Automated Security Compliance Gave us a Strong Foundation in the Cloud
“The Work done by Dascase Team enabled us to Provision an AWS Account, Harden it with Security best practices, Make it PCI Compliant, in an automated fashion ”
— Security Operations Engineer, DSB
Traditional Security Methods Won’t Scale in Cloud
Getting started in AWS is one thing, and getting started in a secure compliant model in AWS is a totally different thing. Wrong steps during the initial phase of your AWS journey can lead to serious security flaws and can put your business at risk.
AWS recommends that you follow some best practices for your cloud resources from a security standpoint before you start your workloads.
We help you build your secure cloud strategy, ensure you are compliant and continuously keep on detecting threats.
Shared Security Responsibility Model
Security in cloud is a completely different than the traditional datacenter that we are used to. Amazon Web Services officially states the below about security.
When you move computer systems and data to the cloud, security responsibilities become shared between you and your cloud service provider. In this case, AWS is responsible for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything you put on the cloud or connect to the cloud.
Dascase steps in to help companies fulfil their role in the shared “Shared Security Responsibility Model”.
You are responsible for configuring the AWS services that you use in a secure and compliant manner. The more number of services you use, the more configuration effort needs to go in for securing it.
You need to perform the security configurations for all standard offering from AWS. Your virtual machines, network(VPC), storage(s3,ebs,efs etc) needs to be secured by yourself.
What’s in it for you?
Security As Integral Part of your Provisioning Process
Creating an AWS account beneath an organisational unit is straight forward and simple. However, to make that account compliant and secure before your actual application deployment requires careful planning.
Sticking with Devops culture of “Continues improvement”, during our long AWS journey, we have collected a curated list of security items that are essential for every account that you run your workloads on.
We try to implement all of those list in an automated fashion to the provisioning process we implement for our customers.
SAC(Security As Code)
Similar to your application source code, we tend to codify the security aspects of your AWS infra. This way, changes to security and new fixes are easily tracked and version controlled.
This bring in an efficient compliance practice to your infrastructure.
AWS Secure Foundation
We help organisations to get a secure start on AWS cloud using our finely selected list of steps that’s battle-tested. Our effort is to make the bootstrap process of your AWS account seamlessly secure.
We use a combination of cloud and open-source solutions to achieve this for our customers.
Managing large number of accounts and their security aspects was a complete pain, before we got it streamlined. We currently manage more than 50 accounts, some are PCI and non PCI depending our the requirement. The provisioning process is now a self service portal created by Dascase team.
Security & Compliance Assessment
Not everybody has the luxury of getting started in a secure manner, mainly due to time constraints and lack of awareness. We had a large number of customers asking to do a security assessment of their existing accounts running their production workloads.
This offering provides a full end to end assessment and compliance test of your infrastructure in the cloud.
Maintaining security in a manual process is tedious and will surely have loopholes due to human errors and lapses. We tend to stick to automation for almost everything running in the cloud.
This offering provides an end to end automated solution to secure your infrastructure and bring it under compliance. Creating a PCI Compliant AWS account can be achieved in a matter of minutes using our proven automation framework.
Configuring an AWS account with security is one thing, and deploying and structuring the application platform in AWS cloud in a secure manner is totally different thing.
What sort of web application firewall needs to be placed, What type of traffic should be allowed in the network and what should be allowed outside of network, how to store secrets securely, keeping data encrypted at rest and in transit etc. needs careful brainstorming and discussion.
Not all requirement of security can be met by just using cloud service offering, sometimes integrating proven open source technologies are also essential. This offering provides well architected security framework for your specific needs in the cloud.