About Customer
The customer, a major bank in New Zealand, offers financial and banking products to more than 8 million business and retail organizations across over 32 markets. They are committed toward improving the sustainability and financial wellbeing of organizations through efficient, relevant, and connected services.
The Need for Security Operations for AWS Cloud
The bank wanted to establish reliable and effective security operations for proactive response to security events from their AWS cloud workloads. It was necessary that they comply with the regional banking regulatory requirements of The Australian Prudential Regulation Authority (APRA) for running production workloads on AWS. The compliance to the APRA regulations being the primary goal, the bank was required to design and deploy potent controls for each of the security domains mentioned below.
- Centralized user access management and seamless SSO
- Vulnerability management
- Configuration compliance
- Security incident monitoring
- Privileged activity monitoring
- Standards compliance
- Patching compliance
Blazeclan’s Solution of SecOps Setup
Blazeclan successfully migrated the bank’s customer-facing solution on AWS with an efficient operating model for managed services and security operations. We leveraged our cloud security framework, cSecure, to accelerate cloud security adoption and build a robust security operations for the bank’s AWS workloads. The cSecure framework is built with a heavy focus on automation and effective use of cloud-native security services to meet the security compliance requirements. Our team of managed security services delivered cloud security operations aligned to their existing service management processes and tools.
The Solution Approach
- To provide a centralized user access management system and enable a seamless SSO for AWS users, the customers’ Active Directory Federation Services (ADFS) was integrated with AWS IAM for role-based access control (RBAC).
- ADFS enabled the use of existing enterprise credentials in the AD for AWS authentication. The IAM roles were used to provide various users with authorization based on their job roles and responsibilities.
- To provide segregation of duties based on least privilege RBAC, AWS IAM roles were aligned to the five functions of NIST for their quick start guide vis-a-vis NIST CSF.
- Using native cloud security services, each security domain was made compliant with the regulations of APRA.
- Security monitoring and response tasks were automated by using native Infrastructure-as-Code (IaC) and scripts along with security runbooks. This ensured handling alerts and incidents based on defined SLAs.
- Security operations playbooks, incorporating workflows, SOP, and contact information were designed to facilitate managed security for effectiveness in performing their tasks.
Benefits Achieved by the Customer
- Security operation processes developed and managed by Blazeclan secured the required regulatory authorities’ approval for the customer.
- Enforcing stringent security and compliance monitoring processes ensured that all compliance obligations are met for protecting the data in their cloud environment.
- Employing cloud native services enabled a highly secure and easily scalable environment for the customer’s infrastructure.
Tech Stack
AWS Security Hub | Amazon GuardDuty | Amazon Inspector |
Amazon CloudTrail | AWS Config | Amazon CloudWatch |
AWS WAF | AWS Identity and Access Management |