The client is a mobile advertising and marketing platform that develops cutting edge products and technology to deliver primetime advertising activities via high-tech mobile devices.
The customer was looking to extensively control and measure its cloud security posture to understand how resilient and well-built their systems are. They intend to evaluate and optimize their cloud infrastructure and costs while ascertaining their business delivers as expected.
CloudEnsure proposed a Well-Architected framework that would help understand and analyze the client’s systems and business effortlessly. Well-Architected Audit (WAA) is a module of Cloud Ensure, an intelligent multi-cloud governance platform that presents a point-to-point evaluation and measurement of the cloud set-up.
The tool not only continuously monitors and governs your cloud architecture with proactive recommendations but also aggregates general design principles with specific best practices.
With the help of the CloudEnsure tool, the customer conducted a Well-Architected Audit across all the 5 pillars of the Well-Architected framework.
The tool ran phase-wise checks on the AWS account and reported 4932 violations with critical issues in all the 5 pillars in just a days’ time. A five phased solution approach was incorporated to adopt a robust architecture & move towards getting well-architected.
- With the increasing number of data breaches and threats in present times, security is being considered as one of the most important facets more than ever. Therefore, in the first phase, the WAA helped conduct risk assessments for the existing AWS set-up to ensure that our client’s data, systems, and infrastructure are secure while delivering business and listed out all vulnerabilities for the security pillar.
- In phase 2, the AWS Control Tower and Landing Zone that had a separate account for security management shared services, and log management was recommended and implemented. This allowed the client to keep a track of all the critical information related to user behavior and the web application.
- The client has then suggested customization of the Nagios monitoring stack, which was the existing legacy monitoring tool, with the latest and widely used Sensu stack to modernize the client’s cloud set up in the phase 3 implementation. Sensu monitoring tool is a succeeder to Nagios and has proven to be more flexible, scalable, and easy to integrate into existing workflows without hindering speed, reliability, or security.
- Phase 4 comprised migrating the EC2 Classic to VPC and adopting other managed AWS services based on CloudEnsure’s recommendations. Switching to Amazon VPC provided benefits like better networking infrastructure as well as superior and more flexible security features.
- Based on the cost insights & savings recommendation, cost optimization and overall architecture solidification were administered in phase 5.
With the WAA module of the CloudEnsure tool, the customer not only detected and fixed security-related vulnerabilities and threats to their existing cloud setup but was also able to generate and share detailed reports on their security and compliance standing.
One–stop solution CloudEnsure, thus enabled the organization to strengthen their security framework on the cloud as well as upgrade their infrastructure to make it more secure, cost-efficient, reliable, and operationally efficient.