Customer Success Story - Well Architected Standards

INCREASE SECURITY IN THE CLOUD!

Soical Media Plattform

CHALLENGE

The main product of our client is a social network with 20 million users and about 300 million Euros yearly revenue.

Our Customer needed a solution to store Personally Identifiable Information (PII) data in S3 buckets in order to be GDPR compliant. Challenge was to create a Terraform module that can be provided for teams to provide secure S3 buckets by default.

SOLUTION

We as the partner suggested to encrypt S3 buckets with SSE-KMS and provide bucket policies that enforce all relevant security settings like encryption in-transit and at-rest, access controls and bucket access points. The additional challenge was to provide a way to serve encrypted PII content to authorized requests via CloudFront.

Partner developed a Lambda@Edge function that signs authorized requests accordingly with Sigv4 and delivers encrypted data from S3 buckets. Further SecretsManager and Lambda was used to rotate and provide signing certificates for URL signing and public key rotation with the associated CloudFront distributions.

CLOUD TECHNOLOGIES

We created a custom asset server using AWS S3, Amazon CloudFront, AWS Lambda, AWS Lambda@Edge, AWS Key Management Service (KMS) and AWS Secrets Manager as a tool to securely serve the Personally Identifiable Information (PII) data in form of user pictures for 20 million users of their business social network.

RELATED SERVICES
SECURITY ASSESSMENT

Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.

READ More
SECURITY CONSULTING

We’ve been the first AWS partner in DACH, focussing crystal clear on Cloud Security. We’re providing cloud security expert advice to C-level executives, management roles, product teams and engineers. We integrate and enable.

READ More