The new security solution provides congstar with a large number of new business indicators, such as improved customer offer calculations. On top of this, T-Systems and AWS enable congstar to drastically improve the time it takes to provide new infrastructures compared to the previous on-premise solution. This optimizes costs and time required for the implementation of new use cases.
The challenge for congstar is that they need a platform to analyze various anonymized data. To review different approaches to data, congstar needs to efficiently and securely store large amounts of data and access a wide range of data transformation and machine learning tools such as EMR, Athena, Glue, SageMaker, and others. Therefore, the solution needs to be flexible and agile, enabling rapid development of multiple components on the AWS platform without compromising data security and privacy.
The goal is to leverage AWS automation and security services by adhering to AWS best practices and developing a product that meets the stringent requirements of Deutsche Telekom's Privacy and Security Assessment (PSA). Since T-Systems is a proven supplier of PSA-compliant products, the ICT provider was selected by congstar as a partner to support this task.
The security solution developed is provided by a central SecOps account in the AWS organization set up by T-Systems. This enables encryption and decryption of S3 data stores based on a classification tag with provided KMS keys. It also ensures that password policies exist, MFA enforcement is enabled, and logging of all critical components of the AWS infrastructure (including VPC flow logs and various other AWS API calls) is operational. Regional restrictions are implemented using IAM authorization limits. These ensure that geographical distribution is limited. Other AWS services such as CloudTrail, CloudFormation, CloudWatch, and CodePipeline were also central to building, provisioning, and activating this native cloud solution.
Due to the success of this solution and the continuing need to optimize its development environment for further use cases, an AWS account proved too restrictive for congstar. T-Systems has therefore extended the solution to include a landing zone, which enables multiple secure AWS accounts to isolate the various workloads and environments. With the "Least Privilege" principle, T-Systems has created a central location for user administration. This further strengthens the security level of the solution and gives congstar even more flexibility to expand its AWS horizons.
In mid-2018, the solution delivered by T-Systems received PSA approval and went into production. It now offers integrated security as code directly from T-Systems' CI/CD pipeline. This solution enables the congstar DevOps team to work seamlessly in a pre-configured and secure AWS account under the direction of T-Systems.
Based on customer feedback, T-Systems will continue to develop its security portfolio on the AWS platform in order to meet congstar's innovative drive. This includes the focus on micro-services, machine learning, and the successful architecture on AWS.
congstar, a second brand of Deutsche Telekom GmbH based in Cologne, offers prepaid and postpaid mobile communications services as well as complete DSL and VDSL connections. The success of congstar since its market launch in 2007 is attributable to the combination of excellent D-Net quality, favorable prices, and flexible contract terms. More than 4.5 million customers are now benefiting from this. congstar products and services regularly receive awards.