AWS Well-Architected Review is a framework designed to help companies optimize their workloads in the cloud. It focuses on five pillars of architectural excellence: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization. This case study focuses on how AWS Well-Architected Review can help improve security.

In general Aws Well Architected framework review can help to identify the security gap and best practices on a standard process however in deep dive we will discuss more about how we overcome the challenges of maintaining a client who is extremely data sensitive and wants to ensure the security of the environment very rigorously. These customers of ours wanted to build an ecosystem that would ensure the security enforcement to management. Based on the requirement brain station 23 started to work on finding the loopholes at the very beginning, so we started to go to the different vertices, and as part of the Evaluation and strategy-making phase, we conducted the first review.

After finding out the gaps in the existing service this review team decided to build the 2-step security lifecycle which will result in achieving the required ecosystem:

1. Access management and network-level security checkup
2. Monitoring & Precaution

Identity and Access Management (IAM) –the reviewer found that the company had too many IAM users with unnecessary privileges, which increased the risk of unauthorized access. The review recommended using IAM rules and policies to restrict access to resources only to those who need it, and also introduce single sign-on.

Network Security – The review identified that the company was not using network segmentation to isolate its resources. The review recommended that they implement Virtual Private Clouds (VPCs) and Security Groups to restrict traffic to only the necessary ports and protocols.

Data Encryption – The review identified that the company was not encrypting its data at rest and in transit. The review recommended implementing encryption at rest using AWS Key Management Service (KMS) and encrypting data in transit using Transport Layer Security (TLS).

Result:

• The customer has been able to introduce a Secure access and credential management policy.
• Single sign-on and role-based login policy.
• Ensure network layer security and data encryption policy are checked.
• Increased agility which helped expedite new releases by up to 26%

Monitoring and Logging – The review identified that the company was not effectively monitoring their environment and detecting security incidents. The review recommended implementing AWS CloudTrail for audit logging and Amazon Guard Duty for threat detection.

Result:

• Been able to remove the risk of AWS IAM Identity Center user credentials to get compromised with automatic query system.
• Obtained successful API activity that was performed by the access key during a specific time window.
• Found out the list of denied API actions performed by specific user for each AWS service which helped to detect the malicious event attempt.

The AWS Well-Architected Review can help to identify and mitigate the security threat. This review helps run a case-to-case audit; this review can help to evaluate the total architecture in one go. Many of our customers have seen significant results and tremendously faster execution after completing the well-architected framework review, it’s also been shared by our customers that they had been able to make three times faster decisions which helped them to decrease the execution time by at least 30 days. This extremely value-driven review can help to focus on innovation rather than expensing time on technical debt.