CASE STUDY
How Nuix Expanded Into the U.S. Federal Government With FedRAMP Ready
As an Australian-based company, Nuix uncovered a gap in their knowledge of the U.S. Federal Risk and Authorization Management Program (FedRAMP) and identified the need for Amazon Web Services (AWS) engineering support to ensure their SaaS offering would be FedRAMP compliant.
About Nuix
Nuix is a leading provider of investigative analytics and intelligence software that empowers organizations to be a force for good by finding truth in the digital world. Nuix helps customers collect, process and review massive amounts of structured and unstructured data, making it searchable and actionable at scale and speed, and with forensic accuracy. Users rely on Nuix software to assist with challenges like criminal investigations, data privacy, eDiscovery, regulatory compliance, and insider threats.
The Challenge
Nuix, a leading provider of investigative analytics and intelligence software based in Australia, wanted to expand their presence in the U.S. public sector market. They uncovered a gap in their knowledge of the U.S. Federal Risk and Authorization Management Program (FedRAMP) and identified the need for engineering support to ensure their SaaS offering would be FedRAMP compliant.
The Solution
The company selected Aquia to provide Amazon Web Services (AWS) engineering and security support to develop and deploy a FedRAMP High compliant cloud platform in which Nuix could deploy their “Discover for Government” SaaS solution.
The Results
Meeting the scope of the agreement on budget and in advance of the deadline, Nuix achieved a FedRAMP High “Ready” status.
Nuix, a leading provider of investigative analytics and intelligence software, provides organizations across the globe with cybersecurity and electronic discovery (eDiscovery) solutions. Nuix’s eDiscovery solutions are primarily utilized in the government, law enforcement, and legal services sectors.
Based in Australia, the company faced a significant hurdle in expanding its presence in the United States public sector due to the requirement that all cloud service providers (CSPs) that want to work with the U.S. government must be FedRAMP authorized. In addition, the company has been growing rapidly, necessitating additional engineering support.
Recognizing the need for FedRAMP-specific cloud security and compliance expertise, the company commissioned Aquia to streamline its journey to FedRAMP Ready status at the FedRAMP High level for its “Discover for Government” solution.
Developing and Deploying a FedRAMP-Compliant Cloud Platform
FedRAMP High is the most stringent level of the three FedRAMP security baselines, and is intended for systems managing high-impact data such as classified information. This level demands an extensive set of security controls to protect against sophisticated and persistent cyber threats. Nuix knew that identifying the right support and resources would be critical to its success in achieving a FedRAMP authorization to operate (ATO) at that level.
Working with Aquia and DataLock Consulting Group, Aquia’s third-party assessment organization (3PAO) partner, Nuix received customized FedRAMP support that met them where they were. The team began by conducting a gap analysis, where they performed a deep dive of the technical requirements and took time to understand the organizational structure. This allowed the team to identify an efficient and compliant architecture that could support Nuix’s global presence. Next, the team conducted an analysis of Nuix’s technical controls against the FedRAMP baseline of controls to identify any gaps in implementation and develop all remediation actions associated with each gap.
Aquia went on to develop a FedRAMP High architecture that would meet Nuix’s requirements, including the use of only FedRAMP High cloud services that could be utilized in other environments across the globe and an architecture that would also meet the requirements of the Information Security Registered Assessor Program (IRAP). Once the architecture was finalized, Aquia developed all required infrastructure as code (IaC) to deploy a compliant cloud platform in which Nuix could deploy their Discover for Government solution. At Aquia’s recommendation, and based on their internal team’s knowledge, Nuix decided to deploy their solution on AWS. With a majority of FedRAMP SaaS products hosted on AWS and Aquia’s deep expertise as an AWS Advanced Tier partner, this was an easy choice for the team.
Working jointly with the team, Aquia developed all required documentation, including the system security plan (SSP), policies and procedures, and all ancillary documentation. Passionate about upskilling and knowledge-sharing, Aquia also trained the appropriate stakeholders on how to maintain compliance with control requirements and supported the development of a robust continuous monitoring (ConMon) program.
The project was completed ahead of schedule and on budget, with Nuix achieving a FedRAMP High “Ready” status. This status indicates to agencies that Nuix can meet several of the baseline FedRAMP criteria and allows it to be listed on the FedRAMP Marketplace.
Request a consultation with our Zero to FedRAMP team
We’re in good company.
Subscribe to Our Newsletter
Sign up to receive news and updates from experts on the ever-changing cybersecurity threat landscape.