A Major Consulting Firm needed to have a more cost-effective strategy for optimization of their AWS account. Learn how partnering with cloud experts helped the organization save while hardening their security standards.
Nettology worked with a Business Analytics Consulting Platform that engaged with many Fortune 500 companies as well as Mid-Market Clients. The company had an infrastructure, currently running on Amazon Web Services (AWS) providing services to both their clients and to their staff and development teams through a web-based 3-tier application
The Challenges:
1. Runaway Costs: As the company grew, infrastructure grew from 10 servers to 30 very quickly. The company which benefited greatly by the flexibility of the AWS cloud saw their monthly cost quadruple in short order.
2. Security Issues: The Client had many servers open to the outside world. While their password policy was strict, traditional best practices of “locking down” networks were not followed during the design phase.
3. ConsultantStaff Key Management Processes: Consultant turnover led to misplaced passwords and security keys. Concern for general user security was growing and there was no methodology for restricting access to AWS resources and maintaining privileged account credentials.
How Nettology Helped/Provided Solutions:
The Nettology team initially engaged with the client to do an AWS billing assessment. A detailed analysis of their costs uncovered an opportunity for $30,000 in annual savings without any upfront costs. The client incurred these savings almost immediately after engaging with our consultants. As the relationship progressed, Nettology uncovered security concerns and several critical design issues in the environment.
After turning on logging capabilities, it was discovered that several users were logging in to the AWS console with the original admin ID and password. Our team in conjunction with the Client IT Director, identified the users, created unique, traceable usernames for them, and proceeded to implement a multifactor authentication process for accessing AWS resources. Nettology implemented Role-Based Security and ensured that access keys were not embedded in applications thus making them available if compromised.
While our team saw the presence of a VPN, it was not being utilized. Virtually every server was available on the public internet through various ports including RDP, SSH, and Microsoft infrastructure ports. Beginning with the testing and staging Environments, Nettology redesigned the security on the networks and servers and ensured that the client and their Internet-facing application had no downtime.
Benefit/Outcome:
This Business Analytics Company recognized significant cost savings in their AWS account, lowered its risk significantly, and now has a process and methodology in place for future growth as a result of working
