Experian turned to AWS to maintain a secure and centralised cloud environment
Global technology and credit reporting company Experian has always operated in different cloud environments across multiple business units so that it could meet the near-real-time data demands of consumers and businesses in the credit reporting industry.
Having to manage security alerts across the many different environments meant that Experian’s global security team were working reactively rather than proactively and fixing security issues rather than being able to identify and prevent the root cause of its security alerts.
Neil Boulter, global director of application security for Experian, said: “The question became ‘How can we best give our clients the tools that provide them flexibility in their environments’ functionality without compromising security?’”
The company needed a solution to help manage these security alerts and also wanted to standardise and automate security protocols to address the root cause of the security alert. Therefore, it turned to Amazon Web Services (AWS)
Boulter commented: “Standardising our tooling and functional use cases would give our clients a single, more unified view from an application and a functional perspective, and that’s where AWS came in with the ideal services to support us in realising that vision."
Experian uses AWS-native security tools to monitor its configurations, using AWS Config, which lets users assess, audit, and evaluate the configurations of their AWS resources.
Reuben Landge, cloud security architect at Experian added: “Using AWS Config, we can automatically change the configurations that need remediation, so our teams can focus on applications and servicing their customers.”
By implementing a standardised security solution on AWS, Experian has now not only decreased its Amazon S3 bucket security alerts by 80 per cent, but it has built a centralised remediation strategy for existing and new cloud accounts, applied standardised security controls to over 400 accounts and can now correct misconfigurations in 2–5 minutes, instead of 24 hours, using third-party tools. It can also now more simply meet compliance standards while maintaining the flexibility to customise environments to best fit its clients’ needs.