Case Study

AI Data Platform Becomes FedRAMP® Audit-Ready in Less Than 90 Days on AWS

March 15, 2021
Resources New Case Studies 814x460 AI Data Fed RAMP

To diversify and expand cloud services to the federal market, a leading artificial intelligence (AI) data platform and machine learning (ML) training organization decided to pursue FedRAMP certification. With limited engineering staff, the organization needed help navigating the complex FedRAMP landscape to achieve Authority to Operate (ATO).

CHALLENGE

Cloud services that incorporate AI functionality represent a fast-growing segment within the federal marketplace. The organization’s proprietary software was designed for government agencies seeking mission-critical AI and ML solutions. To reach their expansion goal, they had to act quickly to gain first-to-market advantage.

Competitive risk was high and the timing too critical to delay finding partners who could guide them through the FedRAMP process quickly and help them maintain a FedRAMP-compliant environment after achieving ATO.

APPROACH

The company’s SVP of technology services required the most-experienced FedRAMP advisor and Third-Party Assessment Organization (3PAO). They chose Coalfire, which had been engaged in 70% of all new FedRAMP ATOs in the past year and more than 1,200 unique FedRAMP engagements. Plus, Coalfire had led other cloud service providers to FedRAMP ATO in record-breaking time for affordable costs.

The organization’s next decision was choosing an infrastructure and technology platform. Their services had to be optimized and scalable given the mission-critical nature of the services they would be providing to essential government agencies. Ultimately, they chose Amazon Web Services (AWS) because AWS has a wide range of FedRAMP High and DoD IL5-compliant services and a strong, existing working relationship with Coalfire.

The organization achieved FedRAMP audit-readiness with unprecedented speed thanks to the efficiencies of the AWS FedRAMP-ready cloud platform and Coalfire’s Accelerated Cloud Engineering (ACE) and Cloud Managed Services (CMS).

ACE simplifies the compliance process by utilizing pre-engineered, automated modules to develop secure, audit-ready cloud environments in as little as 60 days for up to 80% less than historical costs (see graphic below). Coalfire’s CMS manages an organization’s services within any given framework to keep them in compliance.

The engagement comprises four phases:

  1. Align and discover: Understand current application architecture and align on the design of the future state FedRAMP environment.
  2. Imprint and build: Build the environment based on the agreed-upon design and draft necessary compliance documents, including the system security plan.
  3. Test and validate: Test for FedRAMP compliance and application functionality
  4. Maintain and operate: Conduct necessary compliance- and patching-related activities to ensure ongoing availability and steady compliance adherence within the system.

RESULTS

In less than 90 days, the organization became FedRAMP audit-ready. Through the partnership with Coalfire and AWS, they confidently navigated the FedRAMP process and expedited the system build using ACE.

With Coalfire as the cloud engineering partner, the internal team could focus on more strategic initiatives. The organization realized savings of more than 50% on FedRAMP capital expenditure.

The organization will soon be ready to get their AI data platform in service to new customers. They made the right operational and risk management decisions to beat the competition, and are poised to confidently project new revenue generation.