CMS360 White Paper
- Todd Ford
White Paper: CMS360 CONFIDENTIAL
1. Application & Infrastructure
CMS360 is a .NET framework-based application with a UI built on webforms technology. It is comprised of a UI layer, Business Layer and Data Layer. The data flow within the application consists of communication to a MS SQL Server and Image File server. DB communication is Handled through Stored Procedures and uses a single Database Application Role for added security.
This solution allows for client on-prem hosting or hosting with Catalis via our AWS Cloud environment. This document highlights the architecture of a Catalis-hosted Architecture as each customer-hosted environment will vary and will be owned and managed fully by the customer. A high-level reference architecture of a typical client-hosted environment is found below but is not to be seen as a recommendation of best practice, simply a basic application footprint.
The application is a single-tenant solution that uses the single database-per-tenant pattern meaning each customer’s Web application has an isolated database. All user configurations and client applications are dedicated to a single customer.
CMS360 user authentication is currently handled within the application itself. User access can be configured within the administration area of the application and user roles are used for controlling access throughout the application.
Catalis utilizes industry standard best practices for SDLC in Azure DevOps git such as semantic versioning, environmental branching strategies, branch policies, SonarQube analysis on Pull Requests, etc.
Our software development lifecycle (SDLC) environment leverages the power of Azure DevOps, incorporating industry-leading best practices for efficient and seamless development. By employing semantic versioning, environmental branching strategies, branching policies, and performing rigorous SonarQube analysis on Pull Requests, we ensure code quality, collaboration, and reliability at every stage.
The culmination of this robust SDLC process is the deployment of our applications to a production Kubernetes environment hosted in a multi-zone Virtual Private Cloud (VPC). This setup offers the highest level of security and availability, crucial for the successful operation of our critical applications.
Azure DevOps serves as the backbone of our development process, streamlining collaboration between teams and promoting adherence to standardized procedures. The adoption of semantic versioning allows for clear communication and consistent versioning across our products, reducing confusion and ensuring that all stakeholders are on the same page.
In addition to that, we utilize environmental branching strategies, which provide distinct development, testing, and production branches. This approach enables us to maintain code integrity, test new features thoroughly, and confidently deploy to production without any interference from ongoing development work.
To further enhance the reliability and security of our codebase, we enforce strict branch policies, ensuring that all code changes undergo a thorough review and pass essential checks before being merged. This rigorous process minimizes the introduction of bugs and vulnerabilities into our codebase, reducing the risk of issues in production.
Moreover, every code change is subjected to in-depth SonarQube analysis during the Pull Request phase. This static code analysis allows us to proactively identify and address code quality and security issues before they become pervasive, leading to higher code stability and overall system resilience.
The ultimate destination for our fully developed and tested applications is a production Kubernetes environment. This choice enables us to efficiently manage containerized applications, leverage auto-scaling, and orchestrate deployments seamlessly. The Kubernetes environment is hosted within a multi-zone Virtual Private Cloud (VPC), ensuring a high level of security and availability. This setup provides redundancies across multiple zones, safeguarding our applications against potential infrastructure failures and maintaining uptime even in the face of unforeseen events.
The proposed environment guarantees that our software is developed, tested, and deployed with the utmost care and adherence to industry standards. The combination of Azure DevOps best practices, including semantic versioning, environmental branching, and SonarQube analysis, coupled with the resilient Kubernetes production environment in a multi-zone VPC, ensures a high level of security, reliability, and performance for our critical applications.
Catalis Hosted Architectural Footprint
2. Data Governance and Privacy (CISO)
Mitigating risk and meeting regulatory obligations are driving the increasing focus and importance of data encryption. We utilize an effective encryption implementation to enhance current network and application security measures and decrease the overall risk of your cloud environment. These encryption practices help ensure the security and privacy of customer data within the AWS ecosystem. We implement various AWS services and features that enable encryption at rest and in transit, along with tools like AWS Secrets Manager and AWS IAM for managing secrets and access controls, respectively.
The overarching principles for securing customer data in AWS are:
Encryption at Rest: AWS provides services like AWS Key Management Service (KMS) that we use to encrypt data at rest, ensuring that stored customer content is protected. We enable encryption for services such as Amazon S3, Amazon EBS, Amazon RDS, and more, using AWS KMS or other encryption mechanisms.
Encryption in Transit: CMS360 uses AWS WAF with Amazon CloudFront for data transmitted between the web Application and the Client Browser. The services use Transport Layer Security (TLS) for encrypting data in transit. AWS Certificate Manager (ACM) is used to regularly rotate certificates for TLS 1.2 or higher.
Managing Secrets: AWS Secrets Manager provides a secure and scalable solution for managing secrets and sensitive information. Catalis uses AWS Secrets Manager to store and retrieve secrets such as database credentials, API keys, and other sensitive information securely. Secrets Manager integrates with IAM to control access and offers an automatic rotation of secrets for enhanced security.
Key Management: AWS Key Management Service (KMS) is a managed service for creating encryption keys used for data protection in AWS. Catalis use KMS to generate and manage keys for encrypting data at rest, including EBS volumes, S3 objects, and RDS databases. KMS also integrates with other AWS services to provide seamless key management.
Rotation and Auditing: Encryption keys and secrets are regularly rotated to minimize the potential impact of compromised credentials. CloudTrail logging is used to monitor and audit the usage of secrets and encryption services to identify any suspicious activities.
Logs Management: Effective log management ensures the health and performance of Catalis applications. To achieve this, we centralize both application and system logs in Amazon CloudWatch, a trusted service for log storage and analysis. By configuring the relevant resources, we seamlessly collect, analyze, and monitor log data in CloudWatch.
To enhance our monitoring capabilities, CMS360 is integrated with Sumo Logic, a leading log management and analytics platform. By forwarding logs from CloudWatch to Sumo Logic, we leverage its advanced features, including real-time dashboards, log analysis, and proactive alerting. This enables our Ops team to promptly identify critical events and anomalies, empowering them to take proactive actions and minimize any potential downtime.
Furthermore, Sumo Logic's powerful log analysis capabilities allow our Ops team to conduct in-depth investigations, visualize log data, and gain valuable insights. This empowers us to troubleshoot issues efficiently and optimize the performance and reliability of our customer's applications.
By implementing this logs management approach, we ensure a comprehensive and proactive monitoring solution, enabling us to deliver top-notch support and maintain the highest level of application performance for our valued customers.
Access Control: Access to the CMS360 AWS services and resources is controlled through AWS Identity and Access Management (IAM). Catalis follows several of AWS Best Practices to ensure a secure and well-managed environment - including the Principal of Least Privilege (PoLP) and user access separation. Individual IAM accounts are created for each AWS user and service. Each IAM accounts is granted minimal permissions to perform tasks and MFA is required for console access.
Network Isolation: CMS360 runs in an isolated AWS VPC (Virtual Private Cloud). The application VPC is further segmented into 2 subnet groups – application, and database. Each subnet group has three /24 subnets which summarize into distinct logical subnets. The subnets within a subnet group are created in different availability zones in the US East Region. This provides fault tolerance in the event of an AWS data center outage. AWS Security Groups, Network ACLs, and VPC endpoints secure the network boundaries and control traffic flow to and from the CMS36 resources.
Isolation in AWS Commercial Cloud (standard):
AWS provides strong isolation controls to ensure the security and privacy of customer data. Here are the key elements of isolation in AWS:
Network Isolation: Virtual Private Cloud (VPC) provides isolated virtual networks within AWS. VPC provides network-level isolation, enabling you to control inbound and outbound traffic, configure network security groups, and establish private connectivity options.
Hypervisor Isolation: AWS uses a hypervisor-based virtualization architecture to provide isolation between different instances (virtual machines) running on the same physical hardware. The hypervisor ensures that each instance remains isolated and independent from others, preventing unauthorized access to data.
Access Controls: AWS Identity and Access Management (IAM) enables you to manage access to AWS resources. IAM allows you to define granular permissions and access policies for users, roles, and groups, ensuring that only authorized entities have access to specific resources.
3. Security Compliance and Certification
We understand the importance of maintaining robust security practices, protecting sensitive data, and providing an inclusive user experience. Our trusted vendor relationship with AWS allows us to offer highly scalable and secure cloud hosting.
For government agencies and law enforcement organizations, adherence to the Criminal Justice Information Services (CJIS) Security Policy is crucial. Our application aligns with applicable CJIS requirements, which cover security controls and safeguards for handling criminal justice information. We implement stringent access controls, encryption mechanisms, intrusion detection, and prevention solutions, and audit logging to safeguard CJIS data. Our application undergoes regular vulnerability scans and penetration testing to ensure the highest level of data protection for law enforcement agencies.
Our overall compliance process involves a comprehensive approach to security and accessibility. It starts with an in-depth analysis of our application's architecture, infrastructure, and data flows. We identify potential security and accessibility risks and implement appropriate controls to mitigate them. Our control framework conforms to applicable industry standards such as AICPA’s SOC, CJIS, NIST, WCAG, and others. Third-party audits are performed to ensure compliance with these standards.
As part of our commitment to meeting compliance guidelines, we have established a trusted vendor relationship with Amazon Web Services (AWS). This ensures that our SaaS application operates within a secure and resilient infrastructure.
4. User Experience and Accessibility
The application is designed with a strong emphasis on user-centric design, accessibility compliance, and intuitive interfaces, with the goal of transforming how government agencies operate and deliver services to their constituents.
User-Centric Design:
The SaaS application prioritizes user-centric design principles to provide government agency personnel with a seamless and efficient experience. Through extensive user research and feedback, the application's design is tailored to cater to the specific needs and workflows of government professionals. By offering intuitive navigation, simplified processes, and a visually appealing interface, the application enhances productivity and user satisfaction, allowing personnel to focus on their core responsibilities instead of struggling with complex systems.
Intuitive Interfaces and Workflow Optimization:
The SaaS application excels in streamlining workflows and optimizing processes to enhance efficiency. Its intuitive interface is designed to minimize the learning curve and enable government personnel to quickly adopt and utilize the application's capabilities. By understanding the typical workflows within government agencies, the application eliminates unnecessary steps, automates repetitive tasks, and empowers users to work more efficiently. This results in improved productivity, reduced errors, and overall performance enhancements for government personnel.
Ongoing Third-Party Audit Process:
To ensure continuous compliance with accessibility standards, the SaaS application integrates an ongoing third-party audit process into its Software Development Life Cycle (SDLC). Independent accessibility experts are engaged to assess the application's accessibility features, identify potential issues, and provide recommendations for improvements. By incorporating this audit process into the development cycle, the application adopts a proactive approach to accessibility, addressing emerging challenges and making regular updates to enhance accessibility and usability.