The security sphere has grown to encompass a wide assortment issues and concerns. While businesses still need to be on the lookout for hackers and similar threats, corporate security postures must also address elements such as compliance, data privacy, and third-party risk management. And with more enterprises shifting workloads to the cloud, those security concerns are becoming even more nuanced—and important.

In some cases, on-prem environments grew organically, with little structure around security and a mishmash of tools and systems. Companies often relied on consultants to keep their traditional networks going, but those vendors don’t always have enough familiarity with cloud technology to maintain adequate security. Even skilled CISOs sometimes lack the experience to ensure compliance in the cloud.

As businesses increasingly look to the benefits of AWS, these long-standing gaps in security may not have presented immediate concern in the on-prem world, but they represent significant areas of risk in a cloud environment.

DIY security just can’t keep up

For many years, companies were able to manage security on their own. But in today’s highly dynamic threat environment, that’s no longer realistic (or prudent). Attack vectors change so quickly that it’s nearly impossible to stay ahead of vulnerabilities, whether they’re deliberate intrusions or exposures that result from negligence or oversight. The shift to cloud only increases the risks.

Not only is it difficult for internal employees to stay abreast of the latest threats, it’s also more challenging to staff a fully functional cloud security team. There are too many disciplines and areas of expertise needed to effectively protect even the simplest environments. But the dangers of trying to DIY a security strategy in the cloud don’t end there, because not only do inadequate security measures leave your business open to attack, they could also put you out of compliance.

The growing complexities of compliance

Companies migrating to AWS need visibility into a broad array of potential security concerns, and compliance is at the top of the list. From financial services to healthcare, retail to manufacturing, more types of businesses are subject to compliance guidelines than ever before.

  • CMMC
  • GDPR
  • GxP
  • ISO
  • SOC 2

Small companies—a segment that historically has been less impacted by compliance—are also under increasing regulatory oversight. And we’re seeing more businesses working within multiple frameworks rather than just one. This significantly elevates the complexity factor, particularly when migrating to AWS or scaling workloads on the platform. An inadequate security strategy could put your organization out of compliance, leading to a cascade of serious problems.

Uncover vulnerabilities with a deep-dive assessment

Because security and compliance issues are top priorities for businesses on AWS, Cloudnexa offers a comprehensive assessment to uncover gaps in your current measures and practices. If you’re already on AWS, our experts can help you bolster the protections around your AWS environment and enable you to scale your workloads securely. If your business is planning to migrate to AWS, we’ll work with you to develop a security roadmap that ensures continuity of compliance as your digital transformation unfolds.

As part of our assessment, we partner with Trend Micro and Alert Logic to scan your AWS environment, generate a Center for Internet Security (CIS) benchmark report, and evaluate the findings. Widely recognized as the standard in security hardening and using industry best practices as its foundation, the CIS benchmark process empowers your business with insight into your security state. We’ll then work with you to analyze the results and identify areas of risk as well as opportunities to improve security.

Cloudnexa’s experts also work alongside your team to review your security posture against the compliance frameworks that apply to your business. Using our deep knowledge of AWS security and compliance practices and requirements, and we’re able to offer experienced guidance to help assess which measures will be most effective in moving you toward your ideal security state.

Set your AWS environment up for success with a security assessment

For businesses already working in an AWS environment, it’s important to identify any gaps that may be lurking so you can take steps to remediate them before an exposure occurs. And if you’ve experienced a breach, now is the time to review your security posture and implement improvement actions.

Connect with our team to see how a security assessment can help you spot gaps, mitigate risk areas, take effective actions to improve security, and ensure you remain compliant as you reap the benefits of AWS.

The U.S. government’s pursuit of digital transformation initiatives creates valuable new opportunities for SaaS providers. NASA’s Jet Propulsion Laboratory (JPL), for example, now leverages AWS GovCloud for workloads and data analytics to support Mars missions.

But ISVs that want to sell to government agencies, contractors, and other institutions through GovCloud must first meet a complex array of compliance requirements. Navigating these barriers to entry is its own challenge, with few resources available to explain the various steps and prerequisites. Fortunately, our team of experts offers an AWS GovCloud assessment to help you understand the mandates that apply to your business and the actions that will enable you to ensure compliance as you prepare to launch on GovCloud.

Compliance is front and center on AWS GovCloud

Numerous compliance stipulations may apply to GovCloud sellers depending on the type of technology and the intended customer(s). Without diligent preparation, your company might not have the necessary qualifications, credentials, or validated data to pass the platform’s audit process to provide products and services.

Simply understanding the various compliance frameworks can be tricky and many sellers need to follow more than one. Some of the programs supported on AWS GovCloud include:

  • Federal Risk and Authorization Management Program (FedRAMP)
  • Cybersecurity Maturity Model Certification (CMMC)
  • Federal Information Processing Standard (FIPS) Publication 140-2

Identifying which you need to meet—and the processes involved in fulfilling the requirements of each—is often difficult without experienced guidance.

Before your business sets a strategy to launch on GovCloud, it’s important to know where you stand. Some sellers aren’t required to be FedRAMP compliant with a completed audit under their belt. It’s possible that you only need to be FedRAMP ready. However, mistakes and misunderstandings can sink your chances of entering the GovCloud market, and identifying the necessary action steps is key to success.

Know your AWS GovCloud boundaries

Deployments on GovCloud must also follow stringent rules on boundaries, a concept that largely doesn’t exist outside this unique and highly regulated platform. They aren’t always well understood and it’s easy to misinterpret what the boundaries mean for technology development. This can be particularly problematic for ISVs accustomed to the structure of the standard AWS Marketplace environment.

In GovCloud, your technology must remain within the boundaries of a compliant architecture. In addition, services (including all supporting services, which may encompass dozens of apps) generally need to be audited and accepted into the AWS FedRAMP framework before your technology can leverage them.

The boundaries in AWS GovCloud elevate the complexity of selling on the platform, since most commercial cloud services don’t meet FedRAMP requirements. This creates big hurdles for SaaS vendors that haven’t fully vetted their technologies to ensure compliance. Properly architecting your technology to abide by the boundary limitations can be among the riskiest and most problematic elements of deploying on GovCloud.

Prepare for the move with an AWS GovCloud assessment

Given the complex nature of GovCloud deployments and the sometimes intricate measures necessary for compliance—along with the high risk factor if your registration to sell on the platform should fail—it’s vital that you have the necessary pieces in place ahead of time. The Cloudnexa team has deep experience in GovCloud and its compliance requirements. We can help you understand which mandates apply, how they will influence your strategy, and the best actions to prepare.

From findings to action, we can help you make your AWS GovCloud strategy a success

An AWS GovCloud assessment, complete with a compliance and security analysis, will show you where gaps exist, and where your architecture may need adjustments to align with the applicable compliance frameworks. We will deliver the insights you need to proactively identify and mitigate these risks and remediate architecture missteps. Our assessment covers staffing, technology, operations, and financial vulnerabilities, too, all of which can represent significant hurdles to deployment. You’ll have the opportunity to address issues and reduce the risk of non-compliance, giving you confidence in your readiness to succeed on GovCloud.

Accelerate your journey to AWS GovCloud with a thorough pre-deployment assessment. The financial and reputational stakes are high, but the rewards of achieving compliance and connecting with GovCloud customers can be even higher. The Cloudnexa team has the experience and expertise to help you assess your operations, identify gaps and potential vulnerabilities, and craft a roadmap with the right actions to make your launch on GovCloud a success. Contact Cloudnexa for a tailored assessment today and put your business on solid ground for the move to GovCloud.

NEWTOWN SQUARE, PA. – MARCH 11, 2022 – Cloudnexa, a Premier Amazon Web Service (AWS) partner, welcomes Jon Hossfeld as their new AWS director of strategic alliances. Jon was formerly an AWS enterprise account executive for four years and was previously with Microsoft, Comcast, and Verizon.

When asked how he feels about joining Cloudnexa, Jon said, “Cloudnexa is a long-standing AWS Premier Partner with a proven track record of helping customers through their cloud adoption journey. I am excited to be joining this rapidly expanding organization to help customers realize the benefits of cloud computing and harness the power of the AWS platform.”

As the new AWS director of strategic alliances, Jon will manage the AWS relationship and ecosystem including programs and expansion opportunities. Jon will work closely with the AWS management and field teams on enablement programs, go-to-market strategies, and sales opportunities.

Commenting on Jon’s new position, VP of Sales Shane Eliason said, “I’m excited about the value and AWS experience that Jon brings and the growth opportunities this enables for us to take things to the next level.”

About Cloudnexa
Cloudnexa is a leading AWS partner since 2008 and a Premier Consulting Partner since 2013 with operations out of Philadelphia, Honolulu, and Salt Lake City. Cloudnexa has continually innovated with tools and services that have helped industry-leading organizations capitalize on the cloud’s rapid growth in the past decade. Cloudnexa revolutionizes the way businesses of all scale and sizes deploy, secure, and automate their cloud services.

For more information, press only:

As we covered in our blog, “Enabling Your Remote/Hybrid Workforce by Moving to Amazon WorkSpaces” last week, Amazon WorkSpaces provide secure, reliable, and scalable access to persistent desktops from any location.

Amazon WorkSpaces optimizes running modes based on end-user connection times. Amazon WorkSpaces is a cost-effective solution and optimizes costs. Use cases include onboarding new employees or contingent workers while providing tighter data access controls and protections. Amazon WorkSpaces comes in preconfigured bundles with Microsoft Office and Trend Micro Antivirus or you can make your own bundle to fit workers’ needs and quickly onboard them.

Amazon WorkSpaces also allows for quick recovery from ransomware and cyberattacks. Cloudnexa includes Trend Micro’s agent into the deployment bundle so that all environments are protected when they launch.

Once you have Amazon WorkSpaces, the next step is to manage them effectively. This can be achieved through Amazon WorkSpaces Cost Optimizer and Amazon AppStream 2.0.

Amazon WorkSpaces Cost Optimizer

Amazon WorkSpaces Cost Optimizer analyzes all of your Amazon WorkSpaces usage data and automatically converts the WorkSpace to the most cost-effective billing option (hourly or monthly), depending on your individual usage. This solution also helps you monitor your WorkSpace usage and optimize costs.

Amazon WorkSpaces Cost Optimizer automatically converts the WorkSpace to the most cost-effective billing option depending on usage.

Key benefits include:

  • Automatic WorkSpaces conversion: Automatically convert your WorkSpaces to the most cost-effective billing option (hourly or monthly), depending on your individual usage.
  • Monitor your WorkSpaces usage: Monitor your WorkSpace usage and optimize costs by using AWS CloudFormation to automatically provision and configure the necessary AWS services to convert individual WorkSpaces.
  • Secure one-click deployment: Provide a secure one-click deployment using an AWS CloudFormation template developed with the AWS Well-Architected Framework methodologies.

AWS Solutions Implementation Overview

The diagram below presents the architecture you can automatically deploy using the solution’s implementation guide and accompanying AWS CloudFormation template.

Amazon WorkSpaces Cost Optimizer solution architecture

  1. This solution deploys an Amazon CloudWatch Events rule that invokes an AWS Lambda function every 24 hours.
  2. The Lambda function runs the Amazon Elastic Container Service (Amazon ECS) task, which gets the list of AWS Directories and Amazon WorkSpaces from the Regions where these services are available.
  3. The Fargate task checks each WorkSpace for total usage for the month and converts the WorkSpace to the most efficient billing model depending on usage.
  4. Amazon Simple Storage Service (Amazon S3) stores a log file with the conversions

Amazon AppStream 2.0

Amazon AppStream 2.0 provides secure, reliable, and scalable access to applications and non-persistent desktops from any location.

Amazon AppStream 2.0 empowers your remote workforce, strengthens security, optimizes costs, and reduces downtime.

  • Empower your remote workforce and react quickly to changing conditions with access to applications and desktops from anywhere.
  • Strengthen security by storing data on AWS instead of vulnerable endpoint devices.
  • Optimize costs through on-demand cloud scalability with a range of compute, memory, and storage options.
  • Reduce downtime with fully managed application delivery and reliable AWS infrastructure offering 99.9% uptime.

How it works

Amazon AppStream 2.0 is a fully managed non-persistent desktop and application service for remotely accessing your work.

Use cases include:

  • Empower contact center agents to work from anywhere: Enable contact center agents to work remotely from any location with a secure, easy-to-use agent experience.
  • Launch SaaS for software vendors: Deliver Software as a Service (SaaS) versions of applications without rewrites, special hardware, or device installs, ideal for training, trials and software demonstrations.
  • Access to 3D design and engineering applications: Enable user access to CAD, CAM, and CAE applications from any computer with responsive, high-performance streaming sessions.
  • Support student learning environments: Enable online learning over slow network conditions with easy, reliable access to applications and resources.

Learn how you can manage Amazon WorkSpaces by contacting us today!

Whether companies were ready or not, most of them experienced a dramatic digital transformation during the COVID-19 pandemic. Workplaces shifted overnight and continue to be in flux. Companies are still scrambling to determine how best to help their employees be productive and successful, while ensuring data security.

One of the ways you can enable and mobilize your workforce is to move to Amazon WorkSpaces. Amazon WorkSpaces provide secure, reliable, and scalable access to persistent desktops from any location. Leveraging Amazon WorkSpaces helps normalize work environments and secure access points no matter where employees are working each day—the office, home, or a hybrid model.

In most work environments, if an individual machine fails, it creates big business impacts such as lost revenue or customer service issues. Through Amazon WorkSpaces, there is no impact as employees can simply access Amazon WorkSpaces on another machine. Amazon WorkSpaces mitigate risks because your local device is only the gateway to AWS. Everything on Amazon WorkSpaces is secured and remains in a suspended state until you are able to login again.

Key Benefits

Moving to Amazon WorkSpaces has many benefits including the following:

Amazon WorkSpaces empowers your workforce, strengthens security, optimizes costs, and reduces downtime.

  • Empower your remote workforce and react quickly to changing conditions with access to applications and desktops from anywhere.
  • Strengthen security by storing user data on AWS instead of vulnerable endpoint devices.
  • Optimize costs with on-demand, pay-as-you-go scaling with a range of compute, memory, and storage options.
  • Reduce downtime with fully managed application delivery and highly reliable AWS infrastructure designed for 99.9% uptime.

Use Cases

Sounds interesting, but you’re not sure how to apply it? Here are few example use cases:

  • Onboard contingent workers: Easily assign and remove desktops for contractors while keeping your sensitive data secure in the cloud.
  • Facilitate remote work: Enable work-from-home and remote workers to access fully functional Windows and Linux desktops from any location.
  • Run powerful desktops: Provide high-performance desktops for developers and engineers to store and access proprietary models, designs, and code.
  • Let contact center agents work from anywhere: Enable contact center agents to work from anywhere with a secure, easy-to-use agent experience.

How it Works

Amazon WorkSpaces is a fully managed desktop virtualization service for Windows and Linux that enables you to access resources from any supported device.

Secure your workforce’s future by moving to Amazon WorkSpaces today. Get started by contacting us.

Are you right-sized or overprovisioned on your Microsoft licensing? Not sure? By completing an Optimization and Licensing Assessment (OLA) with Cloudnexa, we can help you evaluate your Microsoft workloads’ licensing, identify opportunities for consolidation, and ensure license compliance. An OLA is an important component of Migration Readiness Assessments.

Why should you consider doing an OLA with Cloudnexa?

Cost Savings

An OLA will empower your cloud strategy and help you discover cost-effective and flexible licensing options. Without optimizing your cloud infrastructure, the cost of overprovisioning third-party licensing can exceed the cost of compute. Leverage the recommendations from Cloudnexa’s OLA to get the most value from your existing licensing entitlements by configuring your instances to require fewer licenses while still maintaining highly performant applications. Adapt your on-premises licensing strategy to enable your cloud migration.

Cloudnexa starts with your vendor licensing position and specific use rights and aligns sizing. We are experts in vendor licensing, use rights, contracts, AWS sizing, and how to help customers maximize cost and optimization. Cloudnexa will assist in creating a strong modernization strategy to exit from vendor workloads requiring expensive licensing and long-term commitments.

An OLA will help you discover cost-effective and flexible licensing options.

Also consider migrating to an AWS service like Babelfish for Aurora PostgreSQL to run Microsoft SQL Server applications on PostgreSQL with little to no code change.

Explore Flexible Licensing Options

Use the results of a Cloudnexa OLA to avoid unnecessary licensing costs and vendor lock-in. Model different licensing scenarios with license-included or Bring Your Own License (BYOL) instances, to meet the needs of your business. Flexible licensing options enable you to drive seasonal workloads and support agile experimentation, as well as to model dedicated environments, so you only pay for what you need.

Accelerated Microsoft Workload Migration

Completing an OLA also helps prepare you to migrate to AWS. AWS supports all of your Microsoft workload needs. Cloudnexa’s evaluations can help you determine whether you should develop a Bring Your Own License (BYOL) model or leverage an AWS-provided license strategy as the best approach. Cloudnexa will help you develop a plan and a migration strategy which will accelerate your AWS Microsoft workload migration process and ensure key areas of concern are addressed.

An OLA helps you prepare to migrate to AWS.

Leveraging this funded program (subject to qualification) helps you accurately evaluate the existing Microsoft workloads in your on-premises and/or cloud environment, and then provides recommendations—based on current resource utilization data—on the deployment options for Microsoft workloads on Amazon Elastic Compute Cloud (Amazon EC2) across different deployment options. This process will also highlight the appropriate options available such as BYOL with Dedicated Hosts or shared tenancy Amazon EC2.

Right-size your Resources

Discover workloads in your on-premises or cloud environment and build an inventory of your compute resources. Our tooling-based approach will help you determine your actual utilization requirements to help optimally select the lowest-cost AWS EC2 and RDS instance size and type for each workload. Use this data to determine the right blend of on-demand and spot instances, dedicated hosts, savings plan, and other options tailored to your environment.

Want to learn more or get started? Contact us.