Shifting security left on your way to the cloud for better visibility, predictability, and self-healing

Shifting security left on your way to the cloud for better visibility, predictability, and self-healing

We aided our client in shifting security to the cloud for better visibility, predictability, and self-healing

Industry

Financial Services

Teams & Services

DevOps Engineering

Tech & Tools

CloudFormation / Lambda / Amplify / SSM

Key Data Points

Enable continuous improvement through continuous inspection
Faster technology adoption
Self-reliance

The Vision

To shift security to the cloud for better visibility, predictability, and self-healing.

The Goal

Armed with a bench of deep in-house security expertise and seasoned industry mavens, this client was looking for a pathway to shift their attention from traditional IT to the cloud.

The Challenge

The client had a deep bench of in-house security expertise and industry experts and was looking to shift from traditional IT to the cloud. Because they are so highly focused on building products that disrupt the financial industry, security is a critical topic for them. AWS was a great option because it allowed them to rethink security and compliance. However, this presented technical challenges that required a wealth of understanding in multiple areas of the development lifecycle.

Their existing landscape included a number of integrations with partners, downstream consumers, and Fintechs. This meant having to properly secure a myriad of configurations, all while continuously building more capabilities.

Protagona was brought in to uplift the environment. The goal was to create visibility into both existing and potential security issues, develop road-mapping fixes, and ensure a more compliant and secure environment overall.

The Solution

We began by increasing visibility into security concerns via automated tooling and best practices. This involved implementing AWS Security Hub, AWS Config, Lambda, and a set of SCP guardrails to help detect and prevent security compromises. Information collected from these new tools led to the discovery and remediation of various security vulnerabilities.

A key component was the creation of a SIEM data aggregation layer that enabled the centralization, transformation, and distribution of data from disparate sources. Data was then stored and visualized in AWS Opensearch, enabling security and cloud experts to have a single pane of glass for the customers’ security events.  This was instrumented via serverless frameworks, leveraging technologies such as S3, Lambda, and API Gateway.

The implementation phase was broken into activities that adhered to three focus areas: detection, remediation, and enforcement. The ultimate goal was to fix all existing problems and prevent any others from occurring in the future.

Building Capabilities

Leadership now expresses more confidence in their AWS environments to customers and partners. Highlighting specific capabilities and frameworks used for continuous improvement has become a huge selling point for them.

Cloud Adoption

The client was able to confidently shift more capabilities and workloads to AWS without fear of creating more security “sprawl”. Automated management of these items provides the ability to swiftly and permanently address issues before they arise.

Culture

No longer hesitant to address security issues, the client has become self-reliant. They can easily locate, predict, and address security concerns across all of their environments. The visibility from the tooling has had a profound impact on their confidence in the aegis of their environment.

OUTCOMES

Your data is trying to tell you something

Contact us

... are you listening?