Protecting application workloads and data hosted in the cloud
Easy Cloud helps you secure your workloads and protect your data by deploying a secure cloud environment based on industry best practices and Booz Allen engineering expertise. We integrate best-of-breed, commercially available solutions designed to meet your needs, as well as commercial, military, and Federal Government requirements.
Security as a Service
Giving you peace of mind.
- Compliance with Federal and Commercial Compliance standards, including the Federal Information Security Management Act (FISMA), the Department of Defense’s (DOD) Cloud Computing Security Requirements Guide (SRG), Secure Cloud Computing Architecture (SCCA), the Federal Risk and Authorization Management Program (FedRAMP), Cloud Security Alliance (CSA), and Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook, served as the basis for developing Virtual Cloud Defense cloud architectures to provide compliance in addition to security.
- Automation of Baseline Configurations, including the baseline infrastructure, end host configurations, cloud-native services, and third-party security features.
- Encryption of Data at Rest uses built-in cloud and third-party solutions and full volume encryption of cloud storage to protect data from unintentional disclosure and malicious activity.
- Network Traffic Inspection and Protection offers in-line packet inspection and passive Secure Sockets Layer (SSL) decryption for traffic into and out of the cloud, as well as between cloud nodes, to detect and block intrusions and other malicious traffic.
- Log Aggregation, Dashboards, and Reporting collects and analyzes security events and configurations from network appliances, cloud infrastructure, operating systems, and applications to support security operations, auditing, and executive reporting.
- Identity and Authentication Services integrates with public key infrastructure (PKI) to support smart card and multifactor authentication for hosted applications and management functions. The platform implements best practices for identity and access management (IAM), account management, and role structure.
- Network Tiering provides logical network segregation of security zones, user planes, data planes, and management planes.
- In-line deep packet inspection
- Application-aware inspection
- Signature-based protections
- Advanced network security services, such as Web application firewalls
- Advanced encryption that protects data at rest, ensuring that cloud-stored information is secure with keys that you control.
Other Essentials package features include a security dashboard that provides operators with a real-time, consolidated view of their application enclave’s security posture.
These features and security protections form the baseline of a secure hosting enclave for Internet-facing or private applications.
Essentials can be deployed with or without high availability, depending on your budget and uptime requirements.
Essentials is now available on the Amazon Web Services Marketplace with end-to-end automated deployment that creates a secure, application workload ready environment in minutes.
The Advanced package builds upon Essentials, focusing on management features that allow for more advanced application protection feature deployment.
The Advanced package also includes the deployment of a separate management enclave with advanced features including:
- Advanced end-point protection
- Automated patching
- Vulnerability scanning
- Privileged access management, which guarantees that only users with the proper privileges have access to the Booz Allen Virtual Cloud Defense infrastructure.
The Advanced package also includes basic reporting and analytics that provide security and event management capabilities. Security administrators can analyze and display aggregated security and audit data, as well as feed advanced security analytics to big data solutions.
The Enterprise package builds upon the Advanced package, introducing additional features typically deployed in large-scale enterprise environments. The environment enables multi-tenancy, to include shared demilitarized zone (DMZ) network security services to protect both north-south and east-west traffic flows.