Enhancing Allvit's security to protect e-learning and data
After an initial rapid buildup of their offerings, Allvit did not have the time to focus on security. They needed a solution that quickly would identify key areas to focus their security efforts on. With their relatively small development team they would not have time to set up, manage and continually monitor their security posture. As Allvit distributes e-learning material, any breach of security could lead to distribution of illegal copies of books and in worst case, also to leakage of personal data about their customers.
Allvit uses the solution to enhance security, protect data, and ensure compliance while focusing on their core e-learning business.
Strengthening Allvit's security to safeguard e-learning and data
Allvit partnered with Orange Business to enhance their security posture, ensuring robust monitoring and compliance, with the requirements listed below:
Flexible security management with AWS Security Hub and Orange Business
Security Control Services from Orange Business offers a flexible way of managing security. It leverages AWS Security Hub for security posture monitoring. Together with a flexible solution from Orange Business it provides easy configuration and alerting of critical security findings.
We have seen that AWS tagging of resources is an easy way to associate additional information to deployed resources on AWS. Using tagging combined with AWS Organizations for configuring security requirements means easy, understandable deployment and a solution that scales well for future growth of the AWS environment and the customer. The customer can align the hierarchy of AWS Organizations to the security requirements defined for each workload/account.
Our Security Control Services ensures security monitoring is set up for all accounts and regions as defined in the security requirements defined by the customer.
To the customer, the solution consists of the following inputs:
- Configuration details stored in Amazon DynamoDB.
- Tags associated with AWS Organizations Organizational Units or Accounts.
The result of the setup is:
- AWS Security Hub configured in relevant accounts and regions.
- AWS Security Hub consolidated view across all accounts and regions.
- Possible exceptions to the security standards defined by exception in Amazon DynamoDB.
- Event notification set up to create tickets in ITSM.
- 24/7 security event handling done by Orange Business.
Strengthening Allvit’s security posture with automated compliance and monitoring
With Security Control Services from Orange Business, Allvit have greatly increased their security posture. They know their existing deployment is compliant to the selected security frameworks, while still having their development efforts focused on their business needs.
Allvit also know that any breach of the requirements in the future will alert Orange Business and can be addressed in a timely manner ensuring continued compliance to their security requirements.
During deployment, security issues in a third-party application were identified and resolved, improving the overall security posture.
Implementation
Security Control Services consists of a deployment of the solution into a delegated administrator account for AWS Security Hub. Within this account the following resources are deployed:
- AWS Step Functions: Orchestrate the configuration.
- AWS Lambda: Get account configuration: Retrieve list of accounts and associated tags and merge this information with data from the Amazon DynamoDB configuration database.
- AWS Lambda: Update configuration: Manage AWS Security Hub configuration for one account according to configuration rceive from the previous step.
- AWS Lambda: ITSM integration. Forward security events to Orange Business ITSM.
The step function is executed on a schedule. It will trigger the Get account configuration AWS Lambda function. This will get all the Organizational Units and Accounts from AWS Organizations, including associated tags. The tags are then used to look up entries in Amazon DynamoDB. These entries contain details of applicable AWS Security Hub standards and controls. The configuration is then passed on to the Update configuration AWS Lambda function. This will enable AWS Security Hub, assign security standards, and possibly disable controls not needed. It is also possible to specify that AWS Security Hub should not be enabled in an account.
Every scheduled execution will align requirements defined by tags and the Amazon DynamoDB table with the setup in each account, thus ensuring continued enforcement of the security configuration.
The AWS Security Hub in the delegated administrator account offer a consolidated view of the compliance for all accounts and regions. If a new security event is identified by AWS Security Hub in the delegated administrator account, this is forwarded to the ITSM integration AWS Lambda function. This will ensure a ticket is created in ITSM and subsequent action is taken by Orange Business operational staff.