Leading Biotechnology Company Enhances AWS Environment Security and Risk Control Published on June 16, 2023 Challenge A leading biotechnology company that develops life-transforming medicines has worked for decades to improve the lives of those who rely on their work. But recently, they found themselves in need of assistance to enhance the security of their AWS environment. The company had an insufficient understanding of their current security posture and needed additional assistance with risk control and reporting within AWS. The company also lacked a provisioned tenant that can perform a technical scan of their AWS environment and provide benchmarks against the CIS AWS v1.4 benchmark. Client Snapshot: Profile This client is a leading biotechnology and pharmaceutical/life sciences company that develops life-transforming medicines. Client Situation The client needed to enhance both the current security and understanding of its AWS environment, and the risk control and reporting within that environment. It also lacked a provisioned tenant that could perform a technical scan of its AWS environment and provide benchmarks against the CIS AWS v1.4 benchmark. Work Performed Protiviti interviewed the client’s cloud and information security teams, reviewed 30 AWS infrastructure documents, provided findings on the state of the client’s security structure and benchmarked all findings against the CIS AWS v1.4 framework. Outcome/Benefits Identified 2.5 million vulnerabilities and 10,500 issues. 35 infrastructure gaps were identified and mapped to 16 remediation plans. Compiled all findings, recommendations, benchmarks and roadmaps into a 100+ page report for the client. Understanding the Client NeedsProtiviti worked with the client to conduct interviews with the major cloud and information security teams, with SMEs and key stakeholders present. These interviews were targeted to cover the full scope of vulnerabilities and gaps being assessed. Protiviti also reviewed all available documentation to better understand the client’s AWS infrastructure.In addition to interviews and document reviews, Protiviti used a provisioned tool to scan the client’s environment and provide findings on the state of its security posture. These findings were then benchmarked against the CIS AWS v1.4 framework.Utilising AWSFollowing the discovery phase of the engagement, Protiviti worked with the client to implement a provisioned tenant for technical scans. The onboarding process of the tenant involved integrating the tool with IAM users in the client’s AWS environment. A tenant-specific IAM role was generated, that contained permissions enabling the use of services such as ECS, CloudTrail, EC2 and S3. In addition, the client used KMS for secrets handling, Global Protect for regulating access, WAF for on-premise remote access, S3 for Data Lakes, and Control Tower for application security.Lastly, Protiviti leveraged Amazon Access Analyser and Amazon Access Advisor to discover over-permissive roles and users, and evaluated setup and operational processes on security services such as Amazon Cognito, Amazon GuardDuty, AWS Network Firewall, AWS Certificate Manager and Amazon Route53.OutcomeThroughout the engagement, Protiviti scanned multiple production and non-production accounts, as well as thousands of EC2s, containers and S3 buckets, and 150+ VPCs in total. These scans revealed 2.5 million vulnerabilities and 10,500 issues in total. In addition, 35 infrastructure gaps were identified and mapped to 16 different remediation plans.Protiviti further organised all findings into a categorised heatmap of critical, high, medium, and low risk issues, tracked against the level of effort required to remediate. All findings, recommendations, benchmarks and roadmaps were then compiled into a comprehensive report that the client has used to begin remediation efforts. Security scans revealed 2.5 million vulnerabilities and 10,500 issues, detailed in comprehensive reports and roadmaps for immediate remediation. Secure your cloud environment with Amazon Web Services (AWS) Cloud technology is revolutionising businesses globally and transforming entire industries across sectors and regions. It facilitates the creation of innovative business models, improves customer and partner relations, and enables a smooth transition from outdated systems to flexible, scalable, and efficient IT infrastructure. Learn More Automate AWS Digital Identity and Access Management Review Often, there exists the need to perform one-time and regular reviews of Identity and Access Management (IAM) health to answer some of the basic, yet critical questions security professionals care about: 1) Who is entitled to perform what actions against what resources? 2) Are there orphan identities? 3) Am I granting service access to identities that do not utilise them? Read More Read More How Encryption Works in AWS Encryption is a topic that many people easily recognise the importance of, but often fail to appreciate the complexity around it. And complexity only increases when enterprises shift to a cloud environment because cloud services options are expanding at an exponential rate. Read More Topics Cybersecurity and Privacy IT Management, Applications and Transformation