Correo electrónico | nube@criptonube.com

 

About the customer                                          

An automotive industry company, with several years of experience  is a leader in the automotive market.

Positioned in more than 10 cities, with more than 20 branches, it offers a wide range of products from its production lines all complemented with post-sales services aimed to heavy transport, light and work segments.

Issue

They had already an infrastructure in AWS to host its critical applications, especially its electronic invoicing, websites, and Oracle databases. Looking to improve their services and infrastructure to make them  more agile and secure, they contacted Criptonube for advice.

Because the informacion that it handles about all its customers is very important and sensible, we applied a Well-Architected Framework Review to know the current state of the infrastructure and can offer different solution to cover the customer’s needs and avoid possible attacks and prevent threats.

Solution

With the WAFR Criptonube/Myappsoftware found vulnerabilities and improvement points according to the pillars of AWS good practices like monitoring, alarms, backups, network security configurations, users with least privileges between others.

After the review, we did a work plan to start to implement the improvements, which included: configuration of Direct Connect to provide a dedicated private connection between the AWS infrastructure and Customer’s Data Center.

AWS Backup to ensure the EC2 Instances has periodic backups and by this way providing a RTO and RPO of 1 hour, in case any issue occurs. The RDS database has periodically configured backups to accomplish with the RTO and RPO.

Criptonube enabled Amazon CloudWatch to monitor the infrastructure and AWS CloudTrail to store  console logs in a S3 bucket.

AWS Config was used to keep the configurations of its infrastructure and inventory its resources efficiently.

We configured AWS Guard Duty to provide to the customer an automated manner to detect vulnerabilities and behaviors that can become threats for the infrastructure.

We did a review and identification of unnecessary IAM users and their privileges to improve the access control to the AWS console and its services.

Finally, we implemented AWS Key Management Service to encrypt the Amazon Elastic File System information and ensure it is morepero secure.

Was accorded with the customer, make WAFR each 6 months to keep good practices.

AWS Services implemented

  • AWS Direct Connect: to a private, secure, and fast connection

  • AWS Backups: to automate backups

  • AWS Config: to control and inventory of configurations

  • AWS CloudWatch: to monitor

  • AWS CloudTrial: to log control and access

  • AWS Guard Duty: to threat detection

  • AWS KMS: to control of encryption keys

Results and benefits

Was implemented different security services to improve the security level at the infrastructure, providing to the customer a more reliable, safe, and fast architecture, an in this way keep the pace of mind of the customer about its information protection.

Doing different tests with the customer, it tells us that the site feels more agile, loading quickly than before. Whereby the customer's experience navigating through the websites is more successful.