T-Systems-Claim-Logo
Search
Curved lines colour gradient Red-Pink-Purple-Blue

Protecting Employees Using Secure AWS Solutions

Introducing AWS Cloud as a digital foundation for a highly secure Threat Management Assistant (TMA) in Deutsche Telekom 

May 03 2021Madhu Kumar Yeluri

What is TMA? 

Since 2014, Deutsche Telekom AG (DTAG) has run an employee threat management system internally. Dealing with all kinds of workplace issues and threats, the ultimate aim of the system is to ensure that each employee is treated with dignity and respect and to protect the company and its employees from harm. 

The threat management system follows three key steps: 

Digital padlock drawn in blue lines infront of a dark background

Recognize: All kinds of violence have precursors. Identifying specific warning behaviours can help each employee recognize the threat of violence. Employees can report such warning behaviour to the threat management system. 

Assess: The threat management system will then assess the criticality of the issue. 

Defuse: The system implements countermeasures with all involved people to reduce the risk for the employee and the company.

Since data privacy and security are paramount for this project, these aspects are taken into serious consideration when architecting and implementing the solution in AWS:

All the business requirements for the TMA system mentioned above can be met using AWS. The TMA application leverages a modern containerization solution (Docker) using Amazon Elastic Container Service (ECS). This is a fully managed container orchestration service for security, reliability, and scalability.

The points below reflect the services implemented based on the security recommendations and improvements suggested by the AWS Well-Architected Review: 

  • Ruby on Rails as a web-application framework – introduced containerization using Docker process 
  • Deployments via CloudFormation to Elastic Container Service
  • RDS PostgreSQL for data tier – multi-AZ for high availability and failover support 
  • GitLab and Magenta Trusted Registry for versioning and CI/CD
  • SSM Parameter Store for passwords and parameters 
  • Elastic Load Balancing – Application Load Balancer for availability 
  • AWS Key Management Service – encryption for data at rest 
  • AWS Certificate Manager for certificate management
  • AWS CloudFormation – Infrastructure as Code 
  • Amazon CloudWatch – Monitoring

How T-Systems used AWS to achieve a high level of security and zero downtime deployments

Security: Due to the nature of the project, the TMA data needs to be fully protected. AWS services like Key Management Service (KMS) and AWS Certificate Manager (ACM) helped us encrypt the data at rest and data in transit. EBS volumes and RDS PostgreSQL databases are encrypted using AWS KMS keys.

Deployments: To achieve minimal disruption to business, we have adopted zero downtime deployments using AWS Elastic Container Service. In the rolling update deployment type, the service has a desired number of two tasks and a maximum value of 200 percent, i.e. the scheduler may start two new tasks before stopping the two older tasks. We made sure that the cluster resources required to do this are available. The Application Load Balancer performs health checks on the new version of the application before the old version is replaced. Using AWS Elastic Container Service, we are able to achieve Continuous Integration (CI) and Continuous Delivery (CD). This helped us in providing much faster feedback to project teams, thus adopting Agile/DevOps culture.

AWS Architecture – Security design implemented by T-Systems

tma-ext-prod-Architecture

AWS Architecture – CI/CD Pipeline implemented by T-Systems

tma-ext-prod-CI_CD

Benefits

Today, threat management is an integral part of Telekom personnel security in Germany. In fact, DTAG is the first company in Europe with a professional and firmly established Threat Management Assistant system.
Migrating the TMA System to AWS fulfilled all the business requirements, including flexibility, security, boost agility, scalability and improved business continuity. It also accelerated development of new features. Zero downtime deployments and AWS automated solutions for creating TMA cloud infrastructure with ease for operations.
The methodology of the AWS well-architected framework cannot only be applied to greenfield containerization projects but, as well for migration topics within Brownfield approaches.

The TMA System and Development team, along with myself as the Project Owner TMA, are extremely satisfied with the T-Systems AWS Managed Cloud Container Services (MCCS) team's high level of professionalism and efficiency. Their agile mindset has been particularly impressive. We greatly appreciate their work and support throughout the project and would highly recommend their services for future projects."

 Dirk Menke, Project Owner (Telekom Security)

Conclusion

Today, threat management is an integral part of Telekom’s personnel security in Germany. In fact, DTAG is the first company in Europe to employ a professional and firmly established Threat Management Assistant system. 

Migrating the TMA system to AWS fulfilled all the business’s requirements, including flexibility, security, increased agility, scalability and improved business continuity. It also accelerated development of new features. Zero downtime deployments and AWS automated solutions contributed to a TMA cloud infrastructure with resulting benefits for operations. 

About the author
Madhu Kumar Yaluri – Principal Cloud Architect

Madhu Kumar Yeluri

Principal Cloud Architect, T-Systems International GmbH

Show profile and articles

You might also be interested in

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.