Centricity Secure Workplace for Government

Deploy, operate, optimize, and secure your program's Amazon WorkSpaces at scale

CloudHesive works with customers to design, deploy, operate, and optimize end-user computing (EUC) environments based on Amazon WorkSpaces that apply National Institute of Standards and Technology (NIST) controls (800-171, 800-53) to the operations and management of the environment.

While Amazon WorkSpaces provides a robust virtual desktop experience, Centricity Secure Workplace for Government builds on the existing security profile of Amazon WorkSpaces to help customers meet additional controls and compliance standards through operational practices and technical architecture.

Centricity Secure Workplace for Government provides controls such as multi-factor authentication (MFA), enterprise directory integration, host-based file integrity monitoring, host-based firewall, host-based intrusion detection services, and data loss prevention to help secure customers' EUC environments.

Provisioned in AWS GovCloud and operated by United States citizens within the United States, each component of the solution implements Federal Information Processing Standard (FIPS) 140-2 encryption and, for components where the control domain extends outside of AWS GovCloud, is listed on the FedRAMP Marketplace. CloudHesive also offers service components to assist companies achieve Cybersecurity Maturity Model Certification (CMMC) Level 3 for support of Department of Defense (DoD) entities.

In addition to addressing security controls related to EUC, the Centricity platform provides management and oversight of the virtual desktop environment, allowing nontechnical business users to manage their Amazon WorkSpaces regardless of Amazon Web Services (AWS) account hierarchy or deployed-to region.

This is achieved by placing functionality such as starting, stopping, rebuilding, and managing virtual desktops at the fingertips of a business user and by providing metrics to help determine what the end user experience is such as latency and usability.


AWS Partner Network | Competency


Argentina, Chile, Columbia, Paraguay, Peru, United States, Uruguay


Jump-start your implementation
Templated solution allows for a short path to compliance, leveraging a pre-designed starting point
Make performance-driven decisions
Drill into your end users' experience with robust performance monitoring, reporting, and alerting
Align to common security controls
Enhance the security of your workloads with pre-build control mapping, policies, and technologies
Empower your users
Provide self-service capabilities to your end users; reduce reliance on your support organization
  • How it works
  • CloudHesive's consulting offer Centricity Secure Workplace for Government includes a a mix of proprietary and third-party software powered by multiple AWS services. The consulting offer is a hybrid of a SaaS platform, a consulting engagement, and a managed-services engagement, bringing a virtual desktop solution that helps customers meet their security control sets and operational needs.

    Understanding that the requirements of Amazon WorkSpaces for each department or agency will vary, CloudHesive's consulting offer is capable of functioning as a standalone (with no interdependencies) or as a solution integrated into your existing enterprise footprint. Centricity Secure Workplace for Government supports net-new deployments of an EUC solution, migration from an existing EUC solution, or even optimization of your current Amazon WorkSpaces setup.

    CloudHesive's process begins by understanding these requirements, weighing the trade-offs between them, and obtaining cross-functional consensus to the selected approach before initiating implementation.

    For an implementation with a standalone approach, CloudHesive would start with a typical Amazon WorkSpaces deployment (Amazon Virtual Private Cloud [VPC], AD Connector or AWS Directory Service for Microsoft Active Directory, and Amazon WorkSpaces). In the course of the the Centricity Secure Workplace for Government consulting engagement, CloudHesive would add security controls aligned to customer's organizational compliance controls. These could include MFA, endpoint security, content filtering, data loss prevention, and operational monitoring and management.

    Alongside the design and deployment, leveraging either a standard NIST control mapping or control sets of your choosing, CloudHesive would design an operational model to ensure that appropriate policies, training, and controls are identified and implemented.

    These components are tightly integrated into the Centricity Secure Workplace for Government offer to provide a viewpoint into operational and security-driven metrics as well as Amazon WorkSpaces fleet management capabilities. Ultimately, this platform becomes the first line of support to CloudHesive's customers and their end users.

    Alongside the Centricity platform, CloudHesive provides robust managed services aligned to the needs of EUC consumers to function as tier 2 support and to coordinate a variety of activities with CloudHesive's customers' business units, from application support teams to infrastructure teams and security and compliance teams. These activities may be proactive in nature (such as application upgrades), time-based (such as supporting quarterly compliance initiatives), or event-based (for example, application performance troubleshooting).

  • Key activities
  • 1) Requirements gathering
    Review customer requirements and determine deployment approach for standalone or integrated services
    2) Control identification and mapping
    Review controls; map to process, policy, training, and technology or leverage pre-templated mappings
    3) Prerequisites
    Implement supporting services and integrations (if needed) to existing enterprise environment
    4) Software deployment
    Provision baseline workspaces; customer performs software installation; create bundles and images
    5) Acceptance testing
    Bundles and images used to launch validation environment; customer software tested by customer
    6) Training
    Provide administration training on user management and Centricity platform to users
    7) Deployment
    Deployment begins; Amazon WorkSpaces launched; users migrated; application support period begins
    8) Steady state
    Ongoing tiered support provided throughout managed-services term, providing day-to-day move/add/change support
  • Customer contribution
  • Subject-matter experts
    Customer provides access to subject-matter experts
    Based on integration approach, customer may opt to integrate with their existing enterprise services
    Software installation
    Based on software deployment approach, customer may opt to install their software on predefined images
    Acceptance testing
    Customer provides subject-matter experts to facilitate testing of the customer specific environment
    Train the trainer
    Customer administrators and end-user support teams are trained on administration and end-user support
    Migration support
    Customer provides one or more resources to manage end-user communication and activities during migration
    Postmigration support
    Customer provides one or more resources to manage end-user communication and activities post migration
    Project manager
    Customer provides a project manager to facilitate customer contribution activities and communication
  • About this consultant
  • CloudHesive is an AWS Managed Service Provider Partner and has achieved a number of AWS Competencies and recognitions, including the AWS Digital Workplace Competency and the Authority to Operate on AWS designation. CloudHesive was founded in 2014 by veterans of the cloud technology space and helps customers adapt and transform their organizations by leveraging the power of the public cloud ecosystem through consulting and next generation managed services with a focus on operational excellence, security, reliability, performance efficiency, and cost optimization. CloudHesive serves customers in North America, South America, and beyond, with headquarters in Fort Lauderdale, FL, and offices in Norfolk, Virginia; Santiago, Chile; and Buenos Aires, Argentina.

    CloudHesive's superpowers align to customers' enterprise needs, ranging from business tools such as Amazon WorkSpaces with CloudHesive's Centricity Secure Workplace for Government solution to application platforms supported by CloudHesive's Next-Generation Managed Services practice, to supporting CloudHesive's customers' Centers of Excellence via governance, cost management, and information security services and support.

  • Architecture diagram

Ready to get started?

AWS Partner Highlights

CloudHesive's alignment to AWS Competencies, Partner Programs, and Service Validations supporting EUC 

AWS Competency Details
CloudHesive holds the AWS Digital Workplace Competency, with a track record of customer success

Authority to Operate (ATO) Program 

CloudHesive is an ATO on AWS Program Member
Explore icon
Explore all Consulting Offers

Browse our portfolio of Consulting Offers to get AWS verified help with solution deployment.

Learn more 
Build icon
Deploy a solution yourself

Browse our library of AWS self-deploy solutions to common architectural problems.

Learn more 
Find an APN Partner icon
Find an AWS Partner

Engage with AWS Partners for secure, innovative, and cost-effective custom solutions that leverage the power and scalability of AWS services to meet your needs.

Learn more