Industry Financial Services
Solution Type Cloud Security
Needs Although our client established a mature AWS security architecture and design, they looked to our team to validate the security of their cloud security architecture.
This company had already defined their AWS DMZ security requirements. Although our client established a mature AWS security architecture and design, they looked to our team to validate the security of their cloud security architecture so they could meet core security, resiliency and compliance requirements. This company wanted to leverage leading practices to secure AWS assets and transition their existing data center controls to AWS. Moreover, our client wanted to create a secure and repeatable standardized DMZ architecture which could be implemented by their infrastructure team.
We worked collaboratively with our client’s information technology and security teams to conduct an architecture assessment of their AWS DMZ security architecture/design. To better understand and assess the client's architecture, we reviewed documentation and diagrams, and held meetings and interviews to focus on key components such as identity and access management (IAM), incident response (IR), and service operations.
At the end of the day
- Automating compliance checks
- Establishing templates
- Leveraging Amazon Macie an AI tool to monitor privileged users and protect sensitive data
- Enhancing forensic capabilities
- Improving DDoS protection in the cloud design
- Enhancing logging and analytics
- Managing security groups which are critical to security and difficult to administer
- Improving egress design
- Emphasizing private key security
- Instituting network visualization across AWS accounts
- Increasing operations automation (to detect, alert and fix)