Government on Commercial Cloud Features

Simplified onboarding process

GCC 2.0’s onboarding process and experience are streamlined to ensure that it is on par with the standard industry practice. Users can onboard GCC 2.0 solely through their TechPass account. More than 90% of all the tenant account creations took less than one day, with most of these accounts created within an hour or less. Simplified onboarding enables engineers to come on board quickly and start their development activities immediately.

Automated workflows

The workflow for creating GCC tenant accounts, Cloud Service Provider (CSP) accounts, and cloud user management are fully automated in GCC 2.0, with an accounts vending solution wholly designed and developed by GovTech internal engineering team. This shortens the turnaround time and eliminates the need to create service requests.

Enhanced cybersecurity

Public officers can access government engineering resources from their Government Standard Image Build (GSIB) devices or any internet devices. However, the internet devices must onboard the device into Secure Engineering Environment Device Platform (SEED) to allow it to become a Government Managed Device (GMD). SEED automatically revokes access for any device that is non-compliant. End-to-end encryption is also available for the transactions between the GMD and the GCC 2.0 platform.

Reduced cost

Strategies such as re-engineering the GCC platform to streamline GCC onboarding, automating the workflows of tenant account and CSP account provisions, and using cloud-native solutions have reduced overall expenses.

For example, in GCC 2.0, Jumphosts are replaced with cloud-native solutions such as Session Manager and Fleet Manager for Linux and Windows workloads. All these translate into higher productivity and cost savings in the workforce as engineers can now deliver services in a shorter turnaround time.

Improved observability, auditability, and monitoring

GCC 2.0 adopts a Policy-as-Code (PaC) approach. Hence, all resources provided will have a policy compliance check by default. GCC 2.0’s compliance checking happens in real-time to check for security vulnerabilities. The PaC defines the identity used to access your CSP console or dashboard. Cloudflare Access Control determines who can access government engineering resources by applying access control policies and replacing the need for VPNs.

Continuous compliance

GCC 2.0 adopts a light-touch approach towards cloud-native solutions. Native solutions such as AWS Config are used to achieve continuous compliance. All the resources provisioned have a policy compliance check by default. By defining policies as codes, the latency in security assessments is reduced, making it possible to evaluate the compliance state of cloud workloads quickly and for resource configuration changes to be detected earlier.

Remote administration

Native solutions from CSPs enable remote administrators to manage, access and troubleshoot cloud resources, including Elastic Compute Cloud instances and virtual machines. They provide a consistent way to gather operational insights, carry out routine management tasks, track your development, access test and production environments, and proactively act on events or active incidents.

Guidance and automated scans to meet compliance requirements

CSP accounts in GCC 2.0 are automatically onboarded to the Cloud Security and Compliance Automation Platform Ecosystem (CloudSCAPE). CloudSCAPE ensures that all cloud resources are scanned by the platform daily. This helps agencies secure deployments on GCC 2.0 by providing guidance to meet compliance requirements, as well as automated scans to monitor and send alerts when deployments do not meet the security baseline.

Last updated 01 April 2024

---