FORTUNE 100 FINANCIAL FIRM CAN MOVE TO AWS WITH CONFIDENCE AND SECURITY

Industry Financial Services
Solution Type Cloud Security
Needs Although our client established a mature AWS security architecture and design, they looked to our team to validate the security of their cloud security architecture.

Support

This company had already defined their AWS DMZ security requirements. Although our client established a mature AWS security architecture and design, they looked to our team to validate the security of their cloud security architecture so they could meet core security, resiliency and compliance requirements. This company wanted to leverage leading practices to secure AWS assets and transition their existing data center controls to AWS. Moreover, our client wanted to create a secure and repeatable standardized DMZ architecture which could be implemented by their infrastructure team.

We worked collaboratively with our client’s information technology and security teams to conduct an architecture assessment of their AWS DMZ security architecture/design. To better understand and assess the client's architecture, we reviewed documentation and diagrams, and held meetings and interviews to focus on key components such as identity and access management (IAM), incident response (IR), and service operations.

At the end of the day
With the insight gained from the meetings and assessment, we provided recommendations to ensure leading cloud security practices were met for security, resiliency and compliance. Key recommendations included
  • Automating compliance checks
  • Establishing templates
  • Leveraging Amazon Macie an AI tool to monitor privileged users and protect sensitive data
  • Enhancing forensic capabilities
  • Improving DDoS protection in the cloud design
  • Enhancing logging and analytics
  • Managing security groups which are critical to security and difficult to administer
  • Improving egress design
  • Emphasizing private key security
  • Instituting network visualization across AWS accounts
  • Increasing operations automation (to detect, alert and fix)
Given these recommendations and validation of the foundation network architecture, our client was able to securely and confidently move to the cloud. Through scripting and templating, they could build this security baseline into a repeatable process to expand from.

Company Profile:

A large U.S. insurer and investment management firm that provides coverage to millions.


Before you leave…
want to sign up for our newsletter?