The customer is a finance company with offerings across the consumer, SME, and commercial sectors. They offer finance to corporate entities as well as individuals.
The Need for Automated Cloud Security
The customer had embraced cloud transformation to significantly ramp up the digital presence of their insurance business, make faster decisions, reduce time-to-market, leverage unlimited scalability, and reduce susceptibility to seasonal skews. Being part of a highly regulated industry, the customer had to comply with strict regulatory controls, improve their application security posture on the cloud, and select the level of security & resilience appropriate for their workloads.
To navigate through this environment, the customer was seeking assistance in securing their public & private applications as well as protecting the data in the cloud environment. They were looking for a solution that would filter the outgoing internet traffic and apply a notification-trigger mechanism to audit the logs. This solution would play a crucial role to stand between the entire virtual server and the internet, allowing only the whitelisted domain and subdomains, based on stringent regular expressions.
They wanted to automate the patching on need-basis and maintain a 24/7 security of the servers. Additionally, they eyed a secure line of communication between their on-premise network and cloud infrastructure while maintaining a software inventory check on the servers for audit and compliance purposes.
Blazeclan proposed a multi-fold solution approach for supporting the customer in achieving their desired objectives. The approach involved
- Comprehensive risk assessment reviews along with a gap analysis of the existing environment
- Leveraging custom, automation scripts for the cloud environment hardening. This ensured following security best practices while setting up the cloud environment.
- Review and implementation of a solution for securing the traffic coming from the public web. This also enabled the application with high availability.
- The implementation of a software that uses business rules to protect and classify critical/confidential information. This has also curbed unauthorized end users from maliciously or accidentally sharing the data.
- Blazeclan’s cloud security automation solution, which accelerated deployments with security as part of the workflow.
- After implementing critical security controls and tooling, the customer was successfully able to migrate their on-prem application and customer data to the cloud. The customer data was completely secured and cloud services were further leveraged to extend the capabilities of the existing application. Moreover, the entire on-premises environment of the customer was migrated to the landing zone.
Benefits Achieved by the Customer
- Effective integration of the third-party software with AWS delivery a single pane of glass view of the cloud and the on-premises environments.
- Implementation of an end-to-end, native services-based security architecture enabled the customer to achieve a highly scalable environment with automated security posture monitoring.
- The customer’s infrastructure met the PCI-DSS compliance while the network and traffic flow have been encrypted and secured.