Our client, a large organization with a complex cloud infrastructure, was experiencing a number of issues with their Kubernetes cluster and its AWS environment.
They had recently onboarded several analytical projects using open source tools like Jupyter, which resulted in an increase in the number of users and data being processed. This had raised security concerns, particularly about unauthorized access, data breaches, and other malicious activities.
Furthermore, the client was experiencing massive cost overruns.
Scaling Infrastructure, Automation, and Security
Ministry of Justice (UK)
To assist in addressing these issues, we conducted a thorough review of the client’s Kubernetes cluster and AWS environment. We began by reviewing the Kubernetes cluster’s architecture and configuration, identifying potential vulnerabilities and recommending appropriate changes. We then reviewed the analytical project onboarding process to ensure that it followed best practises and was in accordance with the client’s security policies.
Following that, we created a logging pipeline that centralised audit security logs, giving the client a unified view of their environment. We also implemented various threat and anomaly detection services to improve visibility into the platform’s overall usage. We discussed our findings with members of the client’s team and addressed them accordingly.
We also integrated security into the DevOps pipeline, including dependency checkers, scanning Docker containers, and the OWASP Zap Proxy. This aided in ensuring that all code changes were thoroughly tested for security vulnerabilities prior to deployment. Finally, we set up an AWS Baseline to scan accounts, alert on discoveries, and respond to various events. This gave the client a proactive security approach, allowing them to stay ahead of potential threats.
Our efforts resulted in significant cost savings for the client, with monthly expenses reduced by up to £50k. We also assisted in improving the security posture of the client’s Kubernetes cluster and its AWS environment, lowering the risk of data breaches and other malicious activities.
The centralised logging pipeline and threat detection services improved visibility into the overall platform use, providing the client with a more comprehensive understanding of potential security risks. Finally, integrating security into the DevOps pipeline and implementing the AWS Baseline enabled the client to manage security proactively, reducing the need for reactive measures.
“I am very impressed by all the improvements and automations that Olivier has made throughout the platform and how it has made life easier for all Smart Pension employees.”Jose Luis Martinez OrtizSenior Software Engineer