Anitian Enables Customers with the Fastest Path to Security and Compliance Using AWS and the ATO on AWS Program

Anitian helps customers accelerate and achieve Federal Risk and Authorization Management Program authorizations, as well as other industry and government compliance frameworks, by utilizing the benefits gained from the Authority to Operate on AWS program. Anitian’s SecureCloud for Compliance Automation runs multiple native AWS services including Amazon EC2 and Amazon VPC.

Independent software vendors (ISVs) and software as a service (SaaS) companies often see opportunities to sell cloud software to the federal market as extremely lucrative. As they address these markets, these organizations find that their applications must comply with federal security standards such as Federal Risk and Authorization Management Program (FedRAMP) and the Payment Card Industry Data Security Standard (PCI DSS). The path to becoming compliant with these standards can be a long, expensive, and painstaking endeavor. That path is becoming steeper with the recent release of the 2021 Presidential Cyber Security Executive Order to incorporate Zero Trust Architecture mechanisms and methodologies into cloud security models. 

Anitian, a cloud security solution provider and Amazon Web Services (AWS) Partner, can reduce a company’s time to market and time to revenue by accelerating compliance readiness in the cloud with the SecureCloud for Compliance Automation. 

Built on AWS, Anitian’s platform gives customers a pre-built architecture for security and compliance to meet rigorous security standards such as FedRAMP and PCI DSS. “Our solution uses automation within a customer’s virtual private cloud (VPC) on AWS so companies can quickly and cost effectively obtain the compliance certifications they require to enter new markets and increase their revenues,” says Andreas Ohrbeck, Vice President of Alliances and Business Development at Anitian. “Our platform wraps your apps in Zero Trust security and compliance within a customer’s own AWS environment.”

As Anitian’s capabilities grew, the company wanted to assist more customers in achieving security compliance authorizations like FedRAMP. “We worked with one customer who needed to get a FedRAMP Authority to Operate (ATO) by a certain deadline, but they couldn’t do it in their existing commercial application environment,” Ohrbeck says. To help such customers achieve compliance authorizations such as FedRAMP and PCI DSS, Anitian partnered with the ATO on AWS Program. ATO on AWS works with partners to help customers achieve their compliance authorizations. By participating in the program, AWS Partners have access to security partner strategists, while enhancing visibility and promoting their solutions with customers. ATO on AWS Partners also gain go-to-market support through cobranded webinars, events, and workshops.

As one of the first ATO on AWS Partners, Anitian built the SecureCloud for Compliance Automation platform and immediately began facilitating customer deployments. “As our AWS relationship grew, we went from creating software that automated some compliance processes to helping our customers get through their complete ATO for FedRAMP faster than ever imagined before,” says Ohrbeck. “Our customers can achieve audit readiness in a few weeks instead of months or years because our platform is pre-engineered to include the controls, tools, and documentation needed to meet FedRAMP, PCI DSS, and other compliance requirements." Additionally, Anitian has helped customers achieve FedRAMP in as few as 60 days—while reducing customer costs by an estimated 50% with its platform. 

Anitian has created a pre-built platform that is built from the ground up for Zero Trust. This includes Zero Trust Network Access to ensure that only authorized users can gain access. In addition, the solution leverages Zero Trust communication, logging, and administration within the customer’s AWS environment. As such, developers can now build their cloud applications within the confines of Zero Trust principles from day one. This means access rights become an integral component of the DevOps process (and a critical part of automated configuration management practices). As new applications are added to the environment, developers work more seamlessly with security practitioners and DevSecOps teams to configure access rights, authorization, logging, and other key infrastructure components.

Anitian leverages multiple AWS cloud-native technologies and services including Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Identity and Access Management (AWS IAM), Amazon Elastic Compute Cloud (Amazon EC2), and Amazon Virtual Private Cloud (Amazon VPC). “Zero Trust means we only allow access where necessary, so we’re doing vulnerability scanning and using security logs to control that access,” says Scott Miller, a Sales Engineer at Anitian. “In addition, our 24/7 SecOps helps our customers stay secure and compliant by automating the creation of project milestone reports, which they submit to authorizing agencies each month to document policies, procedures, and any vulnerabilities.” 

Since its founding, Anitian has driven triple-digit business growth. “We can attribute much of our growth to the relationship we’ve had with AWS, including the ATO on AWS Program,” says Ohrbeck. “The fact that we have an ATO seal of approval from AWS validates our solution, especially as we experience hyper-growth of our platform, brand, and customer base. I couldn’t imagine we would be the company we are today if we hadn’t had the ATO on AWS team supporting us on this journey.”