Not-for-profit
Plan for the future with a tailored security health check
How we helped a global not-for-profit gain actionable cloud security insights in just two weeks.
When you’re migrating to the cloud it is important to have confidence in your cloud architecture, in particular with regards to security issues. Our client, a global, not-for-profit working in the academic research sector, wanted reassurance that the new cloud-based setup it had built was secure before launching any production workloads.
In just two weeks we conducted a cloud security health check and provided a list of prioritized recommendations to improve the security and operability of our client’s cloud architecture.
By tailoring our approach to the business and organizational context of our client, we ensured the review resulted in honest, actionable insights to help future cloud development. Beyond the review, the process also helped the client’s development team better understand cloud architecture and how to design architecture in a way which would be easier to manage, understand and scale in the future.
About the client:
Our client is a global, not-for-profit organization supporting those working in research, scholarship and innovation. The organization provides unique digital services to enable researchers to get recognition for their contributions to the research and academic community.
-
Industry
Software
-
Organization Size
1,300+ member organizations
-
Location
Global, with a base in USA
-
Equal Experts services
Deliver
-
Length of project
10 days
Challenge
Reducing risks in a cloud migration process
Migrating to the cloud can be a challenging process, particularly if you don’t have a team of experts at your disposal to make sure you’re doing the right thing first time. After being originally set up using Rackspace, our client was ready to realise the opportunities of moving to the cloud completely and had begun the process of migrating to AWS. With test environments and basic applications built in AWS cloud, the organization wanted an independent perspective on whether its new cloud-based setup was secure before launching any production workloads.
While many organizations offer standard, cookie-cutter health checks, often these reviews are based on the results of automated scanners with little value or meaningful direction for improvement. At Equal Experts, our health checks go beyond this with a tailored approach for each individual organization we support. We help clients understand the threats they face and the potential business impact of those threats before guiding them to better solutions with pragmatic recommendations that take their unique circumstances into account.
This personalized approach appealed to our client as, with limited experience of AWS within its internal development team, it was concerned knowledge gaps would leave the organization vulnerable to security issues.
Solution
A tailored, insightful approach
As part of our impartial health check, we worked with the client to first gain a deeper understanding of the business context before breaking down the review work into sections across cloud operability and security. Through the global Equal Experts network, we were able to provide consultants with high levels of expertise across these different areas, working remotely from different corners of the world to provide the best possible advice and insights.
We used a variety of tools, including those available within AWS, to scan the architecture and get a broad understanding of configurations, operations and access management before using the team’s vast experience in delivering secure cloud infrastructures to examine the setup in more detail to flag any potential issues. Our review is aligned with the AWS Well-Architected Framework, combined with experience from our global portfolio of work. This includes the Equal Experts team assessing the current cloud architecture in relation to security best practices.
Our team then analysed the information gathered within our client’s specific business context, identifying common threads and areas for further exploration.
Following our analysis, we prepared a report with our findings and a prioritized list of areas that could be improved to reduce security risk and maximise the benefits of AWS.
To ensure a greater understanding of our review, we put our findings into a priority order, based on the business impact as well as our client’s real-world context. For example, what systems would be affected if an engineer’s laptop or credentials were compromised? By putting the risks into real-life scenarios and in priority order, the client team could understand the problems and gain the buy-in they would need from internal decision-makers to carry out further work.
Results
A plan for more effective, secure architecture
In just two weeks, our client gained honest, detailed and actionable insights into the security health of its cloud architecture. Although our review highlighted some areas of concern for the organization, we were also able to demonstrate areas where the organization has made good progress in its migration to AWS. By tailoring the health check to the organization and keeping the business context firmly in focus, the team could better understand the path forward and why specific recommendations were prioritized above others.
The value added to the business also extends beyond the review and recommendations report. During the process, we demonstrated to the client’s development team a more effective way to manage cloud infrastructure, giving them a greater understanding of AWS and how to make better use of capabilities within it to build the most effective and secure architecture.
Our review also helped change the team’s mindset and challenge their thinking about how to design cloud-based architecture within AWS. This included how adopting infrastructure-as-code could help them simplify their architecture, improve testability and encourage smaller, more frequent changes, making it easier to manage, understand and scale in the future.
By going beyond a standard health check and tailoring our approach, our client not only received the results and recommendations of a health check but also a greater understanding of the most effective ways to manage cloud infrastructure to help it succeed in the future.
Want to know more?
Are you interested in this project? Or do you have one just like it? Get in touch. We'd love to tell you more about it.