Brainstorm Session 6: IRAP Strategy¶
Date: 2026-04-15 Objective: Design IRAP deployment strategy for defence clients Depends on: Sessions 1-5 (Elixir, architecture, agents, data model, multi-industry)
Techniques Used¶
- Reverse Brainstorming — "How would we guarantee IRAP failure?"
- Starbursting — Who/what/where/when/why/how
- SWOT Analysis — Assessment of recommended strategy
Strategy: Three-Layer Approach¶
Layer 1: Infrastructure (AWS Sydney, IRAP-assessed by AWS)
└── VPC, RDS, S3, CloudHSM, CloudWatch, GuardDuty, CloudTrail
Layer 2: Security Boundary (Go proxy, ~500 LOC, ISM-listed language)
└── TLS termination, auth verification, audit logging, rate limiting, response filtering
Layer 3: Application (Finnest Elixir, full platform)
└── 18 domain modules, agent system via Bedrock, config-driven IRAP restrictions
One Codebase, Dual Deployment¶
Same Elixir release. Different config/runtime.exs:
- Commercial: direct Anthropic API, 60-min sessions, all integrations, standard audit
- IRAP: Bedrock Sydney only, 15-min sessions, restricted integrations, enhanced audit, MFA mandatory, IP allowlist
Classification Target¶
- Target: OFFICIAL:Sensitive
- Design for: PROTECTED (future-proofing)
- Separate PostgreSQL instance (no data co-residency)
- Separate VPC (no peering to commercial)
- All data stays in ap-southeast-2
IRAP Deployment Architecture¶
AWS ap-southeast-2 (Sydney) — Dedicated IRAP VPC
Public Subnet:
└── ALB (TLS, WAF)
└── NAT Gateway
Private Subnet (Application):
└── ECS Fargate: Go Proxy (security boundary)
└── ECS Fargate: Finnest app (2+ tasks)
└── Secrets Manager
Private Subnet (Data):
└── RDS PostgreSQL (Multi-AZ, encrypted, CloudHSM keys)
└── S3 (Object Lock, SSE-KMS)
└── CloudHSM (FIPS 140-2 Level 3)
Monitoring:
└── CloudWatch Logs (7yr retention)
└── CloudTrail (API audit)
└── GuardDuty (threat detection)
└── Security Hub (compliance dashboard)
NO peering to commercial VPC
NO traffic leaving ap-southeast-2
Feature Restrictions (IRAP Deployment)¶
| Feature | Commercial | IRAP |
|---|---|---|
| AI Provider | Anthropic Direct API | AWS Bedrock Sydney (Claude) |
| Session Timeout | 60 minutes | 15 minutes |
| MFA | Optional | Mandatory (FIDO2 preferred) |
| Audit Level | Standard | Enhanced (field-level changes) |
| SendGrid | AWS SES (Sydney) | |
| Job Boards | SEEK, Indeed, LinkedIn | Disabled (offshore data flow) |
| Scheduling | Calendly | Disabled (US-hosted) |
| OAuth | Google, Microsoft, Apple | Microsoft Entra ID only |
| IP Allowlist | None | Client network ranges |
| Key Management | AWS KMS | AWS CloudHSM (FIPS 140-2) |
| Data Classification | None | OFFICIAL:Sensitive headers |
| Webhooks | All | Australian endpoints only |
Go Boundary Proxy¶
~500 lines of Go. Responsibilities: 1. TLS termination (FIPS-compliant cipher suites) 2. Request validation (content type, size, injection patterns) 3. Authentication verification (token + MFA check) 4. Classification header injection 5. Full request/response audit logging 6. Rate limiting / DDoS protection 7. Response filtering (strip internal headers)
Does NOT: process business logic, access database, make AI calls, hold state.
Purpose: ISM-listed language at the security boundary satisfies assessor regardless of application language behind it.
CI/CD Pipeline Separation¶
| Stage | Commercial | IRAP |
|---|---|---|
| Source | main branch | main branch (same code) |
| CI | GitHub Actions | GitHub Actions (same) |
| Security scan | Basic (dependencies, linting) | SAST + DAST + dependency audit |
| Review gate | PR review | PR review + security review |
| Staging deploy | Auto on merge | Manual promotion |
| Production deploy | Manual promote | Two-person approval |
| Deployment lag | Real-time | 1-2 weeks behind commercial |
| Pen testing | Annual | Quarterly |
Access Control (IRAP Production)¶
- Zero standing access
- Access via AWS SSM Session Manager (no SSH keys)
- Just-in-time: request → approve → time-limited → auto-revoke
- All sessions recorded and logged
- Only cleared personnel can approve access
- Break-glass procedure documented and tested annually
Timeline¶
| Phase | Duration | Activities | Budget |
|---|---|---|---|
| Pre-assessment | Month 1-2 | Engage assessor, validate Elixir + Go proxy approach, define boundary | $25K |
| Remediation | Month 3-6 | Build Go proxy, IRAP VPC, security docs (SSP, SoA, SRMP), SAST/DAST | $65K |
| Pre-assessment testing | Month 7-9 | Internal review, pen testing, vulnerability remediation | $40K |
| Formal assessment | Month 10-12 | Stage 1 (docs) + Stage 2 (testing), remediate findings | $200K |
| Total to certification | ~12 months | ~$330K |
Ongoing Annual Costs¶
| Item | Annual |
|---|---|
| Infrastructure (dedicated VPC, RDS, CloudHSM) | $80K |
| Penetration testing (quarterly) | $30K |
| Security tooling (SAST/DAST) | $30K |
| Reassessment (annual) | $120K |
| Compliance FTE (partial) | $150K |
| Documentation updates | $10K |
| Total ongoing | ~$420K/year |
Revenue Justification¶
| Defence Clients | Employees | Revenue (@ $15 PEPM) | Covers IRAP Costs? |
|---|---|---|---|
| 1 client | 500 | $90K/year | No |
| 3 clients | 1,500 | $270K/year | Partial |
| 5 clients | 2,500 | $450K/year | Yes (break-even) |
| 10 clients | 5,000 | $900K/year | 2x return |
Plus: AgenticAI credits at premium rates, government tender eligibility, 3-5 year contract stickiness.
Failure Prevention¶
| Failure Mode | Prevention |
|---|---|
| PII sent to US API | Bedrock Sydney only (feature flag) |
| Shared database | Separate RDS instance, no peering |
| Offshore log shipping | CloudWatch ap-southeast-2 only |
| Supply chain attack | Locked dependencies, SBOM, no runtime fetch |
| Missing audit trail | Event store (append-only, trigger-enforced immutability) |
| Excessive session timeout | 15-min timeout (config/runtime.exs) |
| No change management | Separate CI/CD, two-person approval, security review gate |
| Developer SSH to prod | Zero standing access, SSM only, JIT approval |
Key Insights¶
Insight 1: Three-Layer Approach Minimises Assessment Surface¶
AWS infrastructure already IRAP-assessed. Go proxy is small + ISM-compliant. Assessor scrutinises Layer 2 + ops, not 150K LOC of Elixir. Impact: High | Effort: Medium
Insight 2: Pre-Assessment Is Cheapest Risk Reduction¶
$25K to validate approach with assessor before committing. Eliminates months of uncertainty. Impact: High | Effort: Low
Insight 3: IRAP Security Benefits Commercial Too¶
Audit logging, encryption, access control improvements strengthen the entire platform. Impact: Medium | Effort: Low
Insight 4: Feature Flags Are Already the Mechanism¶
IRAP restrictions = feature flags. No new infrastructure. Impact: Medium | Effort: Low
Insight 5: 5 Defence Clients Covers Costs¶
$450K/year at 2,500 employees covers $420K/year ongoing. Defence clients are sticky (3-5yr contracts). Impact: High | Effort: High (defence sales cycle)
Insight 6: Sovereign AI via Bedrock Is Unique¶
No Australian HR platform offers AI agents within IRAP boundary. Claude via Bedrock Sydney = full capability + sovereignty. Impact: High | Effort: Low
Pre-Requisite Actions¶
- Engage IRAP assessor (Month 1) — validate Elixir + Go proxy approach
- Build Go boundary proxy (~2 weeks development)
- Set up IRAP VPC on AWS Sydney (Terraform)
- Write System Security Plan (SSP) — define assessment boundary
- Implement SAST/DAST in CI pipeline
Statistics¶
- Total ideas: 25+
- Categories: 5 (Architecture, Deployment, Access Control, Timeline, Revenue)
- Key insights: 6
- Techniques applied: 3
Generated by BMAD Method v6 - Creative Intelligence