Telecoms Giant Strengthens and Streamlines Access Control on AWS

Home / Resources / Case Study / Telecoms Giant Strengthens and Streamlines Access Control on AWS

About the Client

A leading Australian telco engaged Sourced Group an Amdocs Company (Sourced) to support its maturation of cloud security on Amazon Web Services (AWS). This ongoing partnership involves close collaboration between Sourced and the client’s in-house team to identify and prioritise areas for improvement. These are then targeted with effective solutions rooted in best practice.

When access management was singled out for an uplift in security we achieved the following outcomes:

  • Complex permissions structure simplified to streamline user access decisions.
  • Testing processes automated to reduce the risk of misconfigured policies for access control causing disruption or creating vulnerabilities.
  • Platform teams empowered to work faster and developer teams allowed to work more independently, fostering autonomy and innovation.

Challenge: Improving Access Control for 200+ User Accounts

The client was looking to strengthen controls surrounding Identity and Access Management (IAM) to enhance security in its complex and extensive cloud platform. Risks were identified in two key areas: the guardrails that were in place and users’ ability to select the correct roles to perform their tasks in a secure and efficient manner.

Both areas presented complex challenges demanding advanced cloud engineering expertise. It was important to apply controls in a consistent and cost-effective manner while ensuring users retained access to the AWS services whitelisted for their account.

Solution: New Procedures Boost Control and Enhance Visibility 

Sourced devised a solution which made best use of AWS capabilities to minimise risk without compromising users’ productivity and efficiency. Several measures were implemented.

Firstly, a clear procedure was developed for requesting and executing guardrails around accounts. This was written in collaboration with the in-house architecture team to achieve buy-in and ensure the documented process was both efficient and effective. Automated testing surrounding the use of AWS services executed from CodePipeline was a key element of the solution. This mitigated the risk of misconfigurations being deployed to the production environment, which would have resulted in business disruption and security vulnerabilities.

Next, steps were taken to strengthen and streamline processes surrounding permissions granted to individual roles, following the principles of minimum privilege. The existing set-up was complicated by the fact that various customer- and AWS-managed policies at varying levels were applied to user accounts. Sourced set out to combine roles more effectively and devised a new, more efficient way to handle permission requests.

Improving transparency was another key goal of this project. Sourced introduced measures enabling the client to clearly see the effective permissions for any deployed IAM role and easily compare the permissions of different roles.

Outcome: Strong Foundations for Compliant Container-led Migration  

Effective implementation of cloud-native approaches and proven best practices enabled us to drive the maturation of a critical aspect of cloud security. We’ve streamlined a complex permissions structure, improved visibility, and raised the bar on security measures surrounding access management. These achievements also enable developers to work with greater confidence and velocity, managing their own permissions within the boundaries defined by guardrails.