CloudKnox Case Study

Multi-cloud strategy

Problem Description:

CloudKnox provides a single platform to manage identify privileges across multiple cloud environments, allowing customers to protect themselves against malicious activity and compromised credentials. Their build and deployment processes entailed manual script execution. As the business grew, these processes increased in complexity to handle multiple cloud platforms.

Without automation, these processes consumed a lot of time, leaving VMs without the latest security patches vulnerable to attacks. Furthermore, CloudKnox’s MongoDB database was a bottleneck on services, impacting performance. Both costs and security were top priorities.

Solutions Highlights:

Working alongside CloudKnox’s Internal Operations team, AVM automated the build and deployment process using Terraform. We implemented user-based SSH access to the VMs, controlled via code. Furthermore, we enabled end-to-end encryption in-transit using SSL. In doing this, we removed the risks associated with manual deployment, reduced costs, and increased instance security.

To reduce bills further, we migrated CloudKnox’s services from on-demand to reserved and spot instances. Custom AMIs were defined along with an automated patching process using Packer. This allowed CloudKnox to update instance AMIs with the latest software patches on a regular basis, addressing vulnerabilities and providing better protection against malicious attackers.

Tools like AWS Inspector were adopted to automatically scan these instances and generate vulnerability reports. Using these reports, CloudKnox were able to benchmark their services against CIS standards, quickly identifying any deviations and remedying them to meet CIS compliance.

Logging was enabled using a combination of Loggly, Graphana, and CloudWatch for greater visibility on instance activity. CloudKnox were then able to monitor the logs for any malicious activity. Metrics and alerts were configured off the back of these logs to optimise threat detection, quickly notifying teams of any unusual behaviour and automatically triggering functions to address potential threats.

While we nurtured CloudKnox from its inception, we are so proud to announce that CloudKnox now is world level product called Microsoft Entra Permissions Management.

Industry

Security

Challenge

Automating build and deployment processes across multiple cloud platforms to support rapid deployment.

Services & Technologies

AWS

Azure

k8s

IaaS

Compliance

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.