Knowmadics
3PAO advisory services for FedRAMP ATO (Authority to Operate)
- Security control design
- Leveraged Microsoft Azure
- Application and infrastructure control implementation
Project Information
Quzara provides strategic security consulting services to Federal and commercial customers. In addition to managed security services, our Microsoft Azure certified team offers cyber engineering and compliance documentation.
We offer advanced monitoring, detection, and response capabilities through our managed security platform, Cybertorch™. In addition to Microsoft Azure Security, Quzara's vendor-agnostic team manages automation, compliance, and security architectures to support critical missions for Government and commercial customers.
Challenges
- Knowmadics is a leading Internet of Things (IoT) remote device management and monitoring platform which provides an innovative, configurable approach to connect, locate, and secure thousands of IoT and Operational Technology (OT) devices to a single management tool. When Knowmadics needed to expand their product to the U.S. Government, they contracted with the Quzara Federal team. Quzara assisted Knowmadics with their FedRAMP Authority to Operate (ATO) efforts.
- Quzara worked with Knowmadic's engineering and compliance teams to design security controls to meet stringent FedRAMP requirements. These requirements are based on the National Institute of Standards and Technology (NIST) security publication (SP) 800-53 and tailored for cloud computing.
- Quzara built requirements that leveraged the Government offering from Microsoft Azure in conjunction with Knowmadics to meet these requirements. In addition to implementing controls at the application and infrastructure layers, Quzara's compliance engineers optimized Knowmadics investment by providing inherited controls on Microsoft Azure.
Why Microsoft Azure
Based on the challenges outlined above, Quzara advised Knowmadics to run their platform on Microsoft Azure Government, in large part due to the cloud service provider’s (CSPs) track record of performance and security innovation.
In the United States, Microsoft Azure Government (US) enables Federal agencies to comply with US International Traffic in Arms Regulations (ITAR), Federal Risk and Authorization Management Program (FedRAMP) requirements, Cybersecurity Maturity Model (CMMC) and Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) Levels two (2) and four (4)
Using Microsoft Azure Government enabled Knowmadics to protect sensitive unclassified data files with the Microsoft Defender for Cloud products; store and manage security keys with Microsoft Azure Key Vault; and use Microsoft Azure Blueprints and Azure policies. Quzara teams also provided configuration for Microsoft Sentinel, Microsoft defender for endpoint and additional security monitoring capabilities using logic apps based on our deep knowledge of security orchestration and response. Quzara also used Microsoft lighthouse to provide analyst access two security event and monitoring data.
Quzara's security and compliance expertise helped Knowmadics prioritize the implementation of controls and create a government focused cloud offering. Our success was largely due to leveraging Microsoft Azure GovCloud controls and services.
We are pleased to announce that Knowmadics has succeeded in obtaining an Agency specific ATO built on FedRAMP controls. Note: Knowmadics is not on the GSA FedRAMP marketplace due to the nature of their Agency purpose-built platform.
"While such a project typically takes years to complete, our expertise in security and compliance allowed us to complete the project in just months."