Customer profile

The client is a state government transport agency city operating out of Sydney, Australia

Busniess challenges

• Security assurance of applications while transforming and re-hosting the applications and related infrastructure on AWS
• Greenfield Cloud security design for multi cloud environment using cloud native services to the maximum possible extent which covers all aspects of security and meets “Cloud Security Alliance (CSA)” standards and best practices
• Automation and security of Dev-Ops environment.

Value delivered

• All AWS assets have the Qualys cloud agent installed, which is performing a real-time vulnerability assessment
• A total of 16.5 K vulnerabilities were fixed
• Continuous assessment and reduction of the organization's security risk

AWS Services

• AWS Native Solutions - AWS IAM, Amazon Inspector, Amazon GuardDuty, AWS Security Hub, NACL, Security Groups, AWS Shield Adv, Cloud HSM/KMS, AWS WAF, CloudWatch, etc.

Our solution

• Review of infrastructure, application, resilience, and security aspects
• We helped the client build a security framework and solutions design that adhere to “Cloud Security Alliance CSA” standards and cover all areas of infrastructure, application, and data security
• Security controls matrix and zoning model that best meet the needs of the client as per the findings of the HCLTech assessment
• In-depth analysis of the native security controls offered by AWS and multi cloud platforms to identify the strengths and weaknesses with respect to similar third- party solutions.
• Automation during the build phase, planning the build strategy using all native infrastructure as code services, such as AWS Cloud Formation Template
• Build and use of hardened and secure golden images based on CIS benchmarks.
• Usage of serverless technologies, such as Amazon Lambda to feed malicious IP information exchange to achieve faster response.
• Constructing a Centralized SIEM for monitoring and alerting on a multi cloud environment