About the Client
Axero Solutions provides a digital workforce software that unifies teams and accelerates business growth. Communication and collaboration are paramount to a successful company. Axero understands the need for proper intranet system and decided to offer an easy to use intranet software that boosts productivity, unifies people, and help companies thrive. Axero Solutions are trusted by world’s most thriving companies, 99% of which are still actively using the platform. Axero Solutions is headquartered at San Diego and have offices at Gurgaon, and Lisbon to support customers across the world.
Business Challenges
Compliance and data protection in the cloud have been a major challenge for Axero Solutions due to shared responsibility model and automation of public cloud infrastructure. To ensure consistent compliance controls across their infrastructure, they required new methodologies. Some of the key areas where our client required continuous compliance were:
- Confirmation on all AWS users to have passwords matching the organization’s password policy
- Logs of all the user actions in the AWS account
- Assure that IAM related activities are tracked and alerted using Lambda
- Identification of all the unattached AWS resource such as Volumes
- Ensure all the instances are launched inside a VPC and SSH traffic are allowed only from the known IP addresses
- Enable Multi Factor Authentication (MFA) for the users
- Confirm all the EC2 related activities are tracked & notified using Lambda and CloudWatch
SecureKloud Solution
After analyzing the client’s compliance requirements meticulously, SecureKloud suggested the usage of AWS Config to achieve continuous compliance across the client infrastructure. AWS Config provides a detailed view of the resources associated with the AWS account, including how they are configured, how they are related to one another, and how the configurations and Axero Solutions achieved Continuous Compliance through SecureKloud Services their relationships have changed over time. AWS Lambda is used to write custom Config Rules. SecureKloud helped the client in configuring the following AWS Config Rules to ensure their continuous compliance needs are met in the environment.
- Untagged EC2 resources – Checks whether the resources have at least one tag attached to it
- IAM password policy enabled – Checks whether the account password policy for IAM users meets the specified requirements
- Cloud Trail enabled – Checks whether AWS CloudTrail is enabled in the AWS account
- Unattached Volumes – Checks whether EBS volumes are attached to EC2 instances
- MFA for IAM Users – Checks whether the IAM users in the AWS account requires multi-factor authentication for console sign-in
- EC2 instances within a VPC – Checks whether the EC2 instances belong to a virtual private cloud (VPC)
- Disallow unrestricted incoming SSH traffic – Checks whether security groups that are in use disallow unrestricted incoming SSH traffic
- Instances launched with approved Instance types – Checks whether all the EC2 instances in the AWS account are of the approved instance types
- IAM User Policy Check – Checks that none of the IAM users have policies attached
- AWS Config Rule – Checks whether the tags and passwords are in place
Business Benefits
- Continuous Monitoring: With AWS Config, Axero Solutions could continuously monitor and record configuration changes of their AWS resources over a given period
- Continuous Compliance: AWS Config allowed Axero Solutions to achieve continuous auditing and assessment of overall compliance of their AWS resource configurations with the organization policies and guidelines
About SecureKloud