A Federal contractor developing air-to-surface missile systems for the DoD faced a challenge when it discovered precision issues in its targeting software. Since the missile systems are listed in the USML, the artifact, software, and associated data were subject to ITAR regulations. To continue fulfilling its contractual obligations, the contractor had to quickly address this problem, keeping ITAR compliance at the forefront. Its management decided that the best long-term solution was to acquire a firm specializing in software production. Consequently, they acquired a small 150-employee firm specializing in the research and development of targeting and guidance software systems. However, there was a disharmony between the two companies’ information systems. While the software development company used GitHub Enterprise Cloud to store its code repositories and data, the federal contractor relied entirely on AWS GovCloud.
This difference in platforms posed a challenge to the seamless processing, storage, availability, and transmission of data. After careful consideration, it was agreed that the software development company would migrate its operations to AWS GovCloud. This move aimed to harmonize the systems and ensure strict adherence to ITAR requirements. To facilitate this transition, Cleared Systems, an MSP, was contracted to unify the tenants into GovCloud.
Objectives
- Seamless Integration: Ensure smooth and efficient integration of the software development company’s operations into AWS GovCloud, aligning seamlessly with the Federal contractor’s existing environment.
- Leveraging GovCloud’s Features: Utilize the robust access controls, encryption standards, and activity logging features of GovCloud to achieve comprehensive visibility and auditing capabilities. This will facilitate the demonstration of ITAR compliance controls to oversight authorities.
- Strict Adherence to ITAR Regulations: Guarantee strict adherence to ITAR regulations throughout the migration and harmonization process, ensuring that all operations are compliant.
- Consistent Data Management Practices: Ensure consistent data management practices across the board, promoting interoperability between the software development company’s systems and AWS GovCloud.
Challenges To Migrating into AWS GovCloud
Data Security During Migration: The data involved in this migration was subject to ITAR, which demanded the highest security measures. This meant that even during the transit phase of the migration process, the data had to be safeguarded with utmost care. Ensuring the protection of this sensitive data while it was being moved from one environment to another posed a significant challenge. This task required a robust security strategy and meticulous execution to prevent potential breaches, thereby ensuring the integrity and confidentiality of the data at all times.
Application Re-architecture: A significant challenge was the need to re-architect and redesign some of the software development company’s applications. These applications were initially designed to run on on-premise data centers and thus required substantial modifications before they could be migrated to the cloud. This process involved integrating and reconfiguring networks and migrating storage to conform to the capabilities available in the public cloud. Ensuring the smooth transition of these applications without compromising their functionality or performance was a complex task.
Integration of Diverse Systems: The software development company and the Federal contractor had disparate information systems. Harmonizing and integrating them into the AWS GovCloud environment required meticulous planning and execution to ensure seamless operations.
Adapting people and processes: Migrating to AWS GovCloud required that employees adapt to new skills to use the new environment effectively. However, some employees were resistant to the change, limiting the effectiveness of the cloud adoption. It also could disrupt operational effectiveness as the federal contractor had to hire, train, and retain the appropriate talent.
Solutions
Data Classification
To ensure ITAR compliance, we used various tools and methods to classify a software company’s data. We then deployed automated data classification tools. The automated data classification helped identify ITAR-sensitive data, enabling the contractor to apply necessary security measures during migration. Accurate classification and labeling of data ensured ITAR-regulated data was properly managed in the new AWS GovCloud environment. This enhanced data security and enabled easy compliance reporting and auditing.
Comprehensive Assessment
After Classification, our team conducted an in-depth analysis of both companies’ systems, identifying ITAR-sensitive data and compliance gaps. This involved thoroughly examining the existing infrastructure, applications, and data, focusing on ITAR-sensitive information.
Migration Strategy
Acknowledging the Federal contractor’s decision to migrate the software development company’s operations to AWS GovCloud, we at Cleared Systems focused on facilitating this transition. We aimed at aligning the company’s operations with the Federal contractor’s environment, creating a unified, compliant, and efficient system that adheres to ITAR regulations. This strategy was crucial in ensuring a smooth migration process and maintaining ITAR compliance in the new environment.
Customized Migration Plan
We devised a meticulously planned migration strategy, which encompassed several vital steps:
- Data Segmentation and Encryption: Our team segregated ITAR-sensitive data and encrypted it in compliance with regulatory standards before migration. We used AWS native security tools like CloudHSM for encryption key management, data classification tools, and Amazon GuardDuty for threat detection.
- System Integration: Our team ensured seamless integration of the software development company’s systems into AWS GovCloud. This involved using Virtual Private Cloud (VPC) peering for secure network integration and AWS Data Migration Services (DMS) for schema conversion and migration.
- Security Implementation: Cleared Systems implemented rigorous security protocols, access controls, and encryption mechanisms to uphold ITAR compliance. We also designed a federated identity and access architecture through AWS Single Sign-on integrated with on-premise Active Directory (AD) for uniform user authentication.
- Testing and Validation: Our team executed rigorous testing and validation procedures to ensure seamless data processing, storage, and transmission within the unified environment while adhering to ITAR standards. This involved building a CI/CD pipeline using CodePipeline, CodeBuild, and CodeDeploy for automated application refactoring, testing, and deployment.
Post-Migration Support
After the migration, cleared systems provided ongoing support, fine-tuning the integrated environment and addressing any post-migration issues to maintain ITAR compliance. This included training and equipping employees with skills to utilize the new environment effectively
Results
Successful Migration and ITAR Compliance: The software development company successfully migrated its operations to AWS GovCloud while adhering to ITAR regulations. The new environment integrated smoothly with the Federal contractor’s systems, resulting in a unified, compliant, and efficient system. All ITAR-sensitive data was adequately secured, and strict adherence to ITAR regulations was maintained throughout the migration process.
Enhanced Security and Operational Efficiency: The federal contractor protected their ITAR-controlled data using AWS native security tools and rigorous security protocols. The CI/CD pipeline automated application deployment, refactoring, and testing, improving operational efficiency. Employee training ensured they adapted to the new environment, further enhancing operations.
Ready to navigate the complexities of ITAR compliance while propelling your mission-critical systems forward? Let’s harmonize your operations, ensure top-notch security, and unlock the potential of AWS GovCloud together. Elevate your standards; embrace seamless integration today!