Today, threat management is an integral part of Telekom security in Germany. In fact, Deutsche Telekom AG is the first company in Europe with a professional and firmly established Threat Management Assistant system. The TMA allows clear communication and collaboration beyond different units which is important for a successful threat management within the company. Thus, the cloud solution improves the efficiency of the process. Furthermore, the solution fulfils all the various business demands of the personnel security team: flexibility, security, scalability as well as improved business continuity.
With the AWS-based solution our threat management process receives a new level of efficiency. Furthermore, we are able to convert the TMA into a market offer in the medium term.
Claudia Brandkamp, Threat Management, Deutsche Telekom
An effective collaboration with different experts such as labor law, compliance, HR, etc. is essential for the threat management. Currently, all steps are monitored with Word documents and e-mails, which is manual and cumbersome making it very difficult to manage. In order to enhance the collaboration and the documentation, a digital process-supporting system, the Threat Management Assistant (TMA), should be implemented. The new system should also incorporate scientific models to help to evaluate the respective monitored employee situation. Those scientific models will be continuously developed so the new system needs to support continuous development/continuous integration (CI/CD). As the team plans to offer the TMA to other companies, they opted for a platform that could easily scale up according to market demands: AWS Cloud. Additionally, due to the nature of the project, the new system should be built in a secure environment to store and share documents.
The T-Systems team built up the system based on the business demands and according to AWS best practice of the well-architected framework. This ensures not only scalability and CI/CD, but as well a high level of security for an efficient and sophisticated system. AWS CloudFormation provides the necessary infrastructures as code. After setting up the infrastructures, the T-Systems team introduced the security features using Key Management Service, AWS Certificate Manager and SSM parameter store for passwords and parameters. Data at rest (in Elastic Block Store and the PostgreSQL database) and in transit are encrypted accordingly. The cloud-native TMA application was established in the AWS Cloud in Frankfurt. Ruby on Rails was used as web application framework. It also introduced containerization (Docker) based on Amazon Elastic Container Service as a fully managed container orchestration service. It allows easy running of applications on a managed cluster of Amazon EC2 instances. Deployments are done with Code Pipeline. PostgreSQL is used as database. A multi-AZ setup realizes high availability and failover support. WordPress is operated for the documentation process. Monitoring is done via Amazon Cloud Watch. The future-oriented method to have an effective solution easily passed an AWS well-architected review.