LaunchDarkly becomes the first FedRAMP-authorised feature management platform thanks to Ubuntu Pro
Learn how a SaaS provider achieved effortless FIPS compliance on AWS
Delivering SaaS to government customers can be highly rewarding, but it comes with a unique set of challenges.
With more than 4,000 organisations across verticals depending on LaunchDarkly’s feature management SaaS platform to accelerate software innovation, the company was beginning to see major interest from prospective customers in the government sector.
To extend its services to federal customers, LaunchDarkly needed to become FedRAMP compliant and implement FIPS 140 certified cryptographic modules.
Ubuntu has always been at the heart of the LaunchDarkly platform, so when it learned that a FIPS-compliant Ubuntu image was available on AWS, it did not hesitate to expand the relationship with Canonical.
Ubuntu Pro FIPS helps solve the compliance challenge while delivering the same, familiar Ubuntu experience and capabilities that have helped drive LaunchDarkly’s
success since it was founded in 2014.
“It just works. Of all the things that give me trouble and keep me up at night, Ubuntu is not one of them”.
Patrick Kaeding, Staff Security Engineer, LaunchDarkly
About LaunchDarkly
• SaaS provider delivering an industry-leading feature management platform to support enterprises in bringing their products to market
• Helps developers effortlessly launch, control and measure digital products
• Platform deploys up to 25 trillion feature flags per day
Highlights
• To achieve FedRAMP compliance and meet the needs of federal government customers, LaunchDarkly implemented Ubuntu Pro FIPS on AWS
• Certified cryptographic modules help LaunchDarkly to easily satisfy FIPS 140 requirements
• Seamless Ubuntu Pro deployment and operations, together with automated security updates, enable the team to focus on other, more challenging areas of the software stack
Challenge
More than 4,000 organisations depend on the LaunchDarkly feature management platform to streamline their product launches and accelerate software innovation.
Bringing together feature flags, context-aware targeting and experimentation into
one solution, the platform is well-established as a valuable tool for developer teams across verticals – and it was beginning to draw the attention of a growing number of prospective customers in the government sector.
To support these new clients, LaunchDarkly set its sights on delivering a new version of its service that supported the unique requirements of federal organisations.
Crucially, this meant ensuring compliance with FedRAMP, the United States federal
government security program for cloud services, and implementing Federal Information Processing Standards (FIPS) 140 for its cryptographic modules.
Patrick Kaeding, Staff Security Engineer at LaunchDarkly, explains:
“Our biggest challenge was meeting the FedRAMP auditors’ criteria. Our use of regular open source material wasn’t going to cut it”.
Open source technology is a critical component of the LaunchDarkly software strategy, but most upstream releases are not designed for FIPS compliance. The company needed a specialised solution that would enable it to continue enjoying the
flexibility, cost-effectiveness and innovation of the open source landscape while also satisfying strict regulatory requirements.
“Our biggest challenge was meeting the FedRAMP auditors’ criteria. Our use of regular open source material wasn’t going to cut it”.
— Patrick Kaeding, Staff Security Engineer, LaunchDarkly
Solution
LaunchDarkly began looking for a Linux distribution with FIPS 140 certified packages that it could run in its AWS EC2 environment in AWS.
Initially, the company considered using Red Hat Enterprise Linux (RHEL), but a better fit for LaunchDarkly’s use case quickly presented itself – Ubuntu Pro FIPS.
“Nobody on the team really liked the idea of migrating to RHEL”, continues Patrick Kaeding. “None of us were particularly comfortable with the Red Hat ecosystem. But then we discovered that there was a FIPS-compatible version of Ubuntu available on
AWS. We’ve been using Ubuntu since day one, so we were excited to be able to stay in a familiar environment where we already had operational experience”.
Ubuntu Pro FIPS is a purpose-built OS image for AWS that delivers FIPS-certified modules out-of-the-box. The solution enforces known secure algorithms and configurations, and ensures that modules work in a FIPS-compatible mode of operation by default.
Canonical supports each Ubuntu Pro FIPS image for up to 10 years, delivering ongoing security updates to address CVEs. This long-term guarantee offers unparalleled stability and peace of mind, ensuring that LaunchDarkly’s systems remain secure both now and in the future.
What’s more, with Ubuntu Pro + Support, the company can also benefit from 10 years of 24/7 support directly from Canonical’s experts.
Patrick Kaeding adds: “After getting value from Ubuntu for all these years, it’s great having the opportunity to work with the company behind it. Even being as experienced with Ubuntu as we are, it’s still good to know that Canonical is there if we ever need to ask for help”.
Alongside FIPS compliance, Ubuntu also equips LaunchDarkly with Center for Internet Security (CIS) benchmarking tools, enabling it to further harden its systems by easily implementing best practices.
Read how to enable FedRAMP compliance with Ubuntu Pro ›
Results
With Ubuntu Pro FIPS for AWS providing a compliant foundation for its service, LaunchDarkly has become the first and – at time of writing – only FedRAMP-authorised feature management platform on the market.
Government organisations throughout the United States, such as the Centers for Medicare & Medicaid Services (CMS), can now take advantage of LaunchDarkly’s service and modernise their software delivery strategies with confidence.
Seeing the capabilities of Ubuntu Pro FIPS first hand, LaunchDarkly decided to roll out the image for both government and nongovernment customers. Keeping the environments consistent streamlines management for LaunchDarkly, and enables nongovernment users to benefit from the highest levels of security.
Ubuntu makes it easy for LaunchDarkly to keep its platform protected and up-to-date thanks to automated updates.
Automated security patches minimise vulnerability windows without increasing the maintenance burden for Patrick and his team.
“Unattended upgrades are big for us”, confirms Patrick Kaeding. “We know that, so long as there’s an update available, we won’t have open vulnerabilities running on our instances. It’s something that frequently ticks boxes on customer questionnaires and audits”.
Between LaunchDarkly’s Ubuntu expertise, Canonical’s support, and the solution’s ease-of-use, deploying Ubuntu Pro FIPS on AWS was a seamless process – and it has continued to run smoothly ever since.
“It just works”, concludes Patrick Kaeding. “Of all the things that give
me trouble and keep me up at night, Ubuntu is not one of them”.
Download the full case study ›
Learn more about Ubuntu Pro and Start Your Free Trial ›