AWS Cloud Governance and Security Compliance

We helped a Fortune 500 organization with more than 400+ AWS accounts govern and monitor their cloud resources to stay compliant with their security guidelines. The Security Orchestration, Automation and Response (SOAR) solution continuously monitors changes in in AWS resources and assesses against the security and best practices controls. The solution has ability to automatically remediate resources if they do not comply with given controls.

About the Client

The client is an insurance analytics company with 400+ AWS accounts across multiple business units having annual AWS spend north of tens of millions of dollars. DataGrokr has been their strategic partner for cloud adoption and cloud migrations since 2016.

Client’s need and Problem statement

Client was migrating their applications rapidly to AWS with multiple DevOps teams operating independently. With the increase in cloud footprint, they wanted to build a comprehensive security audit and compliance solution to detect security issues pro-actively and take automated actions, while still providing autonomy to their DevOps teams.

Tech Stack

Python

React

Config

CloudFormation

Lambda

DynamoDB

API Gateway

EventBridge

SES

SQS

Our solution and outcomes

  • We designed, developed and deployed a SOAR solution that monitors 25+ AWS resource types for more than 70 compliance policies across 400+ accounts and 17 AWS Regions to continuously monitor tens of thousands of AWS resources.
  • Recommended security compliance rules based on AWS best practices, CIS, NIST, PCI DSS and HIPAA benchmarks.
  • We have been providing on-going support for this audit platform for 5+ years.
  • Key Features:

    • Automated detection of resources that do not comply with security standards
    • Automated remediation of resources in case of severe violations
    • Comprehensive score card of Cloud compliance and a measure of Cloud security posture for BU heads and decision makers
    • Compatible with AWS GovCloud
    • Portal to manage features like rules, remediation, and exceptions.
AWS Cloud Migration of IOT based ship tracking platform