Problem Statement
Context
All products on the DLT Apps cloud platform are within the highly regulated space of financial services, and are expected to host confidential / PII data of customers including those from financial transactions. Our clients require us to meet high security and compliance standards akin to SOC2 and ISO compliance requirements.
Challenges
- One of our first products required us to meet 127 requirements across governance risk and compliance, Identity and Access management, Data protection, Security Incident Response, Personnel Security, Training and Awareness, Network Security, Operations Security, Physical Security, as well as Software Development and Hosting.
- All of this had to be accomplished in a short period of time to meet the compressed launch timelines (5 months) and evidenced to the information security reviewers.
Solution
The secure platform was designed in line with due consideration to
1Data encryption and network security
2Well-defined Identity and Access Management
3Endpoint protection and data loss prevention
Our team built a secure platform adopting various AWS Security services to implement necessary security controls listed below:
- All confidential data was encrypted using keys managed using BYOK client-managed keys.
- A secure network hub with centralised egress and ingress controls was set up using AWS Network Firewall, and AWS WAF.
- Azure Active Directory and Privileged Identity Management were used to set up a secure identity.
- Access management as well as the JML process. All access controls to various tools and cloud provider were managed via Azure AD.
- Microsoft Intune-based endpoint protection was rolled out to all developer assets and access was controlled via conditional access policies.
- A secure workstation solution with limited access to production was configured using AWS Workspaces including endpoint protection software to implement data loss prevention controls.
- Security events are streamed to Elastic SIEM, and alerts were generated via OpsGenie.
Impact
- All 127 controls were implemented and ready for product launch within five months. The platform has successfully been through multiple assurance audits by our client and penetration tests.
- The platform is live with confidential / PII data, and all data access procedures have been tested and used for production support.
- All critical SIEM alerts have been set up to notify of any anomalies in the network, Identity and Access, and data movement.
More Case Studies
Leverage our extensive Cloud Services
expertise to achieve strategic business outcomes