Establishing a Secure Foundation: Fortifying a Leading Life Insurance Company with Noventiq’s Managed Security Services

As the organization scaled their operations, they recognized the need to fortify their infrastructure to adhere to rigorous security and compliance standards. They also required a partner to manage their infrastructure and security components. Also, they wanted a centralized security ecosystem with advanced monitoring capabilities. Additionally, being a financial player with access to sensitive information, the organization sought a robust framework for identity and access control to safeguard the information and ensure authorized access. Recognizing Noventiq’s proven ability to deliver managed security services and personalized, innovative solutions within the financial sector, the popular financial organization partnered strategically with us to navigate these challenges.

Our security services on AWS have been designed keeping in mind the client’s strong emphasis on compliance, defense-in-depth strategies, and the least privilege access. These efforts encompass:

• To adhere to AWS best practices, we have implemented an AWS Landing Zone architecture to separate organizational units and accounts for core AWS services and applications, enforcing separation of duties. AWS Control Tower has automated the creation and management of this structure. Amazon Guardrails have been used to enforce organization-wide security controls.
• A security architecture has been created using a mix of AWS Native and third-party solutions to enhance visibility, manage compliance, protect against DDoS attacks, secure web applications and APIs, perform URL filtering, control access, inspect traffic, and manage identities and accesses.
• Infrastructure access has been secured with a VDI setup featuring multi-factor authentication. VDIs are configured to block clipboard functionality to prevent data leakage from the organization’s infrastructure.
• Centralized identity and access management is being used through Privileged Access Management (PAM) to reduce the risk of unauthorized access.
• Highly available solutions have been deployed to scan all incoming traffic for malicious content. The solutions include an Intrusion Prevention System, antivirus, and anti-bot solution.
• Enterprise-grade firewalls are deployed to provide centralized visibility and granular traffic control.
• Web application firewalls (WAFs) are used to protect against DDoS attacks and other internet-based threats. Rigorous inspection of all internal traffic is being done by WAF.
• Centralized management and analysis of security logs is done by the customer’s Security Operations Center (SOC), while the Noventiq team takes care of timely actions and incident management.
• With an AWS solution, data is protected through encryption both at rest and in transit.
• Anti-malware solutions have been deployed on VDIs and servers to protect against malicious activities. VDI access is controlled by integrating the access mechanism with Active Directory.
• The Security Configuration Document (SCD) is regularly validated, revised, and updated based on changes in the AWS environment.
• Services have been implemented to manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.