About the customer
An automotive industry company, with several years of experience is a leader in the automotive market.
Positioned in more than 10 cities, with more than 20 branches, it offers a wide range of products from its production lines all complemented with post-sales services aimed to heavy transport, light and work segments.
They had already an infrastructure in AWS to host its critical applications, especially its electronic invoicing, websites, and Oracle databases. Looking to improve their services and infrastructure to make them more agile and secure, they contacted Criptonube for advice.
Because the informacion that it handles about all its customers is very important and sensible, we applied a Well-Architected Framework Review to know the current state of the infrastructure and can offer different solution to cover the customer’s needs and avoid possible attacks and prevent threats.
With the WAFR Criptonube/Myappsoftware found vulnerabilities and improvement points according to the pillars of AWS good practices like monitoring, alarms, backups, network security configurations, users with least privileges between others.
After the review, we did a work plan to start to implement the improvements, which included: configuration of Direct Connect to provide a dedicated private connection between the AWS infrastructure and Customer’s Data Center.
AWS Backup to ensure the EC2 Instances has periodic backups and by this way providing a RTO and RPO of 1 hour, in case any issue occurs. The RDS database has periodically configured backups to accomplish with the RTO and RPO.
Criptonube enabled Amazon CloudWatch to monitor the infrastructure and AWS CloudTrail to store console logs in a S3 bucket.
AWS Config was used to keep the configurations of its infrastructure and inventory its resources efficiently.
We configured AWS Guard Duty to provide to the customer an automated manner to detect vulnerabilities and behaviors that can become threats for the infrastructure.
We did a review and identification of unnecessary IAM users and their privileges to improve the access control to the AWS console and its services.
Finally, we implemented AWS Key Management Service to encrypt the Amazon Elastic File System information and ensure it is morepero secure.
Was accorded with the customer, make WAFR each 6 months to keep good practices.
AWS Services implemented
AWS Direct Connect: to a private, secure, and fast connection
AWS Backups: to automate backups
AWS Config: to control and inventory of configurations
AWS CloudWatch: to monitor
AWS CloudTrial: to log control and access
AWS Guard Duty: to threat detection
AWS KMS: to control of encryption keys
Results and benefits
Was implemented different security services to improve the security level at the infrastructure, providing to the customer a more reliable, safe, and fast architecture, an in this way keep the pace of mind of the customer about its information protection.
Doing different tests with the customer, it tells us that the site feels more agile, loading quickly than before. Whereby the customer's experience navigating through the websites is more successful.