Skaylink and AWS - the model for success

Security

As an Advanced Consulting Partner of Amazon Web Services (AWS), we have been showing companies the way to the cloud since 2012. Our teams combine technical expertise and experience in compliance, data protection and security. This enables us to build highly secure yet scalable AWS architectures. The permanent exchange with our strategic partner AWS enables us to find suitable cloud solutions for strictly regulated industries and highly sensitive data. We accompany our customers from the first use case to ongoing cloud operations and establish permanent compliance and security checks.
Security and freedom of action

AWS Security Architecture

With a focus on cloud migrations, we started building deep technical knowledge related to AWS in 2011. Already in 2012 we became “AWS Standard Consulting Partner” and in 2014 “AWS Advanced Consulting Partner”. Since then, we have successfully completed a large number of projects in the corporate environment of highly regulated industries and further developed our standardized approach to application migration. This has resulted in AWS best practices and AWS security architectures, which we regularly complete with our security expertise. Our customers want agility and performance of services as well as regulatory compliance for security and compliance. Our standardized approach successfully and reliably reconciles these customer requirements.

This approach includes, but is not limited to:

  • Scaling and monitored AWS account infrastructure that maps security-related and regulatory requirements
  • Fully automated provisioning of an application landscape isolated for the service
  • Necessary centralized infrastructure components, such as AWS KMS infrastructure, AWS Identity Management, Log Management, storage and evaluation of AWS CloudTrail or AWS Config – also fully automatically provisioned.
  • Service catalogs that provide centrally security-tested templates for application patterns, network architectures, and infrastructure services
  • Across the AWS infrastructure, a framework applies compliance checks to continuously review proven AWS best practices as well as the latest industry standards and benchmarks. Presentation and reporting are carried out via a central compliance dashboard.
  • Self-developed and low-maintenance solutions that address known security requirements for which there is no AWS service (e.g., URL filtering of outbound network traffic).

Three times safety as a principle

No manual intervention – ever!

We create and extend all templates and configurations of the infrastructures exclusively in code (“Infrastructure as Code”). We use AWS CloudFormation and other scripts to configure AWS resources and make changes and corresponding deprovisioning in the cloud services lifecycle. In this way, we ensure that the infrastructure complies with agreed and documented best practices and that adequate technical governance is guaranteed. Even individual requirements that you as a customer define yourself or with our help as a suitable framework for your AWS infrastructure can be met in this way.

Encrypt everything – always!

With our AWS architecture and custom configuration of AWS services, you are able to address the issue of encryption head on. Without large investments and preliminary projects, we enable you to easily apply Encryption-at-Rest and Encryption-in-Transit. With our approach, even comprehensive encryption architectures can be easily implemented. All components of the infrastructure are encrypted through the use of certificates (AWS ACM) and key management (AWS KMS). This includes CloudTrail logs, application logs, AWS Config logs, RDS logs, ELB logs, and communication between services and the corresponding storage structures of the platform. When using AWS services, we incorporate applications and infrastructures into the use of AWS KMS keys directly and as comprehensively as possible. User communication with the services involved is also encrypted through the use of certificates.

Security by Design – right from the start!

We develop and implement comprehensive secure environments according to customer requirements and current industry standards. The environments use encryption-at-rest, encryption-in-transit, ingress/egress traffic control, scaling, and system hardening by default. This is done from the very beginning and is called Security by Design. We provide these environments as templates in a centrally provisioned service catalog, making them available to application teams, for example. In addition, applications and services are validated against defined rules and standards in order to detect deviations or even correct them automatically. This enables automated security checks (security controls) and a permanent audit of the infrastructure without manual interaction.

1

No manual interventions

2

Encrypt everything

3

Design by Security

Do you have questions for an AWS expert?

Contact us now without obligation.