Enhancing security and compliance: PLM hosting on AWS for a leading consumer goods manufacturer
The challenge
The client, one of the world’s largest consumer goods manufacturers, is headquartered in Finland. It mainly manufactures gardening tools, with scissors as its main product.
- The client had no PLM system; all their CAD Designs and documents were initially stored in SAP systems. This impacted their time to market. They faced numerous challenges, like a lack of centralized data, poor collaboration among geographically distributed CAD designers and limited product lifecycle visibility
- The existing setup limits the client’s ability to optimize, scale and secure data with centralized access control, efficient data integration and protect CAD design data
- Limited visibility for the underlying infrastructure, hence losing out on the opportunity for optimizations and cost savings
- Enforcing least privilege and managing access across global employees, contractors and partners was very difficult with the existing setup
The objective
The client adopted AWS as its public cloud provider and HCLTech as its cloud transformation and app modernization partner, using HCLTech’s Product Lifecycle Management and Computer-Aided Design transformation accelerator, 1PLMCloud offering.
The client aimed to host their PLM AWS, addressing the limitations of the existing setup and improving overall efficiency, security and access control. The key objectives were:
- Improve security posture: Improve security posture by leveraging cloud native security tools and services to enforce the least privilege, manage user lifecycle effectively and enable efficient and secure data integration
- Establish centralized identity and access management with role-based controls
- Protect CAD and PDM data with encryption and secure access methods
The solution
HCLTech established a PLM system hosted on AWS Cloud with security-first design principles, leveraging native AWS services.
Provisioning the required infrastructure network, servers, database and storage using infrastructure automation.
Data protection
- Data in transit encryption was implemented through SSL certificates, enabled the Application Load Balancer and stored in AWS Certificate Manager
- Data at rest encryption was enabled by encrypting all the disks and S3 buckets with AWS KMS Keys
- AWS Guard Duty is enabled to scan the data on EBS volumes and S3 buckets for malicious content
Identity and access management
- Applied fine-grained IAM policies to enforce least privilege and role-based access for employees
Secure data access
- Implemented Microsoft Active Directory for a centralized access control for all the EC2 servers through domain join
Monitoring
- Centralized monitoring dashboard for infra resources
- Provisioning an active alert mechanism for cloud health services and resources
The impact
- Stronger security posture: Centralized IAM and encrypted storage eliminated unauthorized access and data protection risks
- Improved compliance and audit readiness: CloudTrail logs and CloudWatch monitoring provided complete visibility into user activity
- Streamlined access control: Role-based policies simplified user lifecycle management and onboarding
AWS services used
- Amazon EC2
- AWS IAM
- AWS KMS
- AWS ACM
- AWS Microsoft Active Directory
- Amazon S3
- Amazon EBS
- Amazon CloudWatch
- Amazon VPC
- AWS Backup
- AWS CloudFormation
- Amazon Inspector
- Amazon Guard Duty
- Amazon Config
- AWS Transit Gateway
