In addition to optimizing application, data and services infrastructure, the technical implementation services team enhanced the security posture of i4C’s infrastructure (see Figure 2) to ensure confidentiality, integrity and availability of all data collected and processed. Using security best practices,the team implemented and configured multifactor authentication (MFA) to all the IAM users accessing the AWS console. At the same time, they provided secure remote access with SSL virtual private networks (VPNs), for developers and other team members to access Amazon Virtual Private Cloud (VPC) other cloud resources from i4C offices.
Using a defense-in-depth strategy, the team implemented protections at every layer from the network layer: A unified threat manager provided deep packet inspection and firewall controls. The server layer with host-based intrusion detection and prevention services was installed on Amazon EC2 instances with anti-malware, monitoring and logging agents to check for security threats and anomalies. And, finally, the AWS account layer provided secure Amazon VPC network access control lists and EC2 security groups to protect traffic at the subnet and instance layers.