Challenge: Cloud Migration Knowledge Gaps for Insurance Compliance
As part of a digital transformation, a well known and respected insurance company set the daunting task of closing its data center and migrating all of its applications to Amazon Web Services (AWS). Unfortunately, the company soon realized in order to achieve a successful cloud migration by their goal date, it would require external cloud-native expertise.
New Context was hired to oversee the project and update its data center’s numerous legacy application servers into AWS. The work required a combination of deep DevSecOps knowledge, architectural solutions, and hands-on implementation. New Context engineers leveraged many AWS tools and resources to ensure a successful and thorough cloud migration. The company was also required to adhere to the strictest financial compliance standards and undergo multiple audits every year. As a result, New Context had to ensure that any deployed or architected solutions permitted frequent compliance checks.
Solution: Kubernetes in AWS with Compliance and Security for the WIN!
New Context consulting and hands-on work included:
- Service Organization Control (SOC 2) attestation and remediation using open-source compliance tools like Cloud Custodian.
- Providing critical knowledge on AWS services and Kubernetes implementation for Solutions Architecture.
- Best Practices Guidance in DevSecOps methodologies
During the cloud migration, New Context provided mentorship through our Lean Security methodology for DevSecOps best practices. It helped the company’s engineers write more secure code and enabled them to detect more vulnerabilities via static code analysis. To tackle the unique compliance and auditing needs, New Context implemented Cloud Custodian for SOC 2 attestation permitting the company to define numerous policies and ensure that its resources always meet the strictest compliance standards. New Context deployed Hashicorp Vault for proper key management and safe distribution, and used ElasticSearch and Kibana to build scalable, affordable, and centralized log infrastructure. Finally, New Context built a continuous integration/continuous deployment (CI/CD) pipeline on top of GitLab for a seamless Kubernetes development and deployment, streamlining the process of migrating Kubernetes infrastructure into AWS Elastic Kubernetes Services.
In summary, New Context’s deep experience with critical tools like Kubernetes, Cloud Custodian, GitLab, and AWS were indispensable to accelerating the Insurance Company’s cloud migration. New Context was honored to play a role in the digital transformation because highly regulated fields like the insurance industry need proper devsecops infrastructure too!