Highly secured AWS cloud-based architecture with DevSecOps approach

An automated and secured cloud infrastructure, rapid delivery of compliant changes, and smooth operations.

the story

Our client is one of the world's leading providers of radio-frequency technology for security applications. Their trusted identity solution offers people effortless and worry-free identity verification experiences. They were looking to implement ways to achieve a highly secure cloud-based environment and avoid any malicious attacks, unauthorized access with a regulatory compliance setup. Besides implementing an efficient monitoring system with centralized auditing and governance capabilities, the client’s focus was to optimize security of their containerized applications, ensure no production image vulnerabilities arise, and avoid access and authorization exploits for their various applications.

This is where Nagarro DevOps minds engaged and helped the client navigate their overall application hierarchy security risks. The Nagarro DevOps evangelists suggested that a DevSecOps pipeline is critical to building a successful software factory solution, which includes Continuous Integration & Delivery (CI/CD), Continuous Testing, Logging & Monitoring, Auditing & Governance, and Operations. The most important thing from a DevSecOps perspective is holistic security, security that spans the entire stack. The implementation of the same helped the client achieve a well-secured and monitored infrastructure.

challenge

There was an immediate need to secure the infrastructure by reducing the number of malicious attacks, protecting sensitive data, preventing any unauthorized access, and efficiently monitoring the environment for security threats along with implementing patch management. Nagarro initiated the engagement by understanding the client’s existing infrastructure and identifying the gaps that needed attention. As the client’s infrastructure comprises of several different, yet critical applications, it was imperative to ensure that zero downtime was achieved with a regular release management process in place for these applications.

solution

Nagarro implemented an intrusion detection system by setting up governance on Applications and Infrastructure. Configured of authentication & authorization via SSO across 140 AWS accounts. The setup also automated scanning of over 280 repositories, with each repository hosting more than 200 production images. Image scanning was implemented to identify any issues and raise an alarm if the CI/CD pipeline was headed for a potential failure. By stressing on the importance of identifying the vulnerabilities during the initial stages of the software development process, we helped reduce the overall cost of developing application changes significantly, while accelerating the delivery of these these changes with automation.

outcome

With the solution implemented by Nagarro, we managed to reach a stage where we did not experience a single malicious attack in the last three years. The implementation of intrusion detection & prevention systems minimized the number of generated false positives. The centralized auditing and governance allowed better visibility & control. Early detection of vulnerabilities in code and regular patching became possible. Monitoring and cost optimization setup with regular notifications came in place. Automation by scheduling instances to avoid future costs resulted in reducing the billing by approximately one hundred thousand dollars a month.

Fluidic
Enterprise

Digital Engineering

Intelligent Enterprise

Experience and Design

Secured AWS cloud architecture with DevSecOps approach

the story

challenge

solution

outcome

What can we help you achieve?

Stay up to date with insights
from Nagarro!

Digital Engineering

Intelligent Enterprise

Experience and Design

Secured AWS cloud architecture with DevSecOps approach

the story

challenge

solution

outcome

Interesting? Spread the word