Last updated on April 1st, 2022 at 3:31pm
The mission is clear for the Centers for Medicare & Medicaid Services (CMS): put patients first across all their programs, including Medicare, Medicaid, and the Health Insurance Exchanges. Increasingly, CMS is turning to the cloud to help achieve this mission and fulfill their goal of becoming the premier government agency supporting citizens by leveraging modern cloud technology.
CMS builds and operates applications in the Amazon Web Services (AWS) cloud. One of the responsibilities of the Infrastructure and User Services Group (IUSG) at CMS is to onboard and support application development organizations (ADOs) who are building these applications. CMS applications operate portals for services, provide data processing for claim submissions, manage Medicare and Medicaid processes, and support open enrollment.
However, providing access to build and operate is not as simple as giving a developer access to AWS. Without a solid governance program in place, organizations face risk around budget control and compliance assurance. Growth in the cloud leads to several challenges:
- How to lay a solid governance foundation that supports ongoing growth without limitations with proactive security controls as well as continuous scanning
- How to provide expedited account provisioning to take advantage of rapid developments in the cloud
- How to deliver financial visibility and enforce budgets
CMS chose Kion (at the time branded as cloudtamer.io) to fulfill their cloud governance and management needs across automation and orchestration, financial management, and continuous compliance. Kion enables CMS to easily view all their cloud accounts organization-wide, quickly provision new accounts, get a real-time view into budget and centralize cost management, and automate staff adherence to defined compliance standards.
Kion delivered key capabilities to the CMS team:
- Consistent enforcement of security policies to govern the use of AWS. With Kion, CMS was able to take “paper policies” shared to users via an internal website (including the AWS services that were approved by the organization) and automatically apply and enforce those policies within the AWS accounts used across the agency. Kion made it easier to update those policies when technical review boards and federal guidance changed or new AWS services were approved. The continuous compliance engine also made it easy for non-developers to build security policies to quickly meet their needs.
- Automated account creation to increase the speed and consistency of account provisioning. Kion helped automate multiple previously manual steps including IAM roles and permissions setup and VPC creation.
- Support for different levels of visibility across AWS accounts. Kion gave the CMS IT Services Groups technical and financial visibility of all assets they manage, while providing application owners with technical and financial visibility of only their own assets.
- Near-real time cloud spending, budgeting, and forecasting tracking for all CMS accounts in the AWS environment. Previously, Microsoft Excel-based reports were provided once per week. With Kion, each business owner can see a current near-real time view of their cloud spending anytime. These spending views are also enriched with other organizational costs, such as security services, to give a more complete picture into the actual cost of operating applications within the AWS cloud environment.
- Flexibility and scale to support organizational structure changes in the AWS account hierarchy and manage the expected growth of CMS AWS applications without limitations.
The impact of Kion at CMS
Kion is currently being rolled out in two phases throughout CMS, with the first phase targeting existing users of the AWS cloud environment and the second phase targeting new users of cloud. This second phase aims to provide a greenfield approach to AWS to improve the user experience in the cloud while also accelerating the process to obtain an authority to operate (ATO) for FISMA-High workloads in the AWS GovCloud region. Kion is the central hub of the orchestration and governance required in these engagements and the key tool used to give end users and new service teams access to AWS commercial and GovCloud resources.
With Kion as an integral part of their cloud operations, CMS has achieved the following results:
- Reduced time to provision a user account for a user from several weeks to a couple days
- Greater transparency into costs and enhanced cost reporting (both incurred and projections of future spend)
- Ability to reduce current cloud operations team size as a result of automating many cloud governance tasks
- Decrease in cost overruns and compliance issues
Kion, coupled with the AWS Governance at Scale framework, delivers a controlled, but flexible, cloud environment to CMS staff to help make it even easier to migrate applications and ultimately fulfill the patient-first CMS mission in a more cost-effective manner.