The benefits organizations derive from adopting a cloud migration strategy are driven by several compelling factors that are as diverse as the business’ motivation for moving into the cloud. Organizations are well-aware of cloud computing’s value proposition, such as reduced disaster recovery costs, improved architectural flexibility, zero capital expenses to build out a new data center, and much more. However, one of the less obvious and understood factors—yet one that cloud customers benefit greatly from—is improved infrastructure security.
Cloud Service Providers, such as Amazon Web Services (AWS), have demonstrated their commitment to security through achieving compliance with numerous external compliance programs. Additionally, in an effort to ensure that AWS customers are well-protected (Shared Responsibility Model), they have proactively published best practices, such as Security by Design (SbD) and AWS Security Best Practices, and have continued to deliver native AWS services to improve security operations (e.g. WAF, Inspector, Config, CloudTrail, etc.).
When Deltek acquired HRsmart (now Deltek Talent Management) they began to plan the migration of the application to AWS where Deltek has been offering SaaS solutions for more than six years. Deltek’s cloud architects designed a cloud architecture that leveraged AWS Security Best Practices and ensured that their cloud infrastructure was compliant with their own internal security standards. Deltek then engaged GuidePoint Security’s Cloud Security Practice to provide third-party assurance for the secure design their AWS architecture.
GuidePoint leveraged a custom solution consisting of automation, the AWS SDK, and AWS services to deliver a Cloud Security Health Check for Deltek’s AWS environment. The evaluation criteria for Deltek’s Cloud Security Health Check was based upon information security industry benchmarks, AWS Security Best Practices, and GuidePoint’s Cloud Security Framework. The GuidePoint Cloud Security Framework is used by GuidePoint to evaluate AWS environments against cloud security best practices defined by industry standards including the Cloud Security Alliance Cloud Controls Framework, the CIS AWS Foundations Benchmark, and more general standards, such as the PCI Data Security Standard.
By leveraging infrastructure security provided by AWS, utilizing the combination of GuidePoint’s expert security knowledge and cloud operations experience, and being armed with an understanding of the Shared Responsibility Model, organizations like Deltek are able to deploy to AWS with confidence.