nClouds AWS Case Study
Lifebit
nClouds’ expertise in AWS GovCloud and FedRAMP compliance enabled Lifebit to rapidly enter the US federal market, achieving significant time reduction while ensuring a secure, compliant, and FedRAMP-Moderate-ready audit solution.
Benefits Summary
Created a FedRAMP Moderate and audit-ready architecture in the AWS GovCloud 40% faster
Delivered FedRAMP compliance submission to drive growth in US federal markets
About Lifebit
Lifebit builds enterprise data platforms for organizations handling sensitive genomic and biomedical data, empowering therapeutic leaders to access and analyze siloed biomedical information. Based in London, UK, Lifebit identified the US federal government as a key growth market, requiring FedRAMP compliance for business operations.
Interested in additional services from nClouds?
Challenge
Lifebit identified the US federal government as a key growth market. To conduct business with US federal agencies, Lifebit identified compliance with FedRAMP as a requirement. FedRAMP is a framework within the Federal Information Processing Standards (FIPS) used by the US government and its contractors and vendors.
Lifebit engaged nClouds to accelerate and achieve the migration of Lifebit’s workloads to AWS GovCloud and prepare Lifebit for the third-party assessment to achieve FedRAMP Ready designation. To meet Lifebit’s urgent business needs, nClouds was asked to accelerate the project timeline by 40% over the plan.
Why AWS and nClouds?
Lifebit chose nClouds for its proven expertise in AWS GovCloud migrations and FedRAMP compliance. nClouds’ demonstrated ability to accelerate project timelines, deep AWS ecosystem understanding, and collaborative approach—including leveraging the specialized FedRAMP expertise of AWS Partner RiscPoint—provided Lifebit with the confidence and support needed to achieve its objectives swiftly and efficiently.
Strategy and Solution
nClouds delivered a solution for Lifebit that is designed to meet FedRAMP’s stringent security and compliance standards. It leverages Amazon EC2 instances running FedRAMP-authorized, hardened container images to ensure secure, compliant compute operations. These instances are designed to mitigate risks and meet federal cybersecurity requirements.
The CI/CD (DevOps) pipeline integrates Terraform for container orchestration, ensuring scalable infrastructure management, and Anchore for vulnerability scanning and configuration validation. This combination ensures compliance with the FedRAMP Moderate standard, continuously enforcing security policies and mitigating risks throughout the development and deployment lifecycle.
Additionally, the environment incorporates Amazon S3 buckets, equipped with FedRAMP-compliant encryption, access controls, and audit capabilities to ensure the secure handling and storage of sensitive government data. This infrastructure is purpose-built to align with FedRAMP guidelines, delivering scalability and high assurance for regulated workloads.
nClouds created and used solution accelerators (infrastructure as code/IaC), collaborating with AWS partner The Solutions Factory. The solution accelerator supports the FIPS frameworks for FedRAMP.
After nClouds completed the infrastructure setup, Lifebit’s engineering team seamlessly deployed its application on top of it, incorporating the necessary orchestration to ensure efficient management and scaling of the environment. This collaboration enabled a smooth transition from infrastructure to application deployment.
ISVs or Third-Party Integrations
nClouds and Lifebit were mandated to utilize FedRAMP-authorized independent software vendors (ISVs) to meet the stringent security and compliance requirements for government workloads. This included integrating industry-leading solutions and AWS Advanced technology partners: CrowdStrike for advanced threat detection and endpoint security, DataDog for comprehensive monitoring and observability, Tenable for vulnerability management and continuous compliance assessment, and Anchore for container security monitoring.
Additionally, an instance of Jira was deployed within the AWS FedRAMP Boundary, ensuring that project management and collaboration tools adhered to federal cybersecurity standards. These ISV integrations ensured that every aspect of the cloud environment, from security to operational monitoring, complied with FedRAMP regulations, enabling secure, compliant cloud operations for highly regulated environments.
nClouds collaborated closely with AWS Partner RiscPoint to deliver a comprehensive solution for Lifebit. nClouds contributed its technical engineering prowess, providing the necessary infrastructure and cloud architecture expertise to optimize performance and scalability. Meanwhile, RiscPoint brought in-depth subject matter expertise on FedRAMP, ensuring that all processes and implementations adhered to the stringent compliance requirements. This strategic partnership combined nClouds’ engineering capabilities with RiscPoint’s regulatory knowledge, resulting in a robust, secure environment tailored for federal standards.
Results + Benefits
nClouds’ expertise in AWS GovCloud and FedRAMP compliance enabled Lifebit to rapidly enter the US federal market, achieving significant time reduction while ensuring a secure, compliant, and FedRAMP-Moderate-ready audit solution.
Technical Results
- Speed: Achieved a 40% reduction in the plan timeline for creating a FedRAMP-Moderate- and audit-ready architecture in the AWS GovCloud.
- Submission: Delivered FedRAMP compliance submission that will enable Lifebit to drive growth in US federal markets and customers.
Business Results
- Speed: nClouds provided scalable engineering resources throughout the project, enabling rapid deployment and buildout phases. Project completion was 40% faster than planned, achieved in under 10 months, significantly faster than typical similar engagements.
- Familiarity: Lifebit capitalized on nClouds’ deep AWS expertise for optimized performance and seamless integration throughout the environment.
- Accountability: A dedicated senior-level nClouds executive provided continuous alignment and transparency throughout the project, participating in daily standups, both internal and external, providing direct oversight and ensuring consistent progress and issue resolution.