Securing a Lane for Collaboration
- August 24, 2021
Our client, a global automotive manufacturer, is driven to innovation. While it has deeply knowledgeable engineers and scientists in its company ranks, it also often collaborates with external, third-party researchers. Building a mechanism to achieve deep collaboration with these independent, international researchers was the challenge this team sought to solve.
Having worked with this client on a variety of projects, we were excited at the opportunity to help. Diving in, we helped identify three objectives that would support the client’s business goal for greater collaboration and innovation. They were to:
- Enable the creation of a repeatable, scalable and secure platform for collaboration.
- Leverage existing infrastructure and code repositories, avoiding unnecessary duplication.
- Eliminate manual steps that may be inconsistent and error prone.
Building a secure lane to collaboration
- Effectively balance the needs of multiple groups like infrastructure and specialty teams.
- Be inherently secure so that researchers are invited into an environment with security at every level.
- Avoid significant management overhead, allowing the client team to balance its constrained capacity to take on new things with an easy-to-adopt solution that requires limited ongoing maintenance.
- Combine best fit technologies to enable the above.
The solution is comprised of several key components. First, the AWS Network Firewall Manager. This managed security service acts to centralize the deployment of an AWS Network Firewall infrastructure. It is inherently secure, flexible and scalable. Additionally, it offers ease of implementation which directly addresses the client team’s need for easily adoptable technology.
Second, the solution leverages an AWS Transit Gateway, a hub and spoke networking architecture, which enables interconnectivity and communication between centralized and selectively enabled VPC resources. Yet, to ensure third parties are in an environment with multiple security layers, the AWS Network Firewall operates a central inspection component where we can selectively control what resources third parties are allowed to access, perform IDS, IPS and more.
A third component of the solution is a dedicated VPN. While most internal employees come through an internal VPN, the client is now able to offer a second point of entry with a limited view into the network. This second VPN also helps keep the system secure as its users are only able to access selected core services.
Last, the solution is delivered as IaC, notably through Terraform. For example, the solution features two key Terraform repositories – one for manager policies and another for firewall rules. Through several successful engagements that utilized Terraform, we were able to build on the client’s previous Terraform knowledge to adopt a new pattern for the automation pipelines deployed as IaC for Jenkins, which helped us achieve a repeatable, scalable solution.
In addition, delivering solutions as code creates a high level of observability. Through code commits, pull request reviews and daily standups with the client, we were able to achieve a high level of observability that allowed everyone on the project to provide well-informed feedback -- all of which enables the team to enable access of the environment with greater selectively and control.
This client is not alone in its need to meet several stringent requirements on the path to delivering a solution that benefits corporate goals. Ultimately, the use of automation to remove manual steps helped the team more easily take on new technology while re-using existing technology and intellectual property reduced the need for additional training while empowering the creation of a repeatable, scalable and secure platform for collaboration.
Learn more about NTT DATA’s Cloud Transformation team and how we can help you achieve a secure, scalable solution that achieves your business goals and objectives.