img_blog

Financial firm Cherry Bekaert expands its clientele with secure, compliant remote desktops

Company summary

Cherry Bekaert provides financial and management services, including accounting, audits, tax, and consulting, to a diverse client base. Thousands of clients look to Cherry Bekaert’s accountants and advisors for innovative professional guidance on important operational and financial matters to advance their business goals.

Currently ranked among the nation’s largest accounting firms, Cherry Bekaert is positioned to impart cost-effective, practical advice to clients that include over 1,100 multinational corporations, private businesses, nonprofit organizations, governmental entities, emerging firms, start-ups and successful individuals.

Cherry Bekaert helps advance client growth by offering the resources and extensive service opportunities normally associated with national firms, coupled with the personal relationship, value-based fee structure, and service continuity of a local firm.

The Challenge

Seeking auditable, separately billed remote desktops for auditor groups
Cherry Bekaert had a business need to provide secure, responsive, and auditable virtual desktops for accountants and third-party auditors. Lacking the internal resources to architect, build, deliver, and manage such a complex environment, it sought a managed service provider to deliver and manage a solution on its behalf.

The key requirements included secured shared storage to enable users to safely share documents with clients, secure access to its proprietary tools for audit purposes, and additional security controls to ensure a safe, auditable environment.

Additionally, Cherry Bekaert sought Cybersecurity Maturity Model Certification (CMMC) accreditation as a CMMC Third-Party Assessment Organization (C3PAO). CMMC is a unified cybersecurity standard for Department of Defense acquisitions aimed at securing the Defense Industrial Base (DIB) supply chain. This certification, which Cherry Bekaert acquired in 2022, enables the company to audit any defense industrial base and produce an assessment accepted by the Department of Defense.

Due to the compliance needs this certification requires, each group of auditors needed an application that required a file server and SQL server. There would also be multiple tenants (groups of auditors) in the AWS environment at the same time, which required separate organizations with delineated permissions and cost accounting for each.

Since CloudHesive is a Registered Practitioner Organization (RPO) authorized to provide guidance to organizations seeking CMMC compliance, the accounting firm turned to CloudHesive for support.

The Solution

Implementing a secure, CMMC-compliant, fully managed virtual desktop environment that scales up and down with seasonal need
CloudHesive worked with Cherry Bekaert to understand its complete set of requirements and needs. The CloudHesive team worked hand-in-hand with its internal team to build and present a secure, scalable cloud architecture to present to the security team for review and approval.

The CloudHesive team built and deployed a CMMC-compliant, scalable virtual desktop solution on the AWS cloud. For the solution’s foundation, the CloudHesive team used Amazon Virtual Private Cloud, Amazon Elastic Container Store (EC2) for cloud storage, and Amazon Elastic Block Store (Amazon EBS) as a storage area network (SAN). To enable virtual desktops for audit teams, CloudHesive deployed Amazon WorkSpaces virtual desktop infrastructure and Amazon WorkDocs for document sharing.

To meet Cherry Bekaert’s security and multiple tenant requirements, the solution included deploying a well-architected, multi-account AWS environment called a Landing Zone. To that, to meet security requirements, CloudHesive implemented a security control plane, integrating multiple third-party cybersecurity tools, including Trend Micro for end point security, DUO to establish multi-factor authentication, and Datadog for SEIM.

To provide multi-tenant billing transparency, CloudHesive used tagging and AWS Cost Explorer, which enables users to visualize, understand, and manage AWS service costs. These tools provide the means to separate AWS bills according to tenants and charge back to the appropriate auditor groups, keeping billing accurate.

CloudHesive also deployed Centricity, a platform built on top of Amazon WorkSpaces, to provide additional visibility into and easier management of Amazon WorkSpaces.

The final solution was a fully managed, highly secured and controlled environment that enables Cherry Bekaert to grow its accounting and audit business line while leaving IT maintenance and management to CloudHesive.

The benefits

Expanding customer base using a scalable, compliant virtual desktop solution
The solution enabled CMMC-compliant, auditable, and scalable virtual desktops for accountants and third-party auditors at Cherry Bekaert, enabling the firm to expand its clientele to those Department of Defense contractors requiring CMMC-compliant audits.

“CloudHesive was fantastic to work with,” said Jack Redfield, Information Security Officer at Cherry Bekaert. “They architected an extremely secure Amazon Workspaces solution that allowed us to securely leverage our proprietary technology and increase our professional services capacity overnight. In addition, the managed service CloudHesive provides on secure AWS workspaces now permits Cherry Bekaert to expand our client base to those demanding this type of controlled environment for their data.”

Additionally, the solution enables the firm to save on costs by scaling up during tax season and scaling down the rest of the year.

“CloudHesive was fantastic to work with. They architected an extremely secure Amazon Workspaces solution that allowed us to securely leverage our proprietary technology and increase our professional services capacity overnight. In addition, the managed service CloudHesive provides on secure AWS workspaces now permits Cherry Bekaert to expand our client base to those demanding this type of controlled environment for their data. “

Jack Redfield – Information Security Officer, Cherry Bekaert

Services that drive success 

Managed security services  

  • Registered Provider Organization (RPO) as a Service 
  • Third-party assessment and and audit support (managed audit compliance) 
  • Incident response premium, including digital forensics and incident response (DIFR) report and cloud detection and response (CDR) 
  • Managed denial of service (DoS), distributed denial of service (DDoS) and Web Vulnerability Standard 
  • Endpoint Security as a Service, including intrusion detection system (IDS), intrusion prevention system (IPS), anti-malware, firewall, file integrity monitoring (FIM), logging as a Service 
  • Vulnerability Management Service (managed risk) for CMMC 

 Managed services 

  • Complete, end-to-end monitoring and management of the environment 
  • Managed patching, backups, and oversight 
  • Governance of the production environment 

Devops 

  • Deployment of Amazon VPC, Amazon EC2, Amazon EBS, Amazon WorkSpaces, and CloudHesive Centricity 
  • Built deployment scripts for environment deployment 
  • Integrated security tools Trend Micro, DUO, and Datadog 

Customer benefit summary  

  • Enabled CMMC certification and expanded customer base to level 2 Department of Defense contractors  
  • Enabled remote work for dozens of accountants and consultants 
  • Simplified billing for audit groups 
  • Ability to scale down outside of peak season saved costs 

Technologies used 

AWS 

CloudHesive 

Third-party