AWS Security

Our teams combine technical expertise and experience in compliance, data protection and security. This allows us to structure highly secure and also scalable AWS architectures. Constant dialog with our strategic partner AWS allows us to find the right cloud solutions for strictly regulated industries and highly sensitive data. 

Your partner for AWS security architecture

With a focus on cloud migrations, we began to build up deep technical knowledge of AWS in 2011. In 2012, we became an AWS Standard Consulting Partner, and in 2014 we became an AWS Advanced Consulting Partner. Since then, we have successfully completed a wide range of projects in the corporate environment of highly regulated industries and further developed our standardized approach to application migration. This has resulted in AWS best practices and AWS security architectures that we regularly augment with our own security expertise. 

Our customers seek agility and performance of services as well as adherence to regulatory requirements for security and compliance. Our standardized approach successfully and reliably balances these customer requirements. 

We support our customers from the first use case to ongoing cloud operations and establish lasting compliance and security checks.

Our AWS security best practices

Scaling and monitored AWS account infrastructure that maps security-related and regulatory requirements

Fully automated provision of an isolated application landscape for service

Necessary centralized infrastructure components, such as AWS KMS infrastructure, AWS Identity Management, Log Management, storage and evaluation of AWS CloudTrail or AWS Config – and all fully automatically provisioned

Service catalogs that provide centrally security-tested templates for application designs, network architectures and infrastructure services

Throughout the AWS infrastructure, a framework applies compliance checks to continuously validate against proven AWS best practices as well as the latest industry standards and benchmarks. Presentation and reporting are handled through a central compliance dashboard.

Proprietary and low-maintenance solutions that address known security requirements for which there is no AWS service (e.g. URL filtering of outbound network traffic)

Examples of success (excerpt)

No Post Found

No manual intervention – never ever!

We create and extend all infrastructure templates and configurations exclusively in code (Infrastructure as Code). We use AWS CloudFormation and additional scripts to configure AWS resources and for changes and appropriate deprovisioning in the cloud services lifecycle.

This is how we ensure that the infrastructure corresponds to the agreed upon and documented best practices and ensures an adequate level of technical governance.

Even individual requirements that you as a customer define on your own or with our help as a suitable framework for your AWS infrastructure can be met in this way.

Encrypt everything – every time!

With our AWS architecture and custom configuration of AWS services, you are able to address the issue of encryption head on. We enable you to easily apply encryption-at-rest and encryption-in-transit without major investment or preliminary projects.

With our approach, even comprehensive encryption architectures can be implemented easily.

All infrastructure components are encrypted using certificates (AWS ACM) and key management (AWS KMS). This includes CloudTrail logs, application logs, AWS Config logs, RDS logs, ELB logs and communication between services and the corresponding storage structures of the platform. When using AWS Services, we incorporate applications and infrastructures directly and as comprehensively as possible into the use of AWS KMS keys. User communication with the participating services is also encrypted using certificates.

Security by design – right from the start!

We develop and implement comprehensive secure environments based on customer requirements and common industry standards. The environments use encryption-at-rest, encryption-in-transit, ingress/egress traffic control, scaling and system hardening by default. This happens from the very beginning, and we call this security by design.

We provide these environments as templates in a centrally provisioned service catalog and make them available to application teams, for example. In addition, applications and services are validated against defined rules and standards in order to detect deviations or even fix them automatically. This enables automated security checks (security controls) and an ongoing audit of the infrastructure without manual interaction.

1

No manual intervention

2

Encrypt everything

3

Security by design

Downloads

Onepager KMU Datenschutz at AWS

DataProtection@AWS – Seminar for Medium-Sized Companies

AWS IT Security and Compliance Seminar for the Financial Services Industry

Accelerated Control Tower Framework

Sustainable AWS Landing Zone

Onepager Security Assessment

Evaluating the Security Posture of your AWS Environment with the AWS Security Assessment

You can download the compact prepared information on the AWS Security Assessment as a PDF here. 

Onepager KMU Datenschutz at AWS

DataProtection@AWS – Seminar for Medium-Sized Companies

After this workshop, you will be able to start or continue cloud projects in compliance with data protection laws. You can download more information as a PDF here. 

OnePager_FSI_IT_Security und Compliance

AWS IT Security and Compliance Seminar for the Financial Services Industry

Our seminar highlights issues related to regulatory requirements such as those of the German Federal Financial Supervisory Authority (BaFin) as well as IT security and compliance based on our many years of experience in the financial services sector. What have other customers done, what needs to be paid attention to and what challenges can be solved directly?

Accelerated Control Tower Framework

Find out everything about our three-day workshop on setting up the AWS Control Tower. We will of course answer all your questions and take your custom setup requirements into account.

Sustainable AWS Landing Zone

In this document, we explain in detail how we can help you set up your own AWS landing zone. We will train your employees, and you will receive comprehensive documentation on the entire setup.

Further case studies

No post found

Do you have questions for our experts?

Are you unsure where your digital journey should take you?

Just fill out the form to the right and we will be in touch with you shortly.