The new security solution provides congstar with a large number of new business indicators, such as improved customer offer calculations. On top of this, T-Systems and AWS enable congstar to drastically improve the time it takes to provide new infrastructures compared to the previous on-premise solution. This optimizes costs and time required for the implementation of new use cases.
The challenge for congstar is that they need a platform to analyze various anonymized data. To review different approaches to data, congstar needs to efficiently and securely store large amounts of data and access a wide range of data transformation and machine learning tools such as EMR, Athena, Glue, SageMaker, and others. Therefore, the solution needs to be flexible and agile, enabling rapid development of multiple components on the AWS platform without compromising data security and privacy.
The goal is to leverage AWS automation and security services by adhering to AWS best practices and developing a product that meets the stringent requirements of Deutsche Telekom's Privacy and Security Assessment (PSA). Since T-Systems is a proven supplier of PSA-compliant products, the ICT provider was selected by congstar as a partner to support this task.
The security solution developed is provided by a central SecOps account in the AWS organization set up by T-Systems. This enables encryption and decryption of S3 data stores based on a classification tag with provided KMS keys. It also ensures that password policies exist, MFA enforcement is enabled, and logging of all critical components of the AWS infrastructure (including VPC flow logs and various other AWS API calls) is operational. Regional restrictions are implemented using IAM authorization limits. These ensure that geographical distribution is limited. Other AWS services such as CloudTrail, CloudFormation, CloudWatch, and CodePipeline were also central to building, provisioning, and activating this native cloud solution.