CyberKinetics is proud to be recognized as an Advanced Tier consulting partner with Amazon Web Services (AWS). Furthermore, we are public sector partners and possess a Government Competency rating with AWS as well. We specialize in supporting National Security and Defense customers, with core capabilities in:
System and Security Architecture Design
We understand that nothing gets deployed without an approval to operate (ATO), so we begin our system architecture with an assessment of the required NIST 800-53 security controls that must be satisfied based upon system scope and data sensitivity. We then design the network/VPC, IAM roles, KMS keys, and security groups that will be needed depending on if the solution is serverless or containerized. In addition, user and entitlement management is planned, and, unless absolutely necessary for the specific application, is externalized to rely upon enterprise services that provide it. Based upon data sensitivty, NoSQL databases are preferred for data persistence. From the initial design, we then plan for configuration (and secrets) management, audit, and application monitoring.
The result is an infrastructure that can support continuous integration and continuous delivery (CI/CD), and is captured as code for repeatability across environments.
Serverless and Container-Based Application Design and Implementation
With an understanding of the deployed environment (API Gateway/Lambda vs. ECS), we then design the microservices to optimize for cost and scalability. This includes special consideration for JDK-based languages where native builds are preferred to reduce start-up time and memory consumption. Microservice implementation then proceeds with an emphasis on externalized configuration, testability, auditability, and facilitating end-to-end monitoring. Every request for every endpoint of every service is separately authenticated and authorized using stateless tokens and assuming zero trust.
All software code is integrated into a CI/CD pipeline that covers version control, automated build, integration and functional testing and staging for subsequent deployment to production. The result is a software process that significantly expedites the timeframe from requirement to production code, providing maximum agility for the customer’s organization.
System Security Accreditation and Risk Mitigation
Security risk mitigation is an ongoing and ever-present aspect of the software delivery cycle, and cannot be relegated to an application’s initial release. Our CI/CD pipeline delivers a production-ready release with each merged and successfully tested software branch, enabling routine security scans early and often. This DevSecOps approach allows engineers and developers to address potential issues earlier, and gives Information System Security Managers a much higher degree of confidence in the overall security posture of the application to expedite the security accreditation and re-accreditation processes.