Cloud Infrastructure Security Enhancement with AWS

Find out how we fortified the client’s cloud environment and improved                                                                                                                   their entire cloud security posture by leveraging various Amazon Web                                                                                                                    Services.

Our Customer

Greenfence is a blockchain platform eco-system developed for the consumer goods industry to enable cost-efficient, transparent and trustworthy commercial relationships at scale. Greenfence empowers stakeholders along the end-to-end value chain to create individualized and secured blockchain networks that can connect, collaborate and transact on a private or public basis.

The Obstacles They Faced

Before the implementation of AWS security services, the customer encountered several obstacles in their cloud infrastructure security, including the following:

  • perceptiveness of common web exploits and attacks;
  • limited traceability of security-related issue;
  • potential risks and weaknesses in the cloud environment;
  • lack of proactive vulnerability management;
  • overall mismatch of compliance requirements.

How We Helped

With our meticulous approach, we leveraged various AWS services, such as AWS WAF, CloudTrail, Security Hub, AWS Inspector, KMS, ACM, and CloudWatch, to fortify the client’s cloud environment and significantly improve their entire cloud security posture.


 

The client sought to enhance their cloud security posture by implementing a robust security framework that would address their existing IT security obstacles and establish proactive security measurement for cloud infrastructure. Their obstacles featured achieving greater visibility, incident detection, response capabilities, and a robust defense-in-depth strategy.

Greenfence’s initial challenges included:

  • Lack of modern IDS/IPS (intrusion detection/prevention systems) to be able to manage malicious attacks timely and effectively.
  • Limited visibility and audit trail: the absence of comprehensive logging and monitoring mechanisms made it challenging for the customer to track and investigate security-related events, impeding incident response and compliance efforts.
  • Difficulty in vulnerability assessment: without a robust vulnerability assessment solution, the customer struggled to identify potential security risks and weaknesses in their cloud environment, exposing them to potential threats.

Greenfence, as a services provider to various multinational consumer goods companies, undergoes internal security audits by these companies every four years. The audit procedure consists of two phases: a self assessment survey and an external auditor check. As a part of their ongoing effort to enhance their networking security and following the migration of databases into AWS with data layer (RDS and S3) encryption at rest, Greenfence requested Romexsoft to assist with configuration of additional IDS/IPS solutions, security monitoring and alerting to successfully pass the required security audit.


 

In order to meet all the mentioned requirements, Romexsoft suggested implementing the solution by utilizing the following AWS Services:

  • AWS WAF
    By integrating AWS WAF, Greenfence gained the ability to protect their web application from common web exploits and attacks. We established custom rules and conditions to filter and monitor the incoming traffic, which mitigated potential threats.
  • AWS CloudTrail
    The implementation of CloudTrail provided the customer with comprehensive visibility into their AWS account activity. Greenfence gained detailed audit logs of API calls and resource changes, enabling them to track and investigate security events effectively.
  • AWS Security Hub
    With AWS Security Hub, the customer centralized their security findings and obtained a holistic view of their security posture. This enabled them to detect, prioritize, and remediate issues across multiple AWS accounts, services, and regions.
  • AWS Inspector
    By leveraging AWS Inspector, the customer automated vulnerability assessments of their cloud resources. They obtained valuable insights into potential security risks and received actionable recommendations for remediation.
  • AWS Key Management Service (KMS)
    Gauging AWS KMS allowed the customer to manage and control encryption keys used for data protection. Greenfence could encrypt sensitive data at rest and in transit, ensuring compliance with security standards and regulations.
  • Amazon CloudWatch
    It empowered the customer with continuous monitoring capabilities. They could collect and analyze logs, metrics, and events from their AWS resources, enabling proactive detection of security incidents and abnormal behavior.
  • AWS Certificate Manager (ACM)
    By leveraging AWS ACM, Greenfence achieved streamlined and automated management of SSL/TLS certificates for their applications and websites. In addition, utilizing ACM eliminated the need for the customer to purchase and maintain certificates from third-party providers. ACM’s certificate management service is offered at no additional cost for certificates used with integrated AWS services, like Elastic Load Balancing, CloudFront, or API Gateway.
Scroll to Top