Case Study : Audit and Strengthening of Security and Networking

Published by Gabrielle Guerrini on

The client:

UEX Health Insurance is a Singapore-based start-up company founded in 2016 and offering insurance personalization services. Their mission is to use smart technology to make private insurance simple, fast, efficient and personalized for their members. 

By using the dynamic UEX application, the customer is able to customize an insurance and price, for one person or more, in just a few clicks. Power is back into customer’s hands. More information: www.uexglobal.com/

The context:

Early in its history, UEX has chosen AWS platform to support its burgeoning activities and leverage Cloud flexibility to match their rapid growth. UEX is born digital, thus AWS was the logic choice at their inception. Along the years, more AWS SaaS services have been added in the architecture.

UEX bet has not been off all this time, and expectations have already been met, waiting for upcoming new services to be rolled out.

The challenges:

UEX has grown over the years and the initial architecture choices were not as efficient as initially, specifically in network segregation, deployment mechanisms and keys management.

UEX wants to review the roles and permissions available to technical resources and personnel as the organization changed and prepares for the next growth spurt.

Constrained by time and resources, UEX asked EVA Group to design the target infrastructure for a new region deployment in the next few months, as well as to lead the roll-out of the new blueprint on the current infrastructure, while ensuring continuity of services. 

The solution:

EVA Group has designed an infrastructure blueprint offering network segregation between functions and environments, high-availability and ability to scale out and scale in. Workloads have been regrouped following their functions and roles, while providing homogeneous setup for Business workloads. High-Availability has been designed in the blueprint to respond to current architecture requirements but as well to allow future evolutions without any change in blueprint.

As part of the architecture solution, the CI-CD pipeline has been redesigned to remove Programmatic Keys in favour of EC2 Roles, reducing the risk of compromising. Overall, management of keys and connections to the systems have been redesigned to increase the control, lower the security risks and provide new areas for trackability. The different environments have been straightened to be identical on technical architecture point of view and clear and effective segregation between environments have been ensured. Some additional security features have been deployed, such as WAF mechanisms.

As part of the Consulting expertise provided by EVA Group, an IAM Policy and its specific implementation for UEX core business has been designed, approved and rolled-out.

Results:

Having performed a security and configuration review of its infrastructure and commissioned a new target blueprint, UEX has industrialized his core business growth and deployment on existing and new regions alike.

Users, roles and keys management has been improved and a clear trackability has been put in place, existing and old policies have been reviewed, adjusted and in some cases decommissioned, while new policies have been implemented to fit the different roles in the organization.

Whereas environments were separated, they are now segregated using networking mechanisms, increasing again the security of the platform and avoid cross-environment impacts during Changes.

As part of the work, a final housekeeping has been performed to deactivate default, unused and/or redundant objects and services.

Benefits:

🚀 Clear blueprint to continuously audit current infrastructure and detect / correct deviations.

🚀 Lesser manual actions to perform SysOps activities.

🚀 Easier Identity and Access management with pre-defined Groups and Roles and strengthened User Management (technical enforcement as well as practices). Peace of mind, with a Secure by Design approach and built-in limitations in Groups and Roles.

🚀 New CI-CD deployment mechanism to allow built-in scalability for application release and stricter control in access right management.

Why EVA Group ?

With more than 13 years of expertise in network infrastructures, EVA Group has proven experience in legacy and Cloud architectures, from Design to Operations, including integration.

AWS partner for several years, EVA Group has all the necessary skills to support its customers in their evolution towards the cloud.

Leveraging on EVA Group APAC, its Singapore-based APAC HQ, EVA Group has delivered all the intended work and expertise locally, ensuring flexibility, short response time and time zone alignment.

Benoît TA KIM

Deputy Managing Director APAC

Categories: EVA NEWS