Treasury Makes History with Its Own Secure Cloud

The Approach: Cloud-Native, Security-Centric

Although commercial cloud companies offer a FedRAMP-High system for government, it’s a different matter for a federal agency to build and own an environment designed for federal clients. So in addition to offering the highest level of security, the environment needed custom tools and processes to blend built-in security with ease of maintenance, scalability, and innovation. 

To meet these ambitious goals, we assembled a diverse team that allowed us to blend a deep understanding of Treasury’s mission with expertise in cybersecuritydigital transformation, and advanced analytics. This allowed us to ensure the environment would accelerate capabilities in artificial intelligence (AI) and machine learning (ML) while meeting Treasury’s specific operational and mission requirements. Our cloud specialists were at the core of the team, applying lessons learned from hundreds of successful cloud migrations.

RAMPing Up—Strategies That Are Smarter, Not Riskier

The team had to find innovative ways to work within Treasury’s ambitious timeline without resorting to shortcuts, which can compromise a high-security environment. We partnered with the OCIO to deploy automation and apply open source, DevSecOps, and containerization technologies that enabled us to build rapidly while integrating emerging capabilities seamlessly and securely. 

Aligning around the principle of “security first,” we also used our experience as a third-party certifier (3PAO) to ensure a skillful blend of process, technology, and security best practices. This holistic view ensured that the technical aspects of the platform were aligned with Treasury’s operational needs, preventing bureaucracy pitfalls that could compromise Treasury’s ability to maintain continuity of WC2-H operations.   

A common cause of security failure is unintended vulnerabilities that result from efforts to manually modify, configure, and integrate different security tools into a single stack. Booz Allen’s approach mitigated this risk by building security into the platform itself via a suite of automated continuous integration tools and deployment processes—all native to WC2-H.  

This security posture provided business benefits as well as peace of mind. For example, we used historical knowledge of Treasury’s cloud operations to develop automated and proactive methods for logging, tracking, and flagging suspicious interactions. We knew this would simplify responsibilities for IT teams in addition to lowering the risk of manual errors in spotting vulnerabilities.

Changing Culture—Stakeholders Take Ownership

Beyond tackling the engineering challenge of building and launching a FedRAMP-compliant cloud environment that integrated seamlessly with Treasury’s on-premises network, Booz Allen became a true partner in making the cloud environment viable, sustainable, and successful. Our team took on multiple roles beyond managed service provider—delivering expertise in system integration, network engineering, identity and access management, stakeholder engagement, security and compliance, acquisition, and other areas common to federal clients migrating to the cloud. 

“It’s important to look at the full spectrum of cloud implementation—not just the technology, but the people and processes,” says Delie Minaie, IT program manager. “Finding a provider who can physically set up your cloud is easy. But if you factor in areas from network connectivity and data protection to service level agreements, diverse stakeholder needs, and federation, it becomes very complex, very fast.” 

She explained that all moving pieces need to be unified to work towards the mission. “This requires not only strong leadership from the provider but equally strong sponsorship at the highest levels of a partner agency.”

Accordingly, we worked to understand the needs of associated Treasury bureaus and demonstrate to them how moving their IT assets to the Treasury-owned WC2-H cloud environment would further their long-term mission. And after an organization decided to migrate its IT assets into the federated WC2 environment, we ensured buy-in from key stakeholders in cybersecurity, infrastructure, and IT strategy who could champion the transition. 

In addition, Booz Allen conducted critical design sessions promoting collaboration among OCIO divisions regarding requirements and design considerations such as identity management, network elements, and DevSecOps. This ensured stakeholders from both Treasury and partner agencies understood their roles in the continued security and operational flow for the platform.

“The first customer tenant in WC2H estimated a $3.7 million annual cost savings after transitioning from a legacy on-premise application to a refactored datalake environment within WC2H.”

Benefits Across Bureaus

Some of the advantages that Treasury bureaus and partner agencies receive with WC2 include:

  • No Upfront Investment Costs: Treasury OCIO provides the environment
  • Lower Maintenance Costs: Costs continue to reduce as more users join 
  • Built-In Security: Best-of-breed encryption, vulnerability, continuous monitoring 
  • Integrated Efficiency: DevSecOps and automation for container services and pipeline management 
  • Managed Services: Optional O&M support available with shared operations teams
  • Agency ATO in Weeks: Existing security documentation reduces authorization timeline 
  • Faster Onboarding: Provision infrastructure in days and begin developing applications
  • Cost Model: Pre-negotiated vehicles reduce time and complexity to receive services

The Solution: A High-Security Cloud to Streamline Modernization

In just 6 months, Booz Allen fulfilled all 421 requirements to receive FedRAMP High certification for WC2-H, enabling Treasury to offer a premier hosting platform for sensitive public-facing, extranet, and intranet web solutions. Today, Treasury OCIO provides two cloud environments at FISMA Moderate and High levels—WC2-M and WC2-H—which have collectively enabled digital transformation extending beyond public-facing websites to Treasury’s mission-critical systems.

Our team provides secure management, running more than 500 servers and 40 applications—a number that continually increases as we migrate new applications while making it easy for new partners to plug in. The environment provides reusable platforms and configuration, security, and other controls. 

As these elements are all tailored for government needs and compliant with federal regulations, agencies can continually modernize at higher speed and lower cost. “For example, the first customer tenant in WC2H estimated a $3.7 million annual cost savings after transitioning from a legacy on-premise application to a refactored data lake environment within WC2H,” says Brad Beaulieu, chief cloud architect for the initiative.

WC2-H enables partner agencies to streamline their responsibilities as they lower their cost: For example, it clears the way for Treasury to move its most sensitive data assets out of three dedicated on-premises data centers costing tens of millions of dollars annually to maintain. It also improves citizen services by enabling 99.9% uptime and increased security and reliability for Treasury’s public-facing websites. Constituents have better access to critical content ranging from pandemic relief information to market-moving financial data. 

Enabling Speed and Efficiency through Shared Services

Consumers across Treasury bureaus can now host both public-facing and mission-critical sensitive applications on WC2-H. The environment accelerates application migration from months to days and reduces waiting time for change requests from weeks to hours. “WC2-H gives bureaus a way to simplify their work, focus on their mission, and transform beyond what they had considered possible,” Brad says. 

The platform offers shared services across all three of the major cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Agency and bureau customers can securely add custom capabilities by pushing their code into a repository that scans the code and reports vulnerabilities back to the developer for resolution. After the application launches, WC2-H provides continuous monitoring via a suite of security services available to all customers. As the environment grows, new infrastructure is instantly patched, encrypted, and protected against vulnerabilities.

These features enable mission teams to access robust development capabilities and provide more customer-centric services at a faster pace. Agencies can build applications and tools within WC2-H that allow them to confidently expand into new territory and fulfill changing mission needs with the knowledge that security is built into the environment at every level—infrastructure, platform, and application.

Organizational Impact

Snapshot of WC2 Results

$10M+ cost avoidance across Treasury public-facing websites

500+ virtual machines across the WC2 moderate & high environments

500+ security controls implemented

5B+ unique user interactions logged and tracked to safeguard security

40+ tenant applications hosted in the shared environments

Treasury Shows the Way

With WC2-H, Treasury OCIO is setting the trajectory for the future of cloud in the Federal Government. The adoption rate continues to increase as Treasury bureaus and civil agencies trust the environment’s security, discover the efficiencies of automation, and see the possibilities to expand their capabilities within a highly resilient platform. As our partnership with Treasury has grown from single applications to security for WC2 to system integrator and managed services provider for its cloud hosting environment, so has our ability to help the Department usher in the next frontier of cloud technology. 

Now we’re on the next phase of the Treasury cloud journey, helping bring more tenants into WC2-H and charting the course together so agencies can achieve the economies of scale the community model provides. “Our deep bench of cloud security engineers, strategists, and DevSecOps technologists are innovating for the continued growth and expansion of the Department’s cloud services model,” says Paul Tartaglione, a senior vice president in Booz Allen’s finance, energy, and economic development business. “More customers will get the benefit of a standard contract structure that delivers just-in-time benefits.” 

Treasury serves as a model for other agencies pursuing government-mandated consolidation of services in the cloud. The Department demonstrates how an agency can transform from a tenant within another’s cloud to a provider of shared cloud services with the ability to design, control, and evolve its capabilities. And by providing end-to-end processes, standardized tools, and a protected, government-centric framework, Booz Allen makes it easy for government agencies to accelerate their own modernization journeys.