Various lines of blue light join to form a network and door lock

congstar: No compromises in data protection

T-Systems has developed a security solution for congstar to analyze data on the AWS platform

Efficient analysis of anonymous data

The new security solution provides congstar with a large number of new business indicators, such as improved customer offer calculations. On top of this, T-Systems and AWS enable congstar to drastically improve the time it takes to provide new infrastructures compared to the previous on-premise solution. This optimizes costs and time required for the implementation of new use cases.

Agile component development on the AWS platform

A woman types into a notebook and different holograms appear around her.

The challenge for congstar is that they need a platform to analyze various anonymized data. To review different approaches to data, congstar needs to efficiently and securely store large amounts of data and access a wide range of data transformation and machine learning tools such as EMR, Athena, Glue, SageMaker, and others. Therefore, the solution needs to be flexible and agile, enabling rapid development of multiple components on the AWS platform without compromising data security and privacy.

We look forward to your project!

We are happy to provide you with the right experts and to answer your questions about planning, implementation, and maintenance for your digitalization plans. Get in touch!

PSA-compliant product development

Hands tap on a notebook and digital holograms of door locks appear

The goal is to leverage AWS automation and security services by adhering to AWS best practices and developing a product that meets the stringent requirements of Deutsche Telekom's Privacy and Security Assessment (PSA). Since T-Systems is a proven supplier of PSA-compliant products, the ICT provider was selected by congstar as a partner to support this task.

The security solution developed is provided by a central SecOps account in the AWS organization set up by T-Systems. This enables encryption and decryption of S3 data stores based on a classification tag with provided KMS keys. It also ensures that password policies exist, MFA enforcement is enabled, and logging of all critical components of the AWS infrastructure (including VPC flow logs and various other AWS API calls) is operational. Regional restrictions are implemented using IAM authorization limits. These ensure that geographical distribution is limited. Other AWS services such as CloudTrail, CloudFormation, CloudWatch, and CodePipeline were also central to building, provisioning, and activating this native cloud solution.

Landing zone for more possibilities

Infographics on roles and access rights

Due to the success of this solution and the continuing need to optimize its development environment for further use cases, an AWS account proved too restrictive for congstar. T-Systems has therefore extended the solution to include a landing zone, which enables multiple secure AWS accounts to isolate the various workloads and environments. With the "Least Privilege" principle, T-Systems has created a central location for user administration. This further strengthens the security level of the solution and gives congstar even more flexibility to expand its AWS horizons.

In mid-2018, the solution delivered by T-Systems received PSA approval and went into production. It now offers integrated security as code directly from T-Systems' CI/CD pipeline. This solution enables the congstar DevOps team to work seamlessly in a pre-configured and secure AWS account under the direction of T-Systems.

Based on customer feedback, T-Systems will continue to develop its security portfolio on the AWS platform in order to meet congstar's innovative drive. This includes the focus on micro-services, machine learning, and the successful architecture on AWS.


About congstar

congstar, a second brand of Deutsche Telekom GmbH based in Cologne, offers prepaid and postpaid mobile communications services as well as complete DSL and VDSL connections. The success of congstar since its market launch in 2007 is attributable to the combination of excellent D-Net quality, favorable prices, and flexible contract terms. More than 4.5 million customers are now benefiting from this. congstar products and services regularly receive awards.

To the customer's website (german only)