Travelex
Travelex at the time had progressed with building a Foreign-Currency Exchange (FX) Payments platform in AWS and built a Mean-Viable Product (MVP) when Complete Cyber was invited by the CISO to undertake a deep-dive technical evaluation of the security of the Platform. Our scope extended into the business to understand the Software Development Lifecycle (SDLC)
SCOPE
CHALLENGES
Working remotely due to the COVID-19 pandemic, ensuring a third-party IT services outfit responsible for configuring, administration and deploying IT services and hardware were some key challenges. Coupled with an organization considered mature in its Cyber posture needing to uphold a high compliance level against its anti-malware, anti-virus and data leaking software. Our role was to ensure the third-party IT service provider was held accountable for maintaining the high degree of security compliance in data and security protection for 20,000 laptops including server infrastructure being deployed across several Azure accounts. Additional challenges resolved around performing security evaluation of the migration of services and ensuring that any potential security weakness could be identified and rectified before the design becoming deployed as part of the transformation.
OUTCOMES
As part of our support, we were able to ensure RSA’s Cyber requirements for achieving and maintaining compliance using various security protection was upheld when deploying a fleet of 20,000 laptops. We also undertook a security evaluation audit, ensuring the new O365 accounts were conforming to RSA’s Information Security requirements to ensure the program could continue with the Digital Migration. We also developed and managed the deployment of a combination of migration endpoint security metrics into a centralized SIEM platform using ELK configured to provide alerting in this area.