Haufe Group optimises cloud governance
Focus on data protection
Haufe Group optimises its cloud governance with support from Skaylink
Processing sensitive data securely in the cloudNow, the Haufe Group was not only planning to offer new products in the cloud. It also wanted to process sensitive data promptly through AWS. The DSGVO with its changed framework conditions posed a challenge: The specified governance framework, which allowed employees extensive autonomy in their work, no longer proved to be sufficient to meet the requirements for processing sensitive data. A redesign was therefore necessary in order to meet new and special customer requirements. The Haufe Group sought support from the 360-degree cloud specialists at Skaylink to first lift an application into the AWS cloud as a sample project and set up a guideline for future projects. On the technical side, many AWS requirements and best practices had been implemented, but regulatory and security aspects in particular still represented open points: A comprehensive cloud concept should ensure data protection, data security and customer acceptance.
Validation of application and AWS environmentFor this purpose, Skaylink conducted a risk assessment of the application and validated the existing infrastructure, processes, documentation statuses and key operational aspects. This was followed by recommendations and measures for a common roadmap involving technology, operations and regulatory roles. This formed the basis for the new AWS framework. In addition, Skaylink estimated costs and effort as well as the need for internal resources. The risk validation then initially focused on a sample product that would process sensitive personal data. The aim was either to achieve an acceptable risk assumption or to completely eliminate existing risks. Central to the process were the project stakeholder workshops facilitated by Skaylink. Here, mediation took place between product teams, CTO and ICT on the one hand and those responsible for data protection, IT security and compliance on the other. Everyone formulated their needs, perceptions and requirements.
Tandems ensured the transfer of knowledgeFor broad acceptance, decisions on technical as well as regulatory issues should be shared by all: The team members developed solutions themselves and jointly interpreted the regulations in order to translate them into specifications for the technology. A combination of waterfall project management and Scrum was used to set up a defined project framework with a fixed end date and responsible parties. Tandems of Haufe Group employees and Skaylink consultants ensured the transfer of knowledge. In the process, Haufe Group wanted to set up a Haufe Group-specific manual for the cloud, on the basis of which they could further develop the AWS framework and cloud governance themselves. There were a few challenges to overcome, especially time pressure due to the need for delivery and the availability of resources – after all, the employees were otherwise involved in parallel to the project. Decisions were made in the form of votes on each topic area of the target state of the AWS framework to ensure general acceptance. The subject of discussion was therefore not only log management, user rights and encryption. “Their concept, implementation and documentation as well as the joint decision on the architecture were also important,” says Adrian Wnek, Principle Cloud Consultant at Skaylink, and adds: “Only the joint evaluation and exchange of arguments led to a technical implementation that was accepted by all participants and completely fulfilled the requirements. It was important that those who are in charge identified with and valued this implementation.” The project team agreed on the necessary technical as well as organisational changes during the facilitated workshops. Through this validation of the environment, open questions regarding the framework were answered.
Implementation on the basis of the AWS Landing ZoneThe AWS framework was implemented on the technical basis of an AWS Landing Zone using Infrastructure as Code. New AWS accounts can now be created in a fully automated way, which ensures scalability, growth and security, as it eliminates manual errors. In addition, the interaction of the cloud environment (AWS framework) and service management platforms (incident, change and problem processes) was orchestrated. Risks are further minimised through technical measures such as dashboards, monitoring, detection and reaction to deviations. This includes having deliberate limits already in place when starting new application development, depending on region, service and data. Haufe Group now has a consolidated level of knowledge and shared understanding on the wider use of the cloud. Internally, development teams, regulatory roles, architects and operations managers can work closely together towards the same goal. The jointly agreed roadmap shows the way to using AWS services, building up skills in-house and onboarding colleagues. Specific company requirements and planned scaling are mapped. Product teams can now process sensitive data in the AWS Landing Zone with clear rules and responsibilities. The AWS Shared Responsibility Model was used, in which AWS provides the infrastructure and services used and Haufe Group is responsible for the security and data protection of the applications based on it. In addition, the AWS framework managers at Haufe Group now share the shared responsibility of the “customer” assigned to them with the development teams.
Cloud Competence Centre for future projectsIn the Haufe Group Cloud team itself, not only expertise is needed, but also an enterprise understanding to better understand the big picture. Skaylink therefore supports the Haufe Group in the next step in setting up a Cloud Competence Centre. It acts as a technical and methodological support for future cloud projects, such as further simplification of governance. The goal is the continuous further development of the AWS framework: the previously existing accounts will be migrated to the new AWS Landing Zone and thus adapted to the new rules of the game within this structure. With the experience gained from this project on how data can be securely processed in the cloud, the Haufe Group also gains another advantage: in another cloud project, it can now introduce corresponding processes and technical implementations with less time expenditure.
Let's start the future together.
Unsure where the digital journey should lead you? Our experts will be happy to answer your questions without obligation!
Simply fill out the form on the right and we will get back to you as soon as possible.