Explore how the Game Warden platform, built on AWS, accelerates software delivery to DoD networks through an accredited DevSecOps PaaS approach.
Software-as-a-service (SaaS) products have revolutionized private sector business operations in recent years, with 94% of enterprises using cloud services as of 2022, according to zippia.com.
Despite the commercial sector’s demonstrated success with SaaS, the United States Department of Defense (DoD) has been slow to adopt this new delivery model, pushing many companies to deliver on-premises and hybrid solutions in addition to its purely SaaS offerings.
Despite the ease of use and favorable unit economics inherent to SaaS offerings, significant bureaucratic and cybersecurity barriers exist which prevent these products from reaching the DoD market.
The core issues associated with delivering software to the U.S. military are centered around contracting pathways and DoD cybersecurity requirements.
To solve this, Second Front Systems built the Game Warden platform, a DoD-compliant DevSecOps platform-as-a-service (PaaS) that accelerates software delivery onto DoD networks while supporting modern DevOps practices and adhering to stringent cybersecurity controls.
Game Warden is built on AWS GovCloud (US) and provides a pathway for containerized applications to receive a Certificate to Field (CTF) on the DoD’s Non-Secure Internet Protocol Router Network (NIPRNet). Game Warden enables hosted applications to inherit an Authority to Operate (ATO) while running on the platform.
Second Front Systems is an AWS Partner that helps organizations streamline software delivery with its fully managed and compliance DecSecOps platform Game Warden, which is available in AWS Marketplace.
Game Warden leverages a suite of AWS services for development, compliance, operations, and monitoring.
Second Front Systems collaboration with AWS has helped industry-leading software companies scale their business across DoD by demystifying the ATO process and abstracting compliance requirements through an inherited security model.
Here are some products powered by Game Warden on top of AWS that are working on DoD contracts today:
Game Warden’s inherited security model and automated tooling is reducing ATO timelines from months to weeks, and will soon unlock new production environments in AWS Secret and Top Secret regions.
Game Warden can be thought of as a set of interconnected systems that provide an accelerated pathway for deployment of containerized applications to DoD networks. The key systems include a DevSecOps pipeline, security and compliance architecture, and hosting platform.
Let’s dive into each system of Game Warden and how they integrate with AWS to provide a secure, DoD-compliant hosting environment and continuous Authorization to Operate (cATO) pipeline for modern SaaS applications.
Game Warden integrates with an organization’s existing CI/CD pipelines—automating vulnerability and malware scanning, container hardening, and deployments to hosting environments. This security and release pipeline is also an accredited pathway for cATO.
The Game Warden DevSecOps pipeline is a series of streamlined phases:
The Game Warden pipeline emulates the Risk Management Framework process for securing software, while supporting modern CI/CD and DevSecOps practices. Software developers can fully automate their application deployments into the Game Warden development environment, with new releases taking just a few seconds before they’re ready for testing.
When a new version of the application is ready for release, its security posture is reviewed and the release is promoted into an accredited production hosting environment typically within 24 hours.
The following diagram displays the workflow of a containerized application going through the Game Warden CI/CD pipeline.
Using a combination of AWS services and platform features, Game Warden meets the compliance requirements for DoD Impact Levels 2, 4, and 5. The platform’s inherited security model saves customers substantial time and money by removing the infrastructure and platform compliance burden.
The DoD adheres to a select set of compliance frameworks that have overlapping requirements and security goals. Game Warden is adherent to these frameworks, allowing Second Front Systems to establish and maintain a continuous Authorization to Operate.
Customers operating on Game Warden benefit from inherited compliance with these standards while their application workloads are running on the Game Warden platform. DoD adopted compliance frameworks include:
To aid in understanding and mapping components to compliance frameworks, AWS offers the AWS Services in Scope by Compliance Program, a directory that lists different compliance frameworks and the particular AWS services that meet each standard. Game Warden uses many AWS services and relies on this repository to ensure the services employed across the platform meet stringent DoD requirements.
Game Warden leverages popular AWS services like Amazon CloudWatch, AWS CloudTrail, and Amazon Virtual Private Cloud (VPC) to monitor network, system, and API activity on the platform.
Amazon GuardDuty does real-time checks for cybersecurity anomalies and is used in tandem with CloudWatch, AWS Lambda, and Amazon Simple Notification Service (SNS) to automate responses and alerting.
In addition to providing a rapid pathway for SaaS offerings to be positioned to achieve a cATO, Game Warden includes a fully managed hosting environment built on AWS that includes development, staging, and production environments and has a connection to NIPRnet for IL4 and IL5 deployments.
In Game Warden, application workloads run on Big Bang, a DoD-accredited DevSecOps platform on Kubernetes, and are used in tandem with Amazon Elastic Kubernetes Service (Amazon EKS) to simplify the setup and management of secure Kubernetes clusters.
Game Warden supports both multi-tenant and single-tenant use cases, enabling customers to choose between individual clusters for their end users or a shared environment to reduce consumption costs and reduce deployment complexity.
After Game Warden engineers deploy applications into production, site reliability engineers (SREs) manage Day 2 operations using AWS services like CloudWatch to monitor CPU and memory utilization for core services. Game Warden also includes an observability stack in each environment which is used by customers to view application and cluster logs, and metrics.
All customers benefit from 24/7 helpdesk and incident response support as tenants on Game Warden’s fully managed hosting platform. Second Front Systems assumes most platform and infrastructure administrative and site reliability responsibilities, enabling customers to put more resources towards building great products.
Game Warden uses AWS Identity and Access Management (IAM) to grant service-level permissions to pods in each cluster, allowing customer applications to integrate directly with popular AWS services.
The combination of Game Warden and AWS makes delivering modern software onto U.S. Department of Defense (DoD) networks faster and easier than ever before. This opens up exciting opportunities for commercial companies to unlock access to the vast DoD IT market.
To help your organization build and deploy DoD-compliant software, contact Second Front Systems. You can also learn more about Game Warden in AWS Marketplace.