Case Study - Plus-IT
A Bit About Plus-IT and the Problem
Plus-IT is a company based in Germany that specializes in managing data, The firm developed a training management software hosted on AWS. This is a tenant-based solution where customers manage their training data, documents and processes.
The Disraptor Solution
Disraptor firstly did a thorough sweep of the customer’s environment to identify what infrastructure is in place. The team used both the console and the AWS CLI to inspect each resource for general gaps. The “AWS well architected framework” was used as a guideline with specific reference to the security pillar. Once the team had a good understanding of the environment, an extensive audit was performed against GDPR and DSVGO of which CIS (Center for Internet Security) benchmark played a vital role. Once the audit was performed, the team prioritised in order of criticality, the security gaps that were present as well as an in-depth hands on guide on how to remediate the findings. The team went a step further and provided a list of architectural improvements which included a list of resources that are well suited for infrastructure as code as well as a recommendation for an AMI (AWS Machine Image) pipeline.
Through this project, Plus-IT was empowered in knowing, to detail, which resources posed the highest risks. The Disraptor team ensured that Plus-IT was in a position to remediate the security gaps by providing step by step instructions through the AWS console. In addition, the team also advised on architectural changes required to fix security gaps which included re-creating the subnets into a Multi-AZ setup that separated the application, database and public ranges. As a result, Plus-IT is now offering its client a state-of-the art software solution that has the highest possible IT infrastructure security.