SIMPLIFYING AND AUTOMATING FedRAMP

CLOUD SECURITY OPERATIONS WITH STRATUS CYBER

FedRAMP (Federal Risk and Authorization Management Program) is a government standardization program that promotes the adoption of secure cloud services across the federal government. The program includes security assessments, authorizations, and continuous monitoring for cloud service offerings.

FedRAMP is based on NIST 800-53 standards to support the federal government’s cloud-first initiative.FedRAMP compliance is imperative for cloud service providers.

Complying with FedRAMP requirements while maintaining regular business operations can be a complex feat for organizations of all sizes. Earthling Security stepped up to help address this challenge. Earthling provides FedRAMP-as-a-Service to a vast portfolio of high-performance enterprise clients with cloud service offerings.

Earthling Security needed a cybersecurity partner who can provide quality work in a measurable, efficient, and collaborative way, and trusted Status Cyber to deliver.

WHY STRATUS CYBER?

Stratus Cyber manages the Security Operations (SecOps) team for several commercial clients who need to meet FedRAMP requirements. The engagements involve managing the SecOps for AWS and Azure environments to ensure the security, compliance, and health of their cloud environments are in compliance withFedRAMP requirements.

By partnering with Stratus Cyber, Earthling saw an opportunity for its clients to substantially reduce manual labor and the error rate of SecOps tasks. The manual tasks include operations such as POAM management, vulnerability scanning, patch management, performance monitoring, and reporting through the development of dashboards and automation.

Stratus Cyber brings a comprehensive understanding of cloud environments, the ability to integrate multiple datasources into a single, easy-to-access location, and the mindset to automate wherever possible. With these capabilities in mind, Stratus Cyber aligned perfectly with Earthling’s business goals.

THE ENGAGEMENT

Earthling Security engaged Stratus Cyber as the Security Operations (SecOps) team for several of its commercial client accounts. The engagement enabled Earthling to effectively support its clients in setting up and maintaining their FedRAMP authorizations.

In this role, the experts at Stratus Cyber primarily ran SecOps for clients’ Amazon Web Services (AWS) and Azure cloud environments. This involved ensuring their security, compliance, and health per FedRAMP Conducting Continuous Monitoring (ConMon) guidelines..

The Stratus Cyber team not only delivered these services but also went above and beyond the initial terms of the engagement. Utilizing the security tool integrations, the team implemented easy-to-understand Splunk dashboards that Earthling Security clients now use to monitor the vast majority of their performance and security infrastructure.

In addition, Stratus Cyber facilitated the creation of various automations for Earthling clients. This extra mile substantially improved the efficiency of their security operations and reduced the level of manual effort for all relevant stakeholders.

To accomplish these tasks, the Stratus Cyber team developed integrations with various security tools, including Splunk, Nagios, AWS Systems Manager, and Trusted Adviser, Uptime Robot, and many others.

THE RESULTS

Through this engagement, Stratus Cyber enabled Earthling Security to service various clients in their FedRAMP needs. By implementing dashboards and automation, the team achieved a 70 percent reduction in manual labor that Earthling and its clients previously needed to carry out tasks such as:

• Plan of Action and Milestones (POAM) management
• Vulnerability scanning
• Performance monitoring
• Patch management
• Reporting

The team at Earthling Security remains impressed by the results of their engagement with Stratus Cyber and continues to work alongside us on other FedRAMP client security services today.