Now that we’ve explained a little about the technology within the EDF and how it helps address IT governance, let’s turn to look at some examples of how we have used this approach to deliver governance for customers.
Config Governance, Regulatory Compliance with CIS
For a large hotelier, who has Tier One PCI compliance needs, we implemented CIS Level 2 Alerting Framework using AWS Config. (A Level 2 CIS hardened image is preconfigured to meet CIS Benchmarks in environments where security is paramount, acting as a defense in depth measure.) Additionally, we helped to automate the implementation of open source and AWS WAF managed rules set to protect the company’s external facing services, ensuring availability and a superior customer experience.
Cost Governance & Secret Management
We had the opportunity to work with a large telecommunications company on a cost control and alerts project. As a standard part of our cost governance practice, we develop an account structure that assists in the segregation of cost. AWS Config was implemented to ensure that unauthorized use of AWS resources was flagged and alerts were sent to the appropriate parties. We also helped develop a tagging policy specific to cost governance that the customer can now use to identify cost centers associated with resources for cost allocation and tracking.
In addition, we helped the firm implement DevOps at scale by creating a repeatable pattern for 120 applications. It became clear, as we progressed developing the pattern, that a secret solution was needed; we chose HashiCorp Vault to retrieve and inject secrets as the applications were deployed in the AWS Landing Zone. Since these applications were also external facing, we helped develop and deploy an effective and secure AWS WAF solution.
IT Asset Governance
Last, we had the opportunity to work with the innovation lab for a large manufacturer who had specific IT Management needs around asset inventory. To help them address the issue, we developed and deployed AWS Systems Manager Inventory in the firm’s environments, in a repeatable and automated manner. Custom rules were co-developed or handled by the customer team and updated through automation pipelines implemented by the Flux7 AWS consulting team.
Cost governance was also important to this customer, so our team developed and deployed a solution for Jenkins to use Spot instance for its slave when possible, thereby saving up to 90% off of on-demand prices. Lastly, the hardening process and services described above were extended as part of the Account creation automation we put in place, helping ensure the firm’s environment included AWS security best practices.
IT Governance can help organizations align IT with business strategies to ensure regulatory obligations, cost goals, customer data privacy, and other business initiatives are met. Using the Flux7 EDF as a framework for IT Governance in conjunction with our customers’ DevSecOps objectives, we identify specific needs, create a custom plan of action and work as partners with our customers, teaching as we go, to actively build a solution that delivers governance with agility. Interested in learning more? Reach out to us today.
from Flux7 DevOps Blog