Building and Managing the secure foundations for AWS for a federal government agency
About the federal government agency
The Australian federal agency was established to strengthen the Commonwealth’s long-term financial position but operates independently from Government. The agency is now investing in and considering activities in a more strategic capacity and looking to adopt a long term view of it technology platform.
What was the customer problem or opportunity?
The agency is undertaking a significant program of work to improve its capability. As part of this work there is an increasing need to support developers and development activity in ways that allows and enables Agile development practices. The agency’s developers were constrained on several fronts including restrictions in the on-premises environments, particularly related to the ability to scale.
The agency was looking for a partner to build out a secure foundation environment in AWS for it’s development environments as an initial foray in the Cloud. Subsequently, the agency wanted to enhance the environment such that is was production readiness in preparation for migration of workloads. Of critical importance to the agency was the enablement of standard security patterns and practices.
How did RedBear deliver the solution?
RedBear designed and implemented a multi-account landing zone style solution for the agency. This included enabling hybrid connectivity to the on-premises environment using AWS Direct Connect. Identity was integrated with the agency’s identity provider. As part of the solution, RedBear enforced security standards and implemented patterns for secure service enablement. AWS security services implemented and configured for the agency included CloudTrail, Config, GuardDuty, Macie, Inspector, Access Analyzer, VPC Flow Logs and encryption by default for EBS and S3. Integration into AWS security monitoring services SecurityHub and Detective was provided as well as extending key security related events to the agency’s external SIEM. RedBear used its knowledge and extensive library of standard security queries, alerts and dashboards for AWS hosted applications to deliver a secure by design solution for the agency.
In addition, developers were provided with a simple way to establish new environments and storage objects using a Service Catalog approach.
During the migration process, RedBear was engaged to provide its Managed Security Service for the agency’s AWS environment. This involved ingestion and monitoring of AWS security services into the RedBear platform.
What was the outcome for the customer?
The solution provided allowed the agency to concentrate on its application development without having to worry about the underlying infrastructure. The Security team was able to easily gain insight into the AWS environment and ensure that no unintended access was enabled. The secure foundations have now enabled the agency to start its migration of on-premises workloads to AWS whilst being protected by RedBear’s managed security service.