As a leading strategic partner to governments across the globe, 马克西姆斯 helps improve the delivery of public services amid complex technology, 健康, 经济, 环境, 社会挑战. With a deep underst和ing of program service delivery, acute insights that achieve operational excellence, 和 an extensive awareness of the needs of the people being served, our employees advance the critical missions of our partners. 马克西姆斯 delivers innovative business process management, impactful consulting services, 和 technology solutions that provide improved outcomes for the public 和 higher levels of productivity 和 efficiency of government-sponsored programs.
马克西姆斯’ key challenge was enforcing st和ards 和 ensuring consistency across all public cloud environments. The company has more than 200 AWS 账户 under management, 和 its Azure presence is also growing. It is critical for the organization to have visibility into the many projects spanning AWS 和 Azure, 和 that all technical 支持 teams, 一直到c级领导, are aware of the compliance status across the enterprise.
马克西姆斯 looked for a solution that would enable it to:
为了应对这些挑战, 马克西姆斯 implemented InsightCloudSec, Rapid7’s cloud risk 和 compliance solution. Rapid7 worked with 马克西姆斯 to customize the product release to meet their compliance requirements. As a result, the total compliance score across 马克西姆斯’ multi-cloud environment increased.
马克西姆斯 has two models for 支持ing its hundreds of AWS 和 Azure projects:
马克西姆斯’ security architecture team, which reports directly to the 独联体O, identifies the cloud st和ards. “Our goal is to ensure that our st和ards are being followed 和 environments, 账户, 资源是兼容的,Jon Powers说道。, Senior 经理 of Security Architecture. But enforcing st和ards across the entire enterprise with hundreds of AWS 账户 和 Azure subscriptions 和 different 支持 models was very challenging.
Bridgeman’s CCoE team operates within the Office of the CIO. It is responsible for enforcing all written compliance 和 security st和ards in an automated way to enable the project teams to move securely with speed. They have implemented 和 enforced their internal security st和ards 和 st和ards from industry frameworks like NIST 800-53, 独联体, 和AWS基础知识.
“Written st和ards are difficult to consume when you need to build AWS 和 Azure infrastructure resources quickly, with different tools 和 automation across the enterprise,布里奇曼解释道. “We were trying to do it through AWS native tooling, primarily AWS Config, but it had limitations. 和 it didn’t allow us to enforce auto-remediation the way we can take action with InsightCloudSec today.”
As Bridgeman explains, 马克西姆斯 didn’t want to build their own solution. They chose Rapid7 because it provided all the functionality they required, including:
Ultimately, Bridgeman cites ease-of-use as the deciding factor in selecting Rapid7 InsightCloudSec. “Not only can Rapid7’s cloud solution easily scale, but Rapid7’s GUI means that less experienced technical 支持 folks can navigate it. 和 the ability of InsightCloudSec to integrate with Splunk allows us to enrich our data 和 display it in consumable dashboards for Security, IT, 项目所有者.”
Rapid7 has had a positive impact on 马克西姆斯’ security environment. It’s unified their security st和ards in a consistent way, across all AWS 和 Azure 账户. 马克西姆斯 has already begun using auto-remediation bots where needed (where remediation steps weren’t being taken by the account owner themselves). 和, Bridgeman says that Rapid7 has provided them a more holistic view of what their compliance looks like—across their entire footprint.
Today, 马克西姆斯’ Amazon Web 服务 (Corporate Master Payer Account) is:
“Perhaps the most important success story is the simple fact that with Rapid7 we now have a tool that we can trust,布里奇曼说. “We trust the data that InsightCloudSec is providing. That confidence has in turn given the account owners across 马克西姆斯 和 our different business divisions more confidence in the recommendations that we’re presenting them. One of the problems we had before is it was always, ‘Oh, it’s a false positive. 继续前进.但是现在, we’re actually able to provide a bit more data around the findings, 这是真的, 真的很有帮助.”
“Rapid7 has definitely decreased our risk 和 brought us to a much more consistent state where everybody is working from the same page 和 are very aware of the st和ards. They have visibility into it. They know that InsightCloudSec is monitoring compliance,” concludes Bridgeman.
Not only has the total compliance score under their Corporate Master Payer Account improved, but guardrails are now enforced through automation, reducing the volume of non-compliant resources. 资源 which are built in a non-compliant way are automatically remediated, 禁用, 删除, 或标记.
“We now have people building more compliant resources. 和,they’re taking action on the non-compliant resources much quicker because they’re getting alerted 和 notified. We have much better visibility into the environments, 和 we can now pass that up the ladder to our executive leadership.
最大的收获? Perhaps that the security posture of 马克西姆斯 aligns with the firm’s strategic growth pillars–elevating the customer experience. 换句话说, they’re achieving higher satisfaction levels, 表演, 和 outcomes through intelligent automation 和 cognitive computing.