Executive Summary
InfusionPoints, an AWS Partner, is a strategy and technology security consulting firm that takes an independent approach to infuse security and privacy into the people, processes, and technologies of business solutions. InfusionPoints helps its customers accelerate their compliance journeys through XccelerATOr, an AWS-based compliance automation solution. InfusionPoints has also fueled new business growth through the Authority to Operate (ATO) on AWS program.
Partner Success Story – InfusionPoints
InfusionPoints has provided cybersecurity services to government contractors and cloud service providers since 2007. The North Carolina–based technology and consulting firm uses multiple security and privacy frameworks to develop, deploy, and manage secure business solutions for state, federal, and local governments as well as commercial organizations, financial services, insurance, retail, and healthcare customers.
As part of its security offerings, InfusionPoints helps customers become compliant with security programs such as the Federal Risk and Authorization Program (FedRAMP), Cybersecurity Maturity Model Certification (CMMC), and Defense Federal Acquisition Regulation Supplement (DFARS). “Many of our customers are overwhelmed with everything they need to do to implement a FedRAMP-compliant solution,” says Shiloh Casey, Director of Advisory Services for InfusionPoints. “They may not understand all the requirements, or they might not have the infrastructure to support a FedRAMP solution. We provide consulting and technology services to help them navigate that challenge.” As an
Amazon Web Services (AWS) Partner, InfusionPoints builds its solutions on AWS. “One thing that sets AWS above other cloud providers is its commitment to state and federal government,” says Jason Shropshire, Chief Operating Officer at InfusionPoints. “This has made a big difference for us in terms of our success with customers trying to get FedRAMP authorization using AWS.”
Building a FedRAMP-Compliant Solution through the ATO on AWS Program
For the past several years, InfusionPoints has sought to help its customers more quickly obtain a FedRAMP authority to operate (ATO). “Earning an ATO requires that customers meet hundreds of requirements, and it’s a long process,” says Gary Daemer, President and Founder of InfusionPoints. “We wanted to build an automated solution that helps our customers achieve an ATO faster.”
To better assist customers, InfusionPoints applied to and qualified for the Authority to Operate (ATO) on AWS Program. Through this program, AWS Partners can access technical support and security strategy experts and take advantage of relationships with other ATO on AWS partners to accelerate ATO solution delivery to customers. To help its customers with the compliance process, InfusionPoints developed XccelerATOr, a compliance automation solution that runs on AWS. “We started with an AWS architecture and added our own features for segmentation and access control,” Daemer says. XccelerATOr can be deployed in Amazon US East/West regions as well as AWS GovCloud (US) regions. The solution runs on Amazon Elastic Compute Cloud (Amazon EC2) instances and uses AWS Transit Gateway to centralize traffic from Amazon Virtual Private Cloud (Amazon VPC) services. XccelerATOr stores data logs in Amazon Simple Storage Service (Amazon S3) and relies on services including Amazon GuardDuty, AWS Shield, and AWS Config for boundary control and security configuration.
InfusionPoints delivers XccelerATOr as an infrastructure-as-code solution and provides a range of other services following implementation. “We also operate the environment, perform continuous monitoring, and offer documentation to guide customers through any compliance solutions they need to deploy on their application side,” says Daemer.
“XccelerATOr on AWS is helping BizFlow achieve a FedRAMP ATO much faster than it could on its own.”
- Gary Daemer, President and Founder, InfusionPoints
Helping BizFlow Accelerate FedRAMP Compliance
After developing XccelerATOr, InfusionPoints began working with BizFlow, an InfusionPoints customer that offers business process management and compliance software. BizFlow needed to achieve FedRAMP ATO status but needed a security partner to provide knowledge and expertise. InfusionPoints helped BizFlow use XccelerATOr—along with implementation, management, and monitoring—to expedite the journey to FedRAMP compliance. Using XccelerATOr, BizFlow deployed its application into a managed, secure, and compliant AWS environment on AWS GovCloud (US). “XccelerATOr on AWS is helping BizFlow achieve a FedRAMP ATO much faster than it could on its own,” says Daemer. “Because of the ATO on AWS Program, we have the knowledge and skills to help BizFlow ensure compliance all the way through its application.” Once it obtains its FedRAMP ATO, BizFlow will be able to sell its software to other government agencies.
“We have been able to drive new business by being in the ATO on AWS Program. We receive many high-quality leads, and we have experienced more growth through these leads than anything we’ve seen in our 14 years.”
- Jason Shropshire, Chief Operating Officer, InfusionPoints
Fueling Business Growth
InfusionPoints has grown its business through resources available via the ATO on AWS Program, from technical expertise to sales collaboration. “We have been able to drive new business by being in the ATO on AWS Program,” says Shropshire. “We receive many high-quality leads, and we have experienced more growth through these leads than anything we’ve seen in our 14 years.”
InfusionPoints has also benefited from connections with other ATO on AWS partners and AWS security professionals. “The experts we’ve been able to communicate with through the program have seen and heard a lot about regulatory issues,” Shropshire says. “They have an updated understanding of the current universe of ATOs in progress on AWS, and the common strategies in place to overcome challenges. Overall, through the ATO on AWS Program, we have gained credibility with our customers, and we will continue to focus on helping them meet their security and compliance goals.”
