Supporting the extensive amount of Immigration data throughout DHS is a difficult task where dozens of agencies depend on the accuracy and availability of the data to conduct national immigration policy. Protection of personal information, legal proceedings, court data, costs, and status is paramount for the data being managed within DHS. Ensuring the data maintains the level of security necessary while simultaneously having to modernize to support the ever-growing demand for the data in support of business intelligence requests put the legacy system into a support and performance bottleneck. Change was needed fast.
Our approach to this problem was multi-tiered but for this case study we are looking that the management of resources and components that make up the architecture necessary to support a secure, continuously operating environment. As is typical in many systems where ATO are required, the Immigration data services were no different. However, the legacy architecture issues were such that a new cloud-based approach had to be undertaken requiring a complete reassessment of security for the new solution. Sevatec worked with the Security group and other management stakeholders to develop component resources that had been hardened against cyber-attacks and verified to by incompliance with defined security mandates and policies.
This led to the development on managed resources for infrastructure such as OS AMIs used within cloud virtual server instances, specialize configurations of server environments with applied hardening techniques, customized server instance configurations that supported new system functionality, and cloud service platform (data storage, data management, streaming, security, load balancing, etc.) configurations based on defined policy requirements. All of these resources were then stored in approved cloud environments using access controls that ensured users could not choose non-approved or verified components when building out cloud services to support immigration mission objectives. In addition, Sevatec employed our DevSecOps pipeline configurations with embedded security scanning, penetration testing, security inspections, and quality controls, along with pre-defined container configurations that enforced controls on the deployment systems proving to security administrators that the entire process from infrastructure to deployed product was secured continuously.
- Continuous ATO: Sevatec successfully developed a continuous ATO enterprise, which eliminated the need to reassess and reauthorize the system and reduced overall costs and schedule of delivery to end-users.
- Secure and Faster Delivery: By utilizing pre-configured, hardened, and inspected components from a governed resource repository, Sevatec accelerated software delivery and removed bottlenecks to deliver capabilities faster.
- Automated Security Controls: Sevatec’s DevSecOps pipeline configurations embedded automated security controls, penetration testing, and pre-defined container configurations that minimized defects and provided continuous insights.