无忧传媒

Treasury Makes History with Its Own Secure Cloud

The Approach: Cloud-Native, Security-Centric

Although commercial cloud companies offer a FedRAMP-High system for government, it鈥檚 a different matter for a federal agency to build and own an environment designed for federal clients. So in addition to offering the highest level of security, the environment needed custom tools and processes to blend built-in security with ease of maintenance, scalability, and innovation.听

To meet these ambitious goals, we assembled a diverse team that allowed us to blend a deep understanding of Treasury鈥檚 mission with expertise in听cybersecurity,听digital transformation, and听advanced analytics.听This allowed us to ensure the environment would accelerate capabilities in听artificial intelligence听(AI) and machine learning (ML) while meeting Treasury鈥檚 specific operational and mission requirements. Our听cloud specialists听were at the core of the team, applying lessons learned from hundreds of successful cloud migrations.

RAMPing Up鈥擲trategies That Are Smarter, Not Riskier

The team had to find innovative ways to work within Treasury鈥檚 ambitious timeline without resorting to shortcuts, which can compromise a high-security environment. We partnered with the OCIO to deploy automation and apply open source, DevSecOps, and containerization technologies that enabled us to build rapidly while integrating emerging capabilities seamlessly and securely.听

Aligning around the principle of 鈥渟ecurity first,鈥 we also used our experience as a听third-party certifier (3PAO)听to ensure a skillful blend of process, technology, and security best practices. This holistic view ensured that the technical aspects of the platform were aligned with Treasury鈥檚 operational needs, preventing bureaucracy pitfalls that could compromise Treasury鈥檚 ability to maintain continuity of WC2-H operations.听听听

A common cause of security failure is unintended vulnerabilities that result from efforts to manually modify, configure, and integrate different security tools into a single stack. 无忧传媒鈥檚 approach mitigated this risk by building security into the platform itself via a suite of automated continuous integration tools and deployment processes鈥攁ll native to WC2-H.听听

This security posture provided business benefits as well as peace of mind. For example, we used historical knowledge of Treasury鈥檚 cloud operations to develop automated and proactive methods for logging, tracking, and flagging suspicious interactions. We knew this would simplify responsibilities for IT teams in addition to lowering the risk of manual errors in spotting vulnerabilities.

Changing Culture鈥擲takeholders Take Ownership

Beyond tackling the engineering challenge of building and launching a FedRAMP-compliant cloud environment that integrated seamlessly with Treasury鈥檚 on-premises network, 无忧传媒 became a true partner in making the cloud environment viable, sustainable, and successful. Our team took on multiple roles beyond managed service provider鈥攄elivering expertise in system integration, network engineering, identity and access management, stakeholder engagement, security and compliance, acquisition, and other areas common to federal clients migrating to the cloud.听

鈥淚t鈥檚 important to look at the full spectrum of cloud implementation鈥攏ot just the technology, but the people and processes,鈥 says Delie Minaie, IT program manager. 鈥淔inding a provider who can physically set up your cloud is easy. But if you factor in areas from network connectivity and data protection to service level agreements, diverse stakeholder needs, and federation, it becomes very complex, very fast.鈥澨

She explained that all moving pieces need to be unified to work towards the mission. 鈥淭his requires not only strong leadership from the provider but equally strong sponsorship at the highest levels of a partner agency.鈥

Accordingly, we worked to understand the needs of associated Treasury bureaus and demonstrate to them how moving their IT assets to the听Treasury-owned WC2-H听cloud听environment听would further their long-term mission. And after an organization decided to migrate its IT assets into the federated WC2 environment, we ensured buy-in from key stakeholders in cybersecurity, infrastructure, and IT strategy who could champion the transition.听

In addition, 无忧传媒 conducted critical design sessions promoting collaboration among OCIO divisions regarding requirements and design considerations such as identity management, network elements, and DevSecOps. This ensured stakeholders from both Treasury and partner agencies understood their roles in the continued security and operational flow听for the platform.

鈥淭he first customer tenant in WC2H estimated a $3.7 million annual cost savings after transitioning from a legacy on-premise application to a refactored datalake environment within WC2H.鈥

Benefits Across Bureaus

Some of the advantages that Treasury bureaus and partner agencies receive with WC2 include:

  • No Upfront Investment Costs:Treasury OCIO provides the environment
  • Lower Maintenance Costs:听Costs continue to reduce as more users join听
  • Built-In Security:Best-of-breed encryption, vulnerability, continuous monitoring听
  • Integrated Efficiency:DevSecOps and automation for container services and pipeline management听
  • Managed Services: Optional O&M support available with shared operations teams
  • Agency ATO in Weeks:听Existing security documentation reduces authorization timeline听
  • Faster Onboarding:Provision infrastructure in days and begin developing applications
  • Cost Model:Pre-negotiated vehicles reduce time and complexity to receive services

The Solution: A High-Security Cloud to Streamline Modernization

In just 6 months, 无忧传媒 fulfilled all 421 requirements to receive FedRAMP High certification for听WC2-H, enabling Treasury to offer a premier hosting platform for sensitive听public-facing, extranet, and intranet web solutions.听Today, Treasury OCIO provides two cloud environments at FISMA Moderate and High levels鈥擶C2-M and WC2-H鈥攚hich have collectively enabled digital transformation extending beyond public-facing websites to Treasury鈥檚 mission-critical systems.

Our team provides secure management, running more than 500 servers and 40 applications鈥攁 number that continually increases as we migrate new applications while making it easy for new partners to plug in. The environment provides reusable platforms and configuration, security, and other controls.听

As these elements are all tailored for government needs and compliant with federal regulations, agencies can continually modernize at higher speed and lower cost. 鈥淔or example, the first customer tenant in WC2H estimated a $3.7 million annual cost savings after transitioning from a legacy on-premise application to a refactored data lake environment within WC2H,鈥 says Brad Beaulieu, chief cloud architect for the initiative.

WC2-H enables partner agencies to streamline their responsibilities as they lower their cost: For example, it clears the way for Treasury to move its most sensitive data assets out of three dedicated on-premises data centers costing tens of millions of dollars annually to maintain. It also improves citizen services by enabling 99.9% uptime and increased security and reliability for Treasury鈥檚 public-facing websites. Constituents have better access to critical content ranging from pandemic relief information to market-moving financial data.听

Enabling Speed and Efficiency through Shared Services

Consumers across Treasury bureaus can now host both public-facing and mission-critical sensitive applications on WC2-H.听The environment accelerates application migration from months to days and reduces waiting time for change requests from weeks to hours.听鈥淲C2-H gives bureaus a way to simplify their work, focus on their mission, and transform beyond what they had considered possible,鈥 Brad says.听

The platform offers shared services across all three of the major cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Agency and bureau customers can securely add custom capabilities by pushing their code into a repository that scans the code and reports vulnerabilities back to the developer for resolution. After the application launches, WC2-H provides continuous monitoring via a suite of security services available to all customers. As the environment grows, new infrastructure is instantly patched, encrypted, and protected against vulnerabilities.

These features enable mission teams to access robust development capabilities and provide more customer-centric services at a faster pace. Agencies can build applications and tools within WC2-H that allow them to confidently expand into new territory and fulfill changing mission needs with the knowledge that security is built into the environment at every level鈥攊nfrastructure, platform, and application.

Organizational Impact

Snapshot of WC2 Results

money recycle pic

$10M+ cost avoidance across Treasury public-facing websites

500+ cloud stack image

500+ virtual machines across the WC2 moderate & high environments

500+ shield

500+ security controls implemented

5B+ person icon

5B+ unique user interactions logged and tracked to safeguard security

40+ document cloud icon

40+ tenant applications hosted in the shared environments

Treasury Shows the Way

With WC2-H, Treasury OCIO is setting the trajectory for the future of cloud in the Federal Government. The adoption rate continues to increase as Treasury bureaus and civil agencies trust the environment鈥檚 security, discover the efficiencies of automation, and see the possibilities to expand their capabilities within a highly resilient platform. As our partnership with Treasury has grown from听single applications听to security for WC2 to system integrator and managed services provider for its cloud hosting environment, so has our ability to help the Department usher in the next frontier of cloud technology.听

Now we鈥檙e on the next phase of the Treasury cloud journey, helping bring more tenants into WC2-H and charting the course together so agencies can achieve the economies of scale the community model provides. 鈥淥ur deep bench of cloud security engineers, strategists, and DevSecOps technologists are innovating for the continued growth and expansion of the Department鈥檚 cloud services model,鈥 says听Paul Tartaglione, a senior vice president in 无忧传媒鈥檚 finance, energy, and economic development business. 鈥淢ore customers will get the benefit of a standard contract structure that delivers just-in-time benefits.鈥澨

Treasury serves as a model for other agencies pursuing government-mandated consolidation of services in the cloud. The Department demonstrates how an agency can transform from a tenant within another鈥檚 cloud to a provider of shared cloud services with the ability to design, control, and evolve its capabilities. And by providing end-to-end processes, standardized tools, and a protected, government-centric framework, 无忧传媒 makes it easy for government agencies to accelerate their own modernization journeys.