Your partner for AWS Security Architecture
Our AWS Security Best Practices
This approach includes, but is not limited to:
- Scaling and monitored AWS account infrastructure that maps security-related and regulatory requirements
- Fully automated provisioning of an application landscape isolated for the service
- Necessary centralized infrastructure components, such as AWS KMS infrastructure, AWS Identity Management, Log Management, storage and evaluation of AWS CloudTrail or AWS Config – also fully automatically provisioned.
- Service catalogs that provide centrally security-tested templates for application patterns, network architectures, and infrastructure services
- Across the AWS infrastructure, a framework applies compliance checks to continuously review proven AWS best practices as well as the latest industry standards and benchmarks. Presentation and reporting are carried out via a central compliance dashboard.
- Self-developed and low-maintenance solutions that address known security requirements for which there is no AWS service (e.g., URL filtering of outbound network traffic).
No manual intervention – ever!We create and extend all templates and configurations of the infrastructures exclusively in code (“Infrastructure as Code”). We use AWS CloudFormation and other scripts to configure AWS resources and make changes and corresponding deprovisioning in the cloud services lifecycle. In this way, we ensure that the infrastructure complies with agreed and documented best practices and that adequate technical governance is guaranteed. Even individual requirements that you as a customer define yourself or with our help as a suitable framework for your AWS infrastructure can be met in this way.
Encrypt everything – always!With our AWS architecture and custom configuration of AWS services, you are able to address the issue of encryption head on. Without large investments and preliminary projects, we enable you to easily apply Encryption-at-Rest and Encryption-in-Transit. With our approach, even comprehensive encryption architectures can be easily implemented. All components of the infrastructure are encrypted through the use of certificates (AWS ACM) and key management (AWS KMS). This includes CloudTrail logs, application logs, AWS Config logs, RDS logs, ELB logs, and communication between services and the corresponding storage structures of the platform. When using AWS services, we incorporate applications and infrastructures into the use of AWS KMS keys directly and as comprehensively as possible. User communication with the services involved is also encrypted through the use of certificates.
Security by Design – right from the start!We develop and implement comprehensive secure environments according to customer requirements and current industry standards. The environments use encryption-at-rest, encryption-in-transit, ingress/egress traffic control, scaling, and system hardening by default. This is done from the very beginning and is called Security by Design. We provide these environments as templates in a centrally provisioned service catalog, making them available to application teams, for example. In addition, applications and services are validated against defined rules and standards in order to detect deviations or even correct them automatically. This enables automated security checks (security controls) and a permanent audit of the infrastructure without manual interaction.
More Case Studies
Cloud transformation at an international insurance group
More security and flexibility for LORENZ through the AWS Public Cloud
Managed multi-cloud in the agricultural industry
Do you have questions for our experts?
Unsure where the digital journey should lead you? Simply fill out the form on the right and we will get back to you as soon as possible.