Case Study 1: Project Assistance / Network Security
Nettology worked with a Business Analytics Consulting Platform that engaged with many Fortune 500 companies as well as Mid-Market Clients. The company had an infrastructure, currently running on Amazon Web Services (AWS) providing services to both their clients and to their staff and development teams through a web-based 3 tier application.
- Runaway Costs: As the company grew, infrastructure grew from 10 servers to 30 very quickly. The company which benefited greatly by the flexibility of the AWS cloud saw their monthly cost quadruple in short order.
- Security Issues: The Client had many servers open to the outside world. While their password policy was strict, traditional best practices of “locking down” networks were not followed during the design phase.
- Consultant\Staff Key Management Processes: Consultant turnover led to misplaced passwords and security keys. Concern for general user security was growing and there was no methodology for restricting access to AWS resources and maintaining privileged account credentials.
How Nettology Helped/Provided Solutions:
The Nettology team initially engaged with the client to do an AWS billing assessment. A detailed analysis of their costs uncovered an opportunity for $30,000 in annual savings without any up front costs. The client incurred this savings almost immediately after engaging with our consultants. As the relationship progressed, Nettology uncovered the security concerns and several critical design issues in the environment.
After turning on logging capabilities, it was discovered that several users were logging in to the AWS console with the original admin ID and password. Our team, in conjunction with the Client IT Director, identified the users, created unique, traceable user names for them and proceeded to implement a multi-factor authentication process for accessing AWS resources. Nettology implemented Role Based Security and ensured that access keys were not embedded in applications thus making them available if compromised.
While our team saw the presence of a VPN, it was not being utilized. Virtually every server was available on the public internet through various ports including RDP, SSH and Microsoft infrastructure ports. Beginning with the testing and staging environments, Nettology redesigned the security on the networks and servers, and ensured that the client and their internet-facing application had no downtime.
This Business Analytics Company recognized significant cost saving in their AWS account, lowered their risk significantly, and now has process and methodology in place for future growth as a result of working with Nettology.