Dixon’s Carphone Warehouse - iDmobile Contract Data Project
As part of the OFGEM requirements to make mobile operators contract transfer ownership more transparent, Complete Cyber was requested to support the project under tight deadlines to ensure their Google Cloud Platform could process large multiple datasets from multiple data sources. The scope extended to ensuring the proposed solution met with Dixon's Carphone Warehouse (iDMobile’s Owner) security assurance activities, which required assurance that the proposed deployment architecture and overlaying solution was secure and would not lead to any potential data breaches.
SCOPE
CHALLENGES
The timescales involved were limited to months, with little development of a known solution by the project team, meaning that our team of security architects needed to evaluate what information was available. Access to staff to obtain the required knowledge on gaps from reviewing the available documentation also made it difficult, as decisions such as securing the solution were not known by the team. This meant our team needed to support the team in both providing methods to mitigate common threats, but also evaluate the team's and our work.
OUTCOMES
We ensured that our team worked independently to support the team under the tight timescales to assist them in their development of a data broker for contract data in Google cloud. Evaluating edge defenses using technology such as: Next-Generation Firewalls and ensuring Intrusion Detection/reverse proxy systems were in place at the ingress/egress of the Cloud environment provided some edge protection. Our team of security architects ensured that the Cloud environments were hardened to CIS benchmarks, but introduced compliance scanning at Code as Infrastructure level to ensure configuration of the Google environment was secure. We also ensure that when evaluating the solution from an assurance aspect, we ensure compliance against the Clients' security policies by leveraging tooling designed to pull data to indicate the configuration of the environments.