About Lucid

• Founded in 2010, Lucid builds and delivers an end-to-end Visual Collaboration Suite that helps teams to ideate, plan, design, build, and manage workflows from a shared infinite canvas.
• Lucid produces Lucidchart, Lucidspark, and Lucidscale – online collaboration tools for diagramming, whiteboarding, and visualizing cloud infrastructure.
• Lucid serves over 70 million users across 180 countries, with its products widely utilized by 99% of Fortune 500 companies.

Overview

Lucid's suite of visual collaboration tools are used by tens of millions of people in private businesses across the globe. It's no surprise that their high-end productivity tools caught the eye of government and federal agencies looking to use Lucidspark, Lucidchart or Lucidscale in their work. There was just one problem: providing these tools and services to the US government comes with additional compliance requirements and challenges. For Lucid to be able to offer their products to federal and government clients, they would need to become FedRAMP compliant and implement FIPS 140-2 certified cryptographic modules.

As a long-time user of Ubuntu hosted on AWS, Lucid turned to Canonical to aid with compliance. By adopting Ubuntu Pro, Lucid was able to access a FIPS-compliant Ubuntu image for AWS. Getting Ubuntu Pro FIPS for AWS was fast and easy through the AWS Marketplace. This image contained all the FIPS 140-2 certified packages and auditing tools they would need to meet FedRAMP standards. Lucid was also able to use the Ubuntu Security Guide (USG) to further harden its systems with best practices.

Following a seamless rollout, complete with ongoing enterprise support from Canonical, Lucid achieved FedRAMP certification for their product portfolio, ensuring that their federal and government customers could continue to enjoy their favorite visualization and workflow acceleration suite.

Challenge

To provide its solutions to US government organizations and federal agencies, Lucid's services and systems needed to become FedRAMP compliant.

FedRAMP is a federally run program with security and auditing standards that software-as-a-service providers must meet to provide services to the US government and its federal agencies.

One of the many requirements to meet compliance standards is that encryption providers or protocols must meet a NIST standard called Federal Information Processing Standards (FIPS) 140-2 for its cryptographic modules.

Lucid operates entirely on AWS, using services like EC2 and Lambda. However, most upstream releases are not natively designed for specific regulatory compliance standards like FIPS or FedRAMP. These packages can be custom-built and certified manually by companies; however, these methods of meeting compliance are extensively time-consuming and labor-intensive.

At the same time, Lucid's established developer environment was based in Ubuntu. Switching to a FedRAMP- or FIPS-certified environment outside the Ubuntu ecosystem would involve considerable disruption. Lucid sought a solution that would be seamless to integrate into their existing system to keep downtime and interval disruptions to a minimum. Additionally, the solution would have to be natively compatible with AWS, as this platform was the backbone of their operations.

Solution

To meet FIPS and FedRAMP compliance, Lucid chose Ubuntu Pro FIPS with Canonical's enterprise support.

“We use Ubuntu in our internal environments, so for our certified packages it was a no-brainer to use Ubuntu Pro,” said Rocky Olson, Principal Software Engineer, SRE Operations, Lucid.

Ubuntu Pro FIPS is a purpose-built OS image for AWS that delivers FIPS-certified modules out of the box. The solution enforces known secure algorithms and configurations and ensures that modules work in a FIPS-compatible mode of operation by default.

Because Ubuntu Pro is available directly on the AWS Marketplace, implementation was fast and painless. Lucid was able to simply add the service to its existing subscription and immediately benefit from the FIPS-certified packages.

Lucid initially explored other distributions or providers, but quickly realized that this would have resulted in internal disruptions, learning curves with unfamiliar frameworks, or costly new enterprise support contracts. Ubuntu Pro being native to Ubuntu meant they could get the certified packages needed with nearly zero disruption to their workflow.

Benefits

With Ubuntu Pro FIPS for AWS, Lucid had what it needed for an easy and hands-off certification process. With full access to Ubuntu's FIPS 140-2 certified packages, preparing their products for FedRAMP-compliance was a breeze.

Ubuntu Pro and its Ubuntu Security Guide made meeting FedRAMP compliance fast and simple. “We built our FedRAMP environment at breakneck speeds,” said Rocky Olson. “We got everything up and running in six months, and mirroring and understanding the Ubuntu Pro packages took less than two weeks. It was just so fast.”

Ubuntu Pro also helped Lucid with its extended certifications work. The Ubuntu Security Guide (USG) that is included with Ubuntu Pro served as a useful auditing tool to run CIS and STIG benchmarking against Lucid's machines to show compliance with these standards.

When challenges and issues arose during the project, Canonical's enterprise support was there to resolve issues quickly and smoothly. As Ubuntu Pro + Support users, Lucid benefits from 24/7 direct support from Canonical's experts.

Thanks to Ubuntu's developer experience and Canonical's best-in-class enterprise support, it was fast, easy and cost-effective to deploy Ubuntu Pro and meet FedRAMP compliance standards, allowing Lucid access to the biggest IT contracting market in the United States.

Best of all, Lucid's services will be able to ensure FedRAMP certification and continuous access to the US Federal market for years to come, as Canonical supports each Ubuntu Pro FIPS image for up to 10 years, delivering ongoing security updates to address CVEs and ensure their systems remain compliant and secure. And if anything goes wrong with their packages, Lucid benefits from 24/7 support directly from Canonical's experts under the Ubuntu Pro Support service.