eGlobalTech’s RPA Bot: Automatic SSP Validation for ATOs

Hands on computer with Robotic Process Automation on screen

Robotic Process Automation (RPA) can revolutionize the way organizations function, enabling employees to focus on complex problems while RPA bots fully automate tasks like data entry, document reviews, and screen scraping. By automating tasks that don’t require human decision-making or interference, RPA saves organizations time and money.

While many processes would benefit from RPA, this use case will focus on the Authority to Operate (ATO) document review for System Security Plans (SSPs). This process is a great candidate for RPA because its underlying business process is well-defined, the document review steps are repeatable and consistent, the reviews are time-intensive, and the data validation steps do not require human decision-making.

What is an Authority to Operate (ATO)?

An ATO grants a system the ability to operate in production environments on a federal agency’s infrastructure. For a project to acquire an ATO, multiple security documents need to be thoroughly completed and reviewed, including the System Security Plan (SSP), which documents key attributes of a system’s security posture. SSPs are reviewed to ensure system information is accurate, security levels are correct, and access controls are correctly implemented. It typically takes Information System Security Officers (ISSOs) two days to review and validate an SSP and review findings need to be remediated and triaged, which results in the ATO process taking months.

eGlobalTech’s Bot: Automate the SSP Review

To accelerate the review process and empower ISSOs to address system vulnerabilities quicker, we developed an RPA bot using the UiPath tool suite to validate and verify the completeness of an SSP, including system controls for a moderate-level system, the system details, security categorization, information types, security images, and access controls.

After the evaluation, our bot creates a scorecard and populates the results for ATO evaluators. Our bot completes the entire evaluation and scorecard in under four minutes without human intervention. It scans the SSP, highlights errors in various colors, and even writes detailed comments for ATO evaluators (e.g. “a required image is missing in this section”) – all without any intervention.


With the SSP review completely automated, an ISSO can refocus their time on the review findings and remediating any system vulnerabilities. The bot also accelerates the ATO process by reducing false starts in initial submissions. This use case can be expanded to other security documents within the ATO process, enabling the automated review of all ATO documents and shortening the time it takes for systems to achieve an ATO from months to days.

eGlobalTech and RPA

At eGlobalTech, we think about RPA at the enterprise level. We not only develop bots for our clients – we work with clients to identify opportunities for RPA though process and workflow evaluation, optimize existing workflows, lead bot deployments, and perform ROI evaluations. We also formed a strategic partnership with UiPath, a leading RPA software company that’s deploying bots at over 40 federal agencies. Would you like to see our bots in action or to start an initial workflow assessment? Contact us today.

Want to learn more about RPA? Our RPA Demystified Whitepaper defines RPA and provides use case examples.

Revolutionizing Big Data Access and Analysis in the Cloud


Our client, a large research agency, automated its systems for storing, disseminating and analyzing big data about molecular biology, biochemistry, and genomics support for some of the most heavily trafficked governmental sites in the world. These sites experience millions of hits daily from medical workers, researchers, and the general public.

Researchers conducting analyses on the agency’s public datasets typically download them to their research facility computers or to their virtual environments in the cloud. The datasets are often massive, measured in terabytes and sometimes petabytes. Since these public, read-only datasets are copied as many times as there are research teams seeking to work on it, download times are long, and the process is inefficient. The agency was looking for a more efficient way for researchers to access and analyze the datasets faster, as well as free up more of the agency’s networking capabilities.


eGlobalTech (eGT), a cloud service provider, partnered with this agency to help architect, design, and implement new forms of access to significantly improve the efficiency and speed of research on massive biomedical public datasets. To meet the client’s unique need, eGT employed the emerging “bring compute to the data” paradigm, which enabled researchers to create and fund their own cloud computing resources in one of several clouds where the government agency’s datasets reside. We enabled research teams’ cloud computers to directly connect to, read, and analyze public, read-only datasets without copying or downloading. Researchers see the same version of the data, access is immediate, and efficiencies are significant.

To achieve this result, eGT applied “cloud-native architectures composed in a cloud-agnostic manner” principles to develop the initial architecture portable across Amazon Web Services (AWS) and the Google Compute Platform (GCP), and iteratively refined and operationalized the architecture. eGT applied Infrastructure as Code practices and produced functional, software-defined solutions delivered in time-boxed iterations, while also supporting cloud architecture security engineering from both a compliance and an operational security perspective.

Major highlights of our services include:

  • Designed a multi-cloud architecture to support “Platform as a Service for Big Data Access” model
  • Leveraged tools such as Terraform and Puppet to automate the deployment and operations of cloud environments
  • Developed a portable architecture with initial support for AWS and GCP and eventual support for other providers such as Microsoft Azure
  • Developed required security packages, supported the Accreditation and Authorization (A&A) process, and helped secure Authority to Operate (ATO)
  • Provided on-going SysOps and environment management support to development and DevOps teams

eGT’s extensive experience as a cloud service provider, architecting and migrating applications to the cloud has enabled the development of flexible and creative breakthrough strategies that consider our client’s unique requirements, creative implementations, extremely complex environments, and security needs.


Key results of our solution include:

  • Operationalized multi-cloud environments in AWS and GCP
  • Developed required FISMA security packages and secured ATO on time
  • Enabled “Bring Compute to Data” strategy through distributable cloud automation platform

Contact us at if you would like to learn more about this project.

Copyright 2018 | eGlobalTech | All rights reserved.

Creating an Industry-Recognized, Cybersecurity Awareness Culture at HHS

Cybersecurity employee education HHS poster


Large, federated government agencies like the Department of Health and Human Services (HHS) face the challenge of creating an enterprise-wide culture of consistent cybersecurity best practices.  In addition to ensuring that 100 percent of the Department’s employees (80,000) and contractors (40,000) receive annual Information Security awareness training and role-based training in compliance with Office of Management and Budget (OMB) A-130, the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology (NIST) guidelines, they need recurring programs to empower their workforce to take an active role in cybersecurity, to educate the whole workforce, and to reinforce and promote cybersecurity policies.


HHS partnered with eGlobalTech (eGT) to build an industry-recognized, cybersecurity training, awareness and education program.  Our approach to cybersecurity education recognizes that we must change the organization’s cybersecurity culture (employees’ thoughts, beliefs and behaviors) to change security outcomes.  The solution we designed educates the broad, non-technical workforce, to increase cyber-hygiene best practices of all users, thereby reducing insider threats. The program weaves together multi-faceted, recurring communications to reinforce annual security and privacy training requirements.

Recognizing that humans are the weakest link in organizational security, eGT’s integrated cybersecurity training, awareness and education program focuses on the “people” part of change management to complement ongoing cybersecurity “processes” and “technologies” deployed throughout HHS.  Since many people find cybersecurity to be an intimidating topic that is too broad in scope and practice to approach, much less master, eGT’s program recognizes this common attitude and presents cybersecurity best practices as personal, practical, and plausible.

The Department-wide initiative called CyberCARE (Cybersecurity Communications, Awareness, Response, and Education) increases employees’ awareness and understanding of critical cybersecurity best practices through website articles, posters and bi-weekly email knowledge checks that prompt staff to read, test their knowledge and attend monthly training.  The monthly Healthy Technology lunch n’ learn trainings that are delivered both in-person and virtually align with the monthly CyberCARE cybersecurity theme to drill-down and teach attendees how to implement cybersecurity best practices.  All content is designed to bridge age, cultural, and attitude gaps, making an intimidating topic seem more approachable and understandable.  Our programs convey the knowledge and skills necessary to safeguard technology, reduce incidents, and use technology safely, both at work and home.  We customize our training content, when necessary, to address specific vulnerabilities within individual Operating Divisions.  As employees are empowered to proactively address and respond to cybercrime, the number of cybersecurity and data privacy incidents decreases.


Our program has grown exponentially since its inception in 2016.  Industry has recognized our success with the 2016 Federal Information Systems Security Educators’ Association Best Cybersecurity Website, and the 2018 Bronze Cybersecurity Excellence Award for Best Security Education Program.

The CyberCARE website is consistently the top website visited by HHS employees.  In a single year, eGT has trained close to 5,000 employees across the 12 Operating Divisions of HHS. eGT’s training, awareness and education program reinforces HHS’ ethical phishing program, and together, these efforts have resulted in a significant decrease in employees’ phishing susceptibility – from 14.3 percent in Fiscal Year (FY) 2017 to 6.1 percent cumulative results for the first two quarters in FY 2018.  These numbers quantify the amazing results of eGT’s security education program and its ability to truly empower people to be cybersecurity guardians.

eGT is proud of its partnership with HHS as a model for working together strategically to implement a major change management initiative to create a strong cybersecurity awareness culture within a large and diverse government agency.

Contact us at if you would like to learn more about this project.


Copyright 2018 | eGlobalTech | All rights reserved.

Migrating Workloads to AWS – The DevOps Way

black servers DevOps Cloud Migration AWS


FlatWorld, a digital textbook publisher, provides a unified and cohesive user experience for instructors to adopt, customize, and teach from more than 100 high-quality textbooks. FlatWorld’s digital textbook platform
is a set of custom-built services using a variety of open- source technologies such as Drupal, Python, Ruby on Rails, and Sinatra. The infrastructure was hosted through a managed data center provider, but costs were high and it was cumbersome to operate and maintain. FlatWorld decided that migrating to a commercial cloud would reduce operational costs, deliver new features and capabilities, and speed products to market. They selected Amazon Web Services (AWS) as their preferred cloud platform. However, significant challenges remained in executing the complex migration, including:

  • No Downtime: Students use FlatWorld every single day and contracts with institutions demand high availability, so the migration had to take place seamlessly without downtime.
  • Short Timeframe: The migration had to be complete before the start of the school year when usage and business peaks.
  • Retain Legacy System: Needed to operate the legacy and new cloud system in parallel to mitigate risk and assure confidence in the new services.
  • Constrained Resources and Budget: The available resources and budget for performing the cloud migration was limited.
  • Adding additional capabilities: Increased service level requirements were needed for the new system.


eGT employed an infrastructure-as-software approach in executing the entire system and data migration, implementing all cloud provisioning, application configuration and orchestration tasks as a repeatable software-driven process. We took full advantage of AWS programming interfaces and capabilities using our Cloudamatic® tool, a 100% open-source cloud-orchestration framework. Cloudamatic is a core component of eGT’s DevOps Factory® service.

eGT collaborated with FlatWorld to establish a consistent and common understanding of the business requirements and timelines. Together we developed an overall cloud migration plan and schedule and produced the target cloud architecture. We iteratively produced the necessary work products to facilitate rapid, pain-free migration of FlatWorld services to AWS.

Test Environment
The first task was to establish a working test environment of FlatWorld’s digital textbook platform in AWS. During the test deploy, Cloudamatic was used to define and automate a complex cloud software deployment. Since the client requested AWS CloudFormation templates as a required output format, we saved time by using Cloudamatic capabilities to machine generate the CloudFormation templates, which saved precious labor hours.

Parallel Production Mirror
Our experts established a parallel production system of FlatWorld services in AWS to mitigate any risk of disruption during FlatWorld’s peak business season. The parallel production system operated as a secondary system and mirrored real-time data and transactions processed by the legacy production environment. Parallel operations allowed for controlled testing of the FlatWorld AWS version in production, while maintaining full business continuity and preparing for full production cut-over to be executed at the time and schedule of our client’s choice.

Production Cut-Over
After completing production testing, we shifted the focus towards flipping the legacy data center-hosted environment to secondary status, eventually moving to a full cutover to the AWS-hosted FlatWorld infrastructure. After a month of uninterrupted operations, we decommissioned the data center instance and completely switched over to an AWS-hosted FlatWorld digital textbook platform.


Established a functional test environment in less than 6 weeks and operationalized the production mirror within 3 months.

  • Achieved a Continuous Delivery and Secure DevOps operating model through Cloudamatic.
  • Improved service-level agreement performance and system availability to over 99.9%.
  • Saved over 70% in operational costs by migrating to AWS.
  • Empowered team to manage at scale performing massive upgrades, patching, and deployments with zero downtime after migrating to AWS and adopting Cloudamatic.

“Our relationship with
e GT has allowed us to completely overhaul and modernize our web infrastructure over the last year. Their tools, knowledge, and experience gave us the confidence to begin new projects and their support as partners helped us implement and complete them, which has significantly reduced our operating costs while allowing us to ship new features faster.”
Keith Fahlgren, VP of Product and Engineering, FlatWorld

Contact us at if you would like to learn more about this project.


Copyright 2018 | eGlobalTech | All rights reserved.

Connected vital health data with businesses, academia, and policy makers for better healthcare outcomes using DevOps Factory

healthcare data analytics image


HHS required an independent public facing Open Data platform to meet increasing demand for search and discovery of machine-readable health data. This new platform was expected to provide an intuitive, easy to use web user interface to submit, publish, search and discover and consume simple and complex datasets. In addition, it needed to automatically scale to support increasing numbers of datasets and users.


eGlobalTech applied its DevOps Factory® framework in the development, implementation and operations of Applying user centered design principles, we rapidly prototyped UI wireframes and iteratively tested and refined them through usability testing. These designs were transformed into functional software leveraging best-of-breed 100% open source technologies delivered through a fully automated continuous delivery pipeline.


  • First production release of deployed in less than 2 months
  • Cloud-first, Mobile-first and API-first solution that helped extend access, adoption and integration with over 30 different health data providers
  • Number of cataloged datasets increased from 200 to 1700 in less than 1 year
  • New system releases delivered to production every week
  • eGT’s Blue-Green deployment strategy ensured zero-downtime during release deployments


Contact us at if you would like to learn more about this project.


Copyright 2018 | eGlobalTech | All rights reserved.

Reduced 70% of ICRAS O&M Costs by Migrating to the Cloud

Cloud Computing Row of Servers


HHS needed support with development, maintenance, and operations of the Information Collection Request and Approval System (ICRAS). This need included a transition to the cloud to realize better performance and cost savings. ICRAS enables HHS and its agency partners to electronically prepare, track, report on, and administer procedures for obtaining OMB approval for the collection of information from the public.


eGlobalTech rapidly migrated HHS’s ICRAS to Amazon Web Services (AWS).  The entire cloud provisioning and deployment process to development, testing, and production environments was fully automated by Cloudamatic ®, part of eGlobalTech’s DevOps Factory® tool suite. We further established a continuous delivery pipeline, automating the integration and delivery of code fixes and enhancements to production.  This solution enabled customers to utilize new features and capabilities at a fast pace.


  • Successfully migrated ICRAS to the AWS cloud in less than 6 weeks
  • Improved defect resolution rate by over 50%
  • Reduced O&M costs by over 70%
  • Improved application performance load times by 36%

Contact us at if you would like to learn more about this project.


Copyright 2018 | eGlobalTech | All rights reserved.

Migrating and Securing a Geospatial System to the Cloud

Arial pictures fema cloud migration


A client had a complex geospatial system prototype composed of Microsoft and open source applications with growing number of ArcGIS services. This prototype was used in a production capacity and encountered frequent outages and performance issues.  The need was to migrate this cloud environment to a more stable infrastructure, engineer it for production capacity, and achieve the required level of security compliance.


We applied our DevOps Factory® framework and automation tools to re-engineer the target architecture and automate the end to end cloud migration process onto our managed AWS infrastructure. Leveraging Cloudamatic ®, our open source full-stack automation tool, we automated the provisioning of hardened instances, installation and configuration of applications, networking and security, and orchestration of the complete cloud environments – all performed through a single click of a button. Post migration, we instrumented a Continuous Delivery pipeline empowering development teams to onboard new applications and to rapidly push new code to production.


  • Migrated and operationalized the geospatial cloud ecosystem to AWS within 3 months
  • Achieved true high availability, reliability, and consistent optimal performance
  • Seamlessly supported 400+% growth of geospatial services
  • On-boarded over a dozen complex applications and systems
  • Achieved 99.99% operational availability


Contact us at if you would like to learn more about this project.


Copyright 2018 | eGlobalTech | All rights reserved.

Read more