AWS customer stories — Security Consulting

A leading health insurer, implementing a business transformation program to AWS cloud, needed to ensure security to protect sensitive customer information. To safeguard infrastructure and applications, the company needed to centralize monitoring and logging in its expanding cloud landscape, identify and respond to threats, and provide key reports to management.

Working with DXC, the company developed, implemented and managed analytics, logging and monitoring of all workload activities across AWS environments, and extended security services across separate virtual private clouds (VPCs) separately, while connecting the VPCs using AWS Transit Gateway. DXC also implemented Elastic Search, Logstash and the Kibana stack to provide insight into environment and a holistic perspective across environments and ensure highly secure access controls.

The result was a scalable, flexible and affordable solution with high level of security to support the carrier’s transformation. The company benefited from centralized monitoring and maintenance and intuitive security analysis and dashboard capabilities.

This leading company needed to protect against major threats while moving on-premises workloads to AWS cloud. The firm focused on improving perimeter security for all traffic coming from the internet and providing a single entry point for administrators to manage all EC2 servers.

Implementing AWS Transit Gateway attached to all VPCs to effectively manage routing, DXC created separate VPCs to segregate business lines and production/non-production environments. Connections to the AWS environment were regulated through a single gateway with traceability assured with a centralized logging account, in addition to comprehensive policies, enhanced detection and compliance, monitoring and privileged permission for access.

As a result, the firm achieve an unprecedented level of detail and control and a single pane to monitor on-premises and cloud environments.

In migrating on-premises workloads to AWS, this manufacturer needed to prevent unauthorized access to information assets and ensure compliance and consistent tagging for all AWS resources across multiple accounts.

DXC prepared a comprehensive set of policies to cover end-to-end processes according to type and level of access, enhanced detection, and performed compliance checks across the environment, using AWS configuration.

The company improved its security posture and fulfilled business requirements to ensure compliance with information security policies and protection of information assets, promoting a better information security culture.

The goals of this leading transportation organization included migrating its entire on-premises workloads to AWS public cloud with minimal time, effort and cost. And doing that included overcoming challenges for robust connectivity between global infrastructure and multi-region environments, with in-depth visibility into the security of the infrastructure and applications.

DXC was able to quickly deliver security information and log data security information in a shared DXC security and event management (SIEM) system. DXC also focused on simplifying networking by connecting VPCs and on-premises networks through a central hub and used software-defined wide-area network (SD WAN) for connectivity to branch customer offices and the cloud.

Several AWS tools were used including AWS CloudTrail for governance, compliance, operational auditing and risk auditing, Amazon CloudWatch monitoring and management to collect and store logs, and ArcSight Integration to automate log collection and management. Now the company can rearchitect the system to take advantage of cloud-native services.

As a leading retailer migrated applications to AWS cloud, the company needed to address concerns about data breaches, account hijacking, insider threats, and denial-of-service attacks.

The firm needed a secure landing zone for AWS and multiple data centers and centralized network monitoring of ingress and egress traffic from different accounts, data centers, and external public traffic, using site-to-site VPN for the hybrid environment.

DXC implemented an AWS Transit Gateway attached to all VPCs to effectively to manage routing and segmented the network to create micro perimeters that restrict traffic based on business requirements. Other native services including Amazon CloudWatch and AWS CloudTrail enhanced monitoring and detection of intrusions, and AWS WAF and AWS Guard Duty minimize the threat and impact of DDOS attacks. An existing Fortinet solution was used to manage network security on premises and enable seamless interactions across the hybrid environment. The result: a scalable, central network monitoring solution in the cloud.

In deciding to migrate applications from an on-premises environment to AWS cloud, this leading financial services firm needed to ensure security for critical and highly confidential data, continuously monitor for threats, and pass security audits that monitor any malicious activity within the AWS environment.

DXC implemented a cost-effective security monitoring solution using Amazon GuardDuty integrated with an existing incident management tool, plus AWS services including Amazon CloudWatch, Amazon SNS and AWS Lambda. The new system manages and remediates security findings based on severity of the incident; prioritizes incidents, and immediately analyzes high-priority findings for review prior to remediation.

The company can now ensure immediate, appropriate responses to security threats and adequately prepare for periodic compliance audits by its end customers.

Staying compliant with ever-changing regulatory mandates and policies is extremely challenging. DXC Technology's Sandhya Bhatia, data & AI delivery leader, and Akash Subramani, data & AI data engineer, and Chintan Sanghavi, senior partner solutions architect at AWS, explain how to meet that challenge using DXC Regulatory AI Engine — Intelligent Contracts Compliance Solution, which has as the core of its technical architecture the integration of select AWS services that form a comprehensive, secure framework to ensure that your contractual documents evolve in real time. 

Read the blog