Securing your Azure Cloud for Healthcare

September 21, 2017

Healthcare organizations are finding it more cost-effective to garner the services of a reputable Cloud Service Provider (CSP) to manage their Azure cloud. Whether the need is to provide managed services for their Azure cloud subscription, or a need to deploy, host and manage the solution over it’s lifespan using the CSP’s subscription, there is peace of mind that their cloud is compliant and secure.

Azure’s IaaS or PaaS cloud platform allows you to quickly create a Windows or Linux server environment with minimal effort and trust that the infrastructure (servers/storage/network) and platform (operating system/database) elements will be available 24×7. But once servers are spun up, application management services are still needed. Project Hosts’ Azure Managed Services with Extended Security fill the current gap that many enterprises and government agencies have in managing critical elements of their Azure deployments:

    Azure Security Management

    Continuous Monitoring & Performance Optimization

    Applications Access & Management,  User Support

Our cloud security experts have the expertise and compliance competency for today’s most rigorous cloud security standards including ISO 27001, NIST 800-53, HIPAA / HITRUST, FedRAMP Moderate, High,  and DoD CC SRG IL4/5.

Note: Government security standards such as FedRAMP/DoD are only available in a Project Hosts’ subscription.

HIPAA/HITRUST Compliant Clouds

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services

 


Federal CIOs, Struggle No Longer – Compliant Managed Cloud Services

July 20, 2017

In a CIO.com article titled, “5 years into the ‘cloud-first policy’ CIO’s still struggling”, Marlon Andrew, deputy CIO at the National Archives and Records Administration was quoted, saying, “The greatest challenge is not getting a contract in place, but what you find out is where those boundaries cross of who’s now responsible because you’re in a different infrastructure set-up, and what the cloud provider’s going to do versus the contract staff, versus the application support staff versus the infrastructure staff,” Andrews says. “So, that’s the greatest challenge we’re having now is defining roles and responsibilities and who’s going to do what because the world has changed as we’ve known it, and we’ve been client-server for so many years that this is truly a different environment for us.” He continues with this question, “What does the word ‘manage’ mean in a cloud environment.”

It’s a great question, and like so many questions, the answer is “it depends.”   It really depends on the type of cloud solution provider you’re working with, the types or levels of services they offer, and the amount of control they’re willing give you. When it comes to “managing,” Project Hosts offers a range of “managed services”.  From helping or assisting you in your subscription, to co-supporting an environment based on the software layer, to fully managed hosting services.  In this way, you can apply the talent and resources you have where they’re most likely most needed and valued — typically at the application layer where you’ve done custom development or configuration for your software solution. You should consider offloading things like infrastructure, server, platform and networking management to a cloud solutions provider as they can manage and monitor the environment more cost effectively than using your own staff.

In addition, some CSPs, like Project Hosts, offer advanced  management services such as security controls implementation and management to ensure compliancy with regulatory standards.  Project Hosts provides ready-to-run containers that support the necessary security controls including ISO 27001, HIPAA/HITRUST, NIST 800-53, and FedRAMP Moderate, High and DoD CC SRG IL4/5 level with full compliancy. 

So in summary, we provide the managed services to deploy, host, monitor, and maintain your subscription, ensuring ongoing trouble-free operation in a highly secured cloud. Whether you need us to provide managed services for your Azure cloud subscription, or you need us to deploy, host and manage the solution over it’s lifespan using our subscription, rest assured we will secure your cloud.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


FedRAMP Websites made Secure through Required FedRAMP Control Families

June 22, 2017

FedRAMP-Websites2Pursuant to a memorandum released in November, 2016 by the US Office of Management and Budget, M-17-06 Policies for Federal Agency Public Websites and Digital Services, Project Hosts’ FedRAMP compliant websites can meet website objectives and recommendations. U.S. federal and state government agencies and enterprise organizations that need a highly secure website and content management system can now use Drupal, Joomla and WordPress for FedRAMP compliant websites with database.

Vulnerability scans, expensive audits and access control are at the forefront of the RA, AU and AC Control Families, which along with 253 additional controls, give Federal and State agencies and their citizens peace of mind when accessing and sharing information over their FedRAMP websites. Project Hosts, Inc. has put together a series of videos going over the various control families necessary to achieve FedRAMP compliance. While some of the control families are industry standard for IT security management, it is the substantial number of controls required in FedRAMP that adds the impenetrable layers of security through FedRAMP Compliance.

FedRAMP_Video_SeriesThe RA- Risk Assessment FedRAMP Security Control Family is primarily about vulnerability scanning on your system.

The AU – Audit and Accountability FedRAMP Security Control Family covers the logging that you must do in you systems to be able to alert you when something is going wrong, or to diagnose incidents. Such audits can cost upwards of $200k annually.

The AC- Access FedRAMP Security Control Family is the largest family with 43 controls. This family of controls covers how you provide control over who accesses your environment and how you authorize that access.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


Understanding the FedRAMP Control Families ( Video Series with Project Hosts)

May 9, 2017

Project Hosts has recently released a series of 17 videos that outline the security controls required for FedRAMP compliance of an environment built on Microsoft Azure.  IaaS/PaaS services like Microsoft Azure take care of 25-30% of all required FedRAMP security controls, but the remaining 70-75% still need to be put in place.  In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

FedRAMP_Video_Series

In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail, what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

Our Federal Private Cloud for Windows and Linux Applications (FPC) provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management.   A hybrid cloud architecture allows agencies to leverage shared services for some functions (e.g. authentication, monitoring, scanning) while still having the option to choose dedicated servers for applications and databases. This series of videos offers some insight into the controls that make all of this possible.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


FedRAMP Compliant Websites Powered by Drupal, Joomla! and WordPress

January 6, 2017

Government Agencies moving to FedRAMP Compliant Websites

FedRAMP-Websites2We’re very excited that more and more U.S. Government agencies are interested in, and moving to FedRAMP authorized websites. Over the past several quarters, we’ve seen a big uptick in federal agencies looking to upgrade their private and public websites to meet this GSA security standard.

Back in February of 2016 we announced that our Federal Private Cloud supported FedRAMP compliant websites by Joomla, WordPress and Drupal – and we’ve worked hard to maintain our FedRAMP authorization and compliancy.

This means that U.S. federal and state government agencies can now quickly and easily create and manage their websites while having complete assurance that they are fully secured and meet all of the GSA’s FedRAMP SaaS-level compliance controls.

“If you’re an agency who needs to build and maintain
a FedRAMP compliant website using Drupal, Joomla! or WordPress, we have exactly what you need,” said Scott Chapman, CEO and co-founder of Project Hosts. “Unlike FedRAMP Infrastructure-as-a-Service (IaaS) website offerings where you still have to put in place and manage all of the scanning, patching, log correlation, intrusion detection, incident response and other security services required for FISMA compliance, our FedRAMP SaaS-level compliant websites allow you to focus on your website content and leave all of those security controls to us.”

Need to know more?  Follow this FedRAMP Websites Link.   Or type:
https://www.projecthosts.com/fedramp-compliant-websites.aspx


A FedRAMP Compliant Cloud offers Military Grade Data Security for the Public Sector

July 13, 2016

FedRAMP_Security_NotFedRAMP recently announced the High Security Baseline, allowing Cloud Service Providers (CSPs) to provide high-level security environments for federal agencies looking to leverage the cloud. The private sector is now seeking FedRAMP level compliance to protect and secure critical business data and assets.

Enterprise security professionals are now requiring a commercial FedRAMP compliant cloud solution that can not only protect their critical data assets but also protect:

  • Information about mid-range to long-range strategic plans
  • Information that includes IP (Intellectual Property) and researching findings
  • Information that could lead to lost sales
  • Information that could lead to financial or regulatory penalties
  • Information that could result in severe damage to the company’s value or reputation
Fedramp-managed-services

Project Hosts Federal Private Clouds

The the rise of public cloud security breaches, protecting ones critical data assets with a FedRAMP compliant cloud solution in Azure is a simple assurance of true security. Private enterprises are now defining their “information security levels” and specifying the level of security required for each of their cloud-based applications an associated data. In the same fashion that FedRAMP classifies information security levels for confidentiality, integrity and availability into “low impact,” “moderate impact,” and “high-impact,” categories, private enterprises are doing the same.

SharePoint Custom Cloud

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services

 

 


FedRAMP goes live with High Security Baseline

June 23, 2016

Today, the Federal Risk and Authorization Management Program (FedRAMP) announced the FedRAMP High Security Baseline. The importance of this is significant, as stated in today’s FedRAMP announcement: “These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.”

With this announcement, Cloud Service Providers (CSPs) have a high-level security model to offer federal agencies. Prior to the new baseline, federal agencies could only migrate low and moderate impact data into the cloud. With this release, government agencies can now leverage the cloud for their most critical data through High Security Baseline CSPs.

Microsoft Azure is one of three CSPs currently with provisional authority to operate from the FedRAMP Joint Authority Board or JAB. Under the new baseline, CSP data centers must be secured to the levels mandated for unclassified data in cloud environments, outlined by the Federal Information Processing Standard, or FIPS.  Project Hosts’ Federal Private Cloud, a FedRAMP SaaS-level cloud with an agency ATO, is currently certified at the Moderate level, and with this announcement has started the process to gain a High Security Baseline. Specific details on the expected availability of this capability will be announced at a later date.

Click for additional information about Project Hosts’ Federal Private Cloud


%d bloggers like this: