Insights | Thirdera

Optimizing FedRAMP Authorization with Thirdera and ServiceNow

Written by Tommy LaMonte | Jul 18, 2022 4:13:47 PM

This global enterprise software company empowers its clients to manage content and information, both on-premises and in the cloud. One of the company’s primary offerings is helping organizations, including government agencies, embrace the cloud for their enterprise information systems to deliver personalized, secure experiences to the users and citizens they support.

 

 

In order to open up additional opportunities supporting US federal agencies, cloud service providers must meet the security requirements laid out by the Federal Risk and Authorization Management Program (FedRAMP). With guidance from Thirdera, the software company created an entirely new environment to support this authorization. A range of ServiceNow solutions were used to support the new AWS cloud environment, in order to create a secure and standardized cloud offering that offers a consistent and auditable level of protection for sensitive data. ServiceNow allows for not only compliance monitoring, but also ensures the environment is kept running and secure at all times. 

 

Company Profile

Size: 10,000+ employees      |     Industry: Technology   |     Location: Canada

 

Key Challenges

To support its U.S. government clients, the enterprise software company needed to obtain a FedRAMP moderate authorization. Earning this authorization involves a range of steps designed to ensure a software company’s cloud service offerings (CSOs) meet federal security requirements. 




Align to NIST 800-53, a moderate baseline catalog of over 600 controls that outline the requirements needed to protect operations from a wide range of security threats.

Security across the company’s cloud platform needed to be effectively managed, while FedRAMP controls needed to be developed, maintained, and continuously monitored.

Support the FedRAMP authorization journey and new environment with minimal increase to headcount.

With many federal government agencies now adopting cloud services, it’s vital that any private company they partner with demonstrate its ability to protect sensitive federal information. FedRAMP encourages U.S. government agencies to adopt secure cloud services, offering a standardized approach to security assessments for software companies providing cloud services.

The software company needed to obtain FedRAMP authorization in order to ensure federal agencies can use its cloud service offerings. To achieve this authorization and improve its overall security posture, the software company turned to the combined power of ServiceNow and Thirdera to optimize the management of their new government AWS Cloud environment and FedRAMP authorization.

 

Our Solution

The software company enlisted Thirdera to implement a range of ServiceNow solutions because of our vast experience in implementing and supporting clients in FedRAMP environments. Thirdera’s demonstrated expertise in security and compliance practices enabled the software company to achieve the enhanced level of security and monitoring required for FedRAMP authorization. This, combined with our capabilities across the full ServiceNow portfolio, made us the obvious choice as a long-term partner to support and advise the software company on how to elevate its services to federal agencies transitioning to the cloud.  




The Result

Security
Thirdera deployed a range of ServiceNow solutions that work together to enable the company to provide secure, FedRAMP-authorized cloud services. 

Reportable

Automated compliance monitoring enables the continuous monitoring and assessment of the company’s cloud environment—a key requirement for reporting on FedRAMP authorization.

Reliability
Issues can be identified and resolved in real-time, allowing for consistent and reliable services.  

Resiliency
Real-time risk monitoring allows for informed decisions that minimize disruptions and promote business resilience.

Efficiency
By using ServiceNow solutions to automate information security, IT, compliance, customer service management, the fedRAMP authorization process and support could be achieved without the need for significant staffing additions.


To meet FedRAMP compliance requirements, Thirdera implemented several ServiceNow solutions to automate many of the activities required to secure and support the new environment. ServiceNow IT Operations Management (ITOM) Discovery and Event Management helps inventory assets and identify and solve issues within the FedRAMP environment. This allows downtime to either be predicted or prevented entirely, helping maintain a high level of service at all times while having an up-to-date inventory of the cloud infrastructure supporting those services.

ServiceNow Security Incident Response (SIR) was implemented with integration to Splunk to offer a central platform to manage security threats via a virtual command center. It minimizes risk and maximizes efficiency by automatically creating and prioritizing incidents, selecting playbooks, and providing robust reporting for consistent containment and resolution of security incidents.

Finally, Thirdera implemented Continuous Authorization and Monitoring (CAM)—part of ServiceNow's broader Integrated Risk Management (IRM) suite of tools. With this solution, the software company can automate compliance monitoring and easily provide required reports to their agencies, such as asset inventories, vulnerability scan reports using Qualys and Prisma Cloud, and track and report on PO&AMs across the environment. Additionally, leveraging the ongoing support of Thirdera, the company has a roadmap to increase automated continuous monitoring using indications and automate the generation of sections of their SSP.

Thirdera successfully met the aggressive implementation timeline required to support the process of FedRAMP authorization and created a centralized means to manage the customer’s entire government cloud environment. As a result, with minimal additional headcount, continuous monitoring of compliance was achieved. In addition, providing reports with information from Security Information and Event Management (SIEM) tools, vulnerability scanners, operational events, and AWS Cloud Inventory was automated. This resulted in the efficient management, security, and compliance of the new FedRAMP environment.

 

About Thirdera

The largest pure-play ServiceNow partner in North America, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.

Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.