Blockchain/Web3 Startup Blocks Gaps and Improves AWS Security Posture Published on June 16, 2023ChallengeA blockchain/web3 startup engaged Protiviti to review their AWS environment. While getting the product to market as fast as possible was a primary goal for the client, security was an afterthought in many scenarios. To address this need and prevent a potential catastrophic security event, the client wanted a quick and consistent way to understand where their security gaps were and how they could improve their AWS security posture. Client snapshot: Profile This startup is setting trends in the blockchain/web3 world, establishing its own protocol that fulfills its vision to give developers an easy path for building scalable, decentralized applications. Client Situation The client turned to Protiviti when it needed a review of its AWS environment to better understand security gaps and how to improve its security posture. Work Performed Leveraged AWS Security Hub to assess the environment’s configuration posture; reviewed the client’s governance structure and IAM posture. Outcome/Benefits Established the client’s AWS Security Hub foundation, customizing foundational security best practice controls to fit the client’s unique needs. SolutionProtiviti leveraged AWS Security Hub, a native AWS solution that can be set up quickly, to assess the environment’s configuration posture. Using AWS Security Hub, the team was able to identify configurations that had deviated from the baseline control and used Amazon CloudWatch to alert on those findings.The Protiviti team also leveraged IAM Access Analyzer and IAM Access Advisor to identify excessive permissions to remediate any issues caused. And they evaluated, set up and operationalized processes associated with AWS KMS, Amazon Inspector, and Amazon Macie.In addition, the Protiviti team architected and developed a notification mechanism to automatically deliver notifications to the appropriate parties when Security Hub discovers a new security event. We developed a new process and playbook that details the appropriate actions to take given certain types of security events. Lastly, the team conducted training sessions and shadow sessions with the client’s project managers to ensure a smooth transition into operation.OutcomeProtiviti successfully stood up AWS Security Hub for the client, customizing the foundational security leading practice controls to fit the client’s needs, and producing a baseline finding report, enabling the client to quickly remediate all issues. In the process, Protiviti helped the client identify more than 50 security risks in their AWS environment and develop appropriate action plans to remediate them.The notification automation, combined with the detailed playbook, empowers the client to consistently monitor their AWS environment while coordinating across the enterprise to quickly remediate any new security findings. Using AWS Security Hub, the client can identify configurations that deviate from the baseline control and tag them for remediation. Secure your cloud environment with Amazon Web Services (AWS) Cloud technology is revolutionizing businesses globally and transforming entire industries across sectors and regions. It facilitates the creation of innovative business models, improves customer and partner relations, and enables a smooth transition from outdated systems to flexible, scalable, and efficient IT infrastructure. Learn More Identifying Components of a Secured AWS Foundation Amazon Web Services (AWS) provides several ways for organizations to securely adopt, develop and manage their AWS environments, including the security perspective of the AWS Cloud Adoption Framework (AWS CAF), the security pillar of the AWS Well-Architected Framework and numerous security services provided by AWS. Read More Automate AWS Digital Identity and Access Management Review Often, there exists the need to perform one-time and regular reviews of Identity and Access Management (IAM) health to answer some of the basic, yet critical questions security professionals care about: 1) Who is entitled to perform what actions against what resources? 2) Are there orphan identities? 3) Am I granting service access to identities that do not utilize them? Read More Topics Cybersecurity and Privacy IT Management, Applications and Transformation