AWS CloudTrail, Amazon GuardDuty, AWS Secrets Manager, AWS KMS
Amazon Web Services
The company is a popular game studio delivering engaging social games for mobile platforms. They create high-quality games that are enjoyed by hundreds of millions of players worldwide by focusing on constant data-driven iteration and innovation.
After reaching hundreds of millions of players worldwide, the goal of the company was to create a new and more secure design to provide best possible solutions to the players on AWS and they needed to apply best practices for their infrastructure. The company has a large stack of technology operations revolving around games. Due to lacking best practices of security on existing workload, implementing a strong identity foundation and applying security at all layers were among the first concerns.
The company chose Sufle because of Sufle’s proven skills in securing AWS environments, particularly in traffic heavy applications. Sufle enhanced existing architectural and design decisions while maintaining a strong focus on security by using extensive technical expertise and experience. Sufle carried out a security evaluation of the present workload from day one to highlight risky areas.
With the help of AWS Organizations, a structured account schema is established to manage and govern multiple accounts centrally. To ensure there is only legitimate and authorized access, user management is handled through the AWS IAM Identity Center to simplify managing users across all AWS accounts. Guard rails enabled organization wide and with using Service Control Policies security is ensured on every level.
To guarantee the end-to-end security during transit, AWS Certificate Manager is used to provision, manage, and deploy public and private SSL/TLS certificates. Many of the manual procedures formerly involved in using and managing SSL/TLS certificates are eliminated by AWS ACM which results with less operational overhead.
Since the majority of other AWS services are effortlessly integrated with AWS KMS, the new design leveraged KMS to provide data encryption at rest on services such as Amazon RDS and Amazon S3. KMS is a fully managed centralized key management solution that makes encrypting data in other services as simple as ticking a box.
During the modernization of application workloads, AWS Secrets Manager is chosen for a secure and scalable method to store and manage application secrets and sensitive credentials. Previously credentials were handled manually on the application instances, which was creating a huge operational burden for administrators and creating an environment open for human errors to occur. Using Secrets Manager’s native integration with Amazon ECS containerized applications can automatically retrieve secrets and sensitive credentials during the provisioning phase.
To maintain constant security and handle security incidents, AWS CloudTrail is utilized to centrally audit all logs and activity across various accounts. Amazon GuardDuty is used as an intelligent threat detection to continuously monitor all AWS accounts.
To ensure that stronger security standards are enforced through the account, the configuration of the AWS account complies with CIS Benchmarks, an objective, consensus-driven security guideline. Anomalies and significant actions are instantly notified to security assurance teams utilizing security automation checks and alerts deployed using Amazon GuardDuty, AWS CloudTrail, and Amazon CloudWatch Events.
Company’s new design will allow them to speed up their global expansion with a more secure and reliable infrastructure with a possible room for future innovation.