The challenge
The General Services Administration (GSA) is a branch of the U.S. government that supports critical day-to-day operations for dozens of federal agencies. Their work includes technical support and cybersecurity, a job that has become even more crucial as the number of cyberattacks continue to increase, worldwide. Facing a rising tide of threats, the GSA partnered with CDW to move their organization into a more agile security system in the AWS Cloud — and to empower their team to run it. Here is how CDW Helped the GSA Unlock the Power of the AWS Cloud.
The solution
Since the GSA operated under a traditional staffing model, CDW’s first step involved creating playbooks for DevSecOps and continuous integration/continuous delivery (CI/ CD) that would empower the GSA’s teams to deploy new apps efficiently. CDW also improved overall platform capabilities by providing tooling that the GSA’s application teams could easily integrate—instead of rebuilding. And to ensure that the GSA could take full ownership of the project, the CDW team developed an assessment method to identify the level of adoption by various teams and propose guidelines for improvement.
To protect the GSA from vulnerabilities caused by human error, CDW built automation into the agency’s day-to-day operations and applications. That means that agency employees can work smarter while staying secure. As part of their DevSecOps model, CDW helped the GSA deploy a CI/CD pipeline for Kubernetes deployments using a GitOps style, which allowed the teams to release rapidly. CDW also set up a CI/CD pipeline for infrastructure building and security scanning. With the software development process now automated, GSA developers can quickly and seamlessly update applications and run new code, while being confident that the system is completely secure.
For the first year that the GSA operated in their new cloud environment, the CDW team reviewed process documentation from all the GSA’s departments and conducted interviews with staff to identify pain points and understand how operations were flowing within the organization. Then, using their human-centered design expertise, the CDW team proposed security enhancements with both the agency’s and the end-users’ needs in mind. This regular review process not only ensured systems stayed up to date, but also increased awareness among GSA team members about the GSA’s Standard Operating Procedures — which led to greater fidelity and compliance overall.
Outcomes
Since deploying their cloud-based security system in 2019, the GSA has reduced its security risk overall and consistently come in under budget for cybersecurity expenses. In addition, thanks to the training and support from CDW, the GSA team feels confident in their ability to evolve their cybersecurity protocols, keeping their systems — and the systems of partner agencies — safe from malicious intruders.
