Risk Management and Regulatory Compliance