This past year, Effectual’s Modernization Engineers partnered with specialized R&D firm Galois to support the launch of DARPA’s first public bug bounty program – Finding Exploits to Thwart Tampering (FETT). The project represents a highly unique use case showcasing Effectual’s application expertise, and was approved this week to be featured on the AWS Partner Network (APN) Blog.
Authored by Effectual Cloud Architect Kurt Hopfer, the blog will reach both AWS customers and technologists interested in learning how to solve complex technical challenges and accelerate innovation using AWS services.
Read the full post on the AWS APN Blog
In 2017, the Defense Advanced Research Projects Agency (DARPA) engaged research and development firm Galois Galois to lead the BESSPIN project (Balancing Evaluation of System Security Properties with Industrial Needs) as part of its System Security Integrated through Hardware and Firmware (SSITH) program.
The objective was to develop tools and techniques to measure the effectiveness of SSITH hardware security architectures, as well as to establish a set of “baseline” Government Furnished Equipment (GFE) systems-on-chip (SoCs) without hardware security enhancements.
While Galois’s initial work on BESSPIN was carried out entirely using on-premises FPGA resources, the pain points of scaling out to a secure, widely-available bug bounty program soon emerged.
It was clear that researchers needed to be able to stress test SSITH hardware platforms without having to acquire their own dedicated hardware and infrastructure. Galois leveraged Amazon EC2 F1 instances to scale infrastructure, increase efficiencies, and accelerate FPGA development.
Learn more –>
When flooding took out the New York data center of the national nonprofit, SEIU, the organization found a need to act on a move to the AWS cloud.
Through third-party and cloud-native tools, we provided the infrastructure, resources, and products necessary to efficiently migrate workloads.
The national nonprofit serves branches of the organization with centralized IT based out of its New York offices. When NYC was hit by Hurricane Sandy in 2012, it led to flooding of the organization’s data center, housed in the basement of the building. The resulting outage took a week to recover from. The nonprofit needed a cloud-based backup solution to ensure that it could be prepared against future disasters.
We began with an assessment of the organization’s data center posture, then created a migration plan and proposed architecture to support the nonprofit moving forward in AWS. We configured VPCs, subnets, networking, and configured access policies. We also connected a third-party disaster recovery service to ensure consistent synching of information between on-premises and cloud servers.
Piece of Mind
After going without its critical IT infrastructure for a week, the nonprofit had confidence its cloud infrastructure would be highly available.
The AWS infrastructure included VPN connectivity to the on-premises network in order to replicate Active Directory and SQL databases to ensure ongoing operations.
In addition to an initial VPN connection, our team configured remote VPN connectivity from field offices in seven east coast cities to ensure all users could access the environment in the event of a failure.
Effectual worked with a federal government customer to provide information for local land-use and emergency response planning to avoid development in hazardous zones and to plan evacuation routes to communities along low-lying coastlines vulnerable to tsunamis.
The customer looked to our team to quickly and effectively move their public-facing web applications and internal applications to the AWS cloud to ensure resiliency, availability, and real time logging of tsunamis.
We implemented a solution comprised of Amazon CloudWatch, AWS CloudTrail, Alarms, and Serverless Storage. This ensured the clients ability to collect data to help scientists understand tsunamis through their application to develop how to most effectively improve preparedness and response to tsunamis.
We implemented Amazon CloudWatch to schedule data collection that self-triggers when a tsunami is detected.
By implementing AWS CloudTrail the client was able to easily access tsunami data to help scientists understand the sources of local tsunamis so that the impacts of future events may be mitigated.
Real Time Logging
Our team set up serverless storage to collect data from these seismic networks to process key components in the impact of tsunamis.
This Federal Government customer looked to our team to migrate its on-premises infrastructure to a serverless infrastructure on AWS. The client was in need of a centralized data catalog, management solution for users, and data access for environmental issues.
We supported the client with a serverless solution that consisted of Amazon API Gateway, Amazon Cognito User Pools, AWS Lambda, and AWS Step Functions. This ensured the customer’s ability to make high-volume, complex data accessible to stakeholders, policymakers, and managers to facilitate data-driven conversations about environmental issues in a secure setting.
Our team implemented API Gateway to handle the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls to process any surge of traffic on its website.
Wey implemented AWS Cognito User Pools for control over user authentication and user access for the website. This allowed for secure token handling and management of authenticated users from all identity providers.
We implemented Lambda functions to run code in a serverless environment and process its large data sets related to environmental issues. The client was able to reduce cost by 80%.
RFD & Associates, Inc., is an IT Technical Services Company with over 30 years of experience delivering IT solutions to public and private sector clients.
RFD delivers solutions from Mainframe to Mobile and everything inbetween. They have helped hundreds of organizations design, build, purchase and implement optimal technology solutions to achieve business goals. RFD needed help designing and developing a scalable, Amazon Web Services (AWS) cloud hosted, multi-tenant web and mobile friendly application. The proposed solution had a requirement to integrate with external APIs to ensure flexibility for future enhancements and integration with third-party tools. The application was also required to be compliant with Personally Identifiable Information (PII) and the U.S. Health Insurance Portability and Accountability Act (HIPAA) security.
Effectual Provided Guidance in the following areas
- AWS design and architectural services to include making RFD’s multi-tenant hosting environment PII/HIPAA compliant
- Provided AWS Training and best practices guidance on how to leverage AWS resources
- Assisted in helping RFD achieve its defined goals:
- Identify the challenges presented in third-party hosting of AWS.
- Evaluate the use of cloud services to meet RFD business and technical requirements.
- Determine portable containerization services.
- Evaluate architectural decisions in AWS Commercial and GovCloud Regions.
A four-phased approach was developed to implement an AWS hosted environment for RFD:
- Phase 1: Discovery, AWS Service Selection, and PII/HIPAA Security Requirements Determination.
- Phase 2: AWS Foundation Build. Provisioned appropriate environments and access; established AWS accounts
- Phase 3: AWS Service Build. Provisioned AWS services to include: EC2, Route53, S3, WAF, etc.
- Phase 4: Process Documentation and Environment Review. Created AWS documentation of resources and provided reports on overall solution, security and cost.
We configured EC2 instances that are PII/HIPAA compliant ensuring adequate capacity to meet traffic demands and compute capacity. In addition, we implemented automated launch configurations to allow RFD to quickly launch and/or scale application severs in target environments in the future.
Security & Compliance
The implementation of AWS Compute, Storage, and PII and HIPAA compliant Database services to ensure the security of sensitive data used in the environment.
To maximize the functionality of many services, AWS CloudWatch was configured to help RFD set thresholds/alarms to monitor custom metrics for auto-scaling needs.