“The Evident Security Platform (ESP) and the NIST Compliance Report provides practitioners, executives and auditors the information they need to manage and demonstrate compliance,” said the Principal Security Systems Engineer at a global Collaborative Software Company. “Having the ability to drill down from a compliance report to a control and then down to the actual risks in a clear and easily understandable way gives 3rd parties confidence in our security management practices.”
Collaborative Software Company achieves NIST 800-53 Compliance and adopts GovCloud
The Security Team of a large Collaborative Software Company engages Evident.io and our Evident Security Platform (ESP) to become FedRAMP ready.
A leading provider of modern communication and collaboration solutions for business, including a suite of collaboration software and an intranet back-end, offering powerful technology that helps employees, partners and customers work better together.
Strategically, the organization sees a very big opportunity to sell to Federal entities. To utilize IaaS in public cloud for sensitive workloads, organizations have to be compliant with US regulations, and unfortunately there are limited options. GovCloud is one such solution that provides all the benefits of the public cloud, with the security certifications and requirements that make continuous compliance possible.
In order to sell to Federal entities, the collaborative Software company needed to be FedRAMP ready, and Evident.io is a crucial partner to enable them to accomplish this.
The first step for the Collaborative Software Company was FedRAMP certification. The security team and operations teams leveraged the Evident Security Platform (ESP) as a tool to help them achieve this. As a federal solutions provider, they have a true understanding and appreciation of the automated compliance capabilities that come out of the box with ESP. With ESP they were able to extend their infrastructure into AWS GovCloud, reduce the manual effort required to achieve insights into their security vulnerabilities and achieve compliance with NIST 800-53. ESP’s one-button compliance reports that indicate pass/fail status for all of the testable infrastructure controls, save the organization time and money in validating compliance and providing evidence for auditors.
ESP provided security visibility for what the Collaborative Software Company configured “in” the cloud by consuming all of Amazon’s APIs. ESP alerts them of configuration changes and policy violation and provides a path to remediation; Continuous monitoring and alerting. ESP helped the security team leading their FedRAMP initiative to migrate securely to GovCloud and become compliant with regard to the AWS shared services model, CIS AWS Security Best Practices and NIST 800-53 by automating the exposure and remediation of vulnerabilities in AWS. ESP also offered the flexibility to develop custom signatures to be alerted on the organization’s specific risks as well as support for AWS GovCloud.
“What we do would be impossible without Evident.io” – Principle Architect for FedRAMP compliance at Collaborative Software Company “at the very least, it would be difficult, [and] expensive to develop on our own”.
To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.
You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.
About this ESP @ Work blog series
ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.