More secure than locking your vehicle.
This automotive retailer needed an assessment of its AWS and Azure security by a neutral third party.
They wanted to identify security gaps and vulnerabilities and for an experienced managed service provider to manage the security and compliance of its environments.
We assessed their multi-cloud security posture using industry standard frameworks, enabling remediation of identified threats, and implemented governance throughout the organization.
About the Business
With hundreds of retail outlets across the country, this American automotive retailer provides new and pre-owned cars, trucks, SUVs, and associated services in the United States.
The Business Challenges
A multi-cloud user, the automotive retailer needed an assessment of its AWS and Azure security by a neutral third party to identify security gaps and vulnerabilities. It also wanted an experienced managed service provider to manage the security and compliance of its environments.
Using a combination of discovery workshops, surveys, and meetings with staff as well as automated and manual assessment, 2nd Watch assessed the company’s multi-cloud environment using industry standard frameworks. The 2nd Watch cloud security team evaluated the retailer’s overall security posture including its entire cloud infrastructure and focusing on the cloud security lifecycle. It reviewed user accounts and key management, focusing on privileged account management and least privileged. It also reviewed and assessed the company’s PKI and key management implementation.
2nd Watch implemented tools and processes to detect, log and notify the organization of changes in billing, API activity, resources, application activity and network activity for appropriate auditability and reviewed network security groups and firewall policies against common misconfigurations to ensure full cloud infrastructure protection.
Additionally, 2nd Watch set up tools to detect and address threats, vulnerabilities and any need for patching and malware to continuously verify and maintain the integrity of the retailer’s operating systems. The 2nd Watch security team assessed the technical implementation of data protection, determined the best method for data encryption, backup, replication and recovery, and reviewed incident response policy related to cloud infrastructure, including roles and related processes.
Finally, 2nd Watch assessed potential security risks in the company’s DevOps pipeline to provide a technical implementation plan for secure automation.
The Business Benefits
After receiving the results of the security assessment, the automotive retailer worked with 2nd Watch to prioritize actions and is now enabled to remediate all identified threats and areas of weakness in its AWS and Azure environments. 2nd Watch also provides Managed Governance and Compliance services to help the retailer create and implement governance throughout its organization, programmatically enforcing compliance to defined policies.