About Customer

The customer is a leading provider of life insurance, medical insurance, general insurance, and other employee benefits products across the SEA market.

The Challenge

The customer commenced planning its AWS cloud migration journey in early 2019. They were already using AWS cloud for Data Lake operations, although everything was included in a single account. The customer partnered with Blazeclan for a thorough assessment of their current environment and prepare for future expansion on the AWS cloud. Blazeclan proposed to set up a secure landing zone as the first step.

The main purpose of the landing zone was to provide a highly secure, scalable, resilient, and future-proof foundation for implementing and migrating the applications in bulk. Blazeclan’s security team helped the customer with the assessment of their on-premise user roles, policies, and privileges. Using the information gathered in the assessment, the landing zone was designed to be highly scalable with an automated security model.

The Solution

After careful review of the security requirements, Blazeclan proposed a multi-fold approach to support the customer and help them achieve their desired outcome.

Landing Zone Security Design and Implementation

One of the most important areas that needed to be studied while setting up the Landing Zone was security design and ensuring that the right level of user access and monitoring of traffic inflow & outflow is accomplished. 

The landing zone was based on the concept of segregation of duties and creating accounts based on roles they are designed to perform.

The Multi-Account Strategy

Based on the principle of segregation of duties, the following accounts were created in the landing zone.

  • Organization account
  • Security account
  • Shared services account
  • Logging account
  • Workload accounts for non-production as well as production workloads

Benefits Achieved by the Customer

Optimized Cloud Environment: The security design of the foundation ensured a scalable and secure cloud environment, which was ready for expansion without further rework in the design.

Staying Ahead of the Security Curve: The customer aimed at staying ahead of the technology and the solution supported them in building secure frameworks for future cloud deployments. The customer was also able to leverage emerging security technologies.

Automated Security: Automating their security operations and integrating them into the customer’s deployment pipeline allowed application teams to scale their pace of deployment without compromising the overall security of the application.

Tech stack

AWS CloudTrail

Amazon Guard Duty

Amazon CloudWatch

Amazon API Gateway

AWS IAM

AWS WAF

Amazon VPC

AWS KMS

AWS Config rules

AD Connector

AWS Lake Formation

AWS Landing Zone

Service Tags: , , ,