Geotab
Case Studies
February 16, 2023

Geotab

Security Compliance, Security Gap Analysis

Driving toward a fast FedRAMP ATO

Geotab is a vehicle telematics company that provides vehicle tracking, fleet management, and transportation analysis solutions. Its Internet-of-Things infrastructure is complex and includes both cloud-based and hardware device infrastructure. As a result, FedRAMP is especially tricky to navigate for companies with these hybrid-type infrastructures.

Geotab’s FedRAMP effort had a short-turnaround opportunity to gain a spot on a $200m GSA contract. However, Geotab also needed to move from AWS to GCP to ensure the FedRAMP solution aligned with their existing corporate environment.

Complicating matters, Geotab’s unique telematics solution required the development of custom security controls exceeding the FedRAMP Mod baseline to meet requirements from DHS, GSA, and the Volpe National Transportation Center at DOT. Amongst other engineering challenges, this required Geotab to seek its FIPS validation on a custom vehicle telematics module, which only the largest organizations usually try to tackle.

38North worked with Geotab to provide the standard FedRAMP documentation, engineering support, and lift and shift Geotab from AWS to GCP.

38North then helped implement a custom control set that exceeded the FedRAMP moderate baseline and assisted Geotab in seeking FIPS validation for their custom encryption module. Following successful authorization, 38North assisted Geotab on the integration new capabilities into its authorization boundary, including AI tools requiring unique cloud security approaches.

38North’s FedRAMP sprint, including the custom controls and associated engineering challenges, enabled Geotab to secure a spot on a $200m GSA contract, opening the US federal, state, and local government markets to Geotab.

Challenges

  • Geotab started with a standard FISMA authorization but had to pivot fast to FedRAMP to chase a major GSA contract.
  • Geotab had to coordinate with GSA, DOT, and DHS to comply with a unique set of controls for the physical vehicle telematics devices. These controls exceeded the FedRAMP moderate baseline and required Geotab to pursue its own FIPS validation for a custom encryption module on its vehicle telematics device.  
  • Following authorization, they must continually integrate new capabilities into the system boundary to stay competitive.

Solutions

  • Cloud Security
  • Security Compliance
  • Security Gap Analysis
  • Security Engineering

Results

  • FedRAMP authorization and a spot on a large GSA contract, opening the US federal market for Geotab.
Back to Case Studies
38 North logo

5335 Wisconsin Ave, N.W. Suite 640
Washington, D.C. 20015
202.640.1472






Contact Us Directly
© Copyright 2024 38North Security