CDT Ensures Secure Cloud Migration with AWS: Enhancing Compliance and Cybersecurity 

Posted by taufik

September 29, 2024

About the Company 

A leading financial solutions provider in Indonesia, offers a range of services including consumer financing. Established in 1989 the company has expanded its presence across the nation, committed to delivering innovative and customer-centric financial solutions that empower business growth.

The Challenges 

In 2023, the company faced the critical challenge of migrating their core system to the cloud. Key objectives included ensuring flexibility in resource management and addressing security needs with various products available on cloud marketplaces. The cloud migration was not just about operational flexibility but also about enhancing cybersecurity in a rapidly evolving digital environment. One of the core challenges was ensuring that the newly deployed cloud infrastructure was resilient against modern cyber threats.

Furthermore, the company needed had to comply with regulatory standards related to data protection, ensuring the safety of sensitive customer information. This included implementing secure data handling practices, incident response protocols, and disaster recovery mechanisms, all while migrating to a new environment. The challenge was ensuring that these cybersecurity controls were seamlessly integrated into the cloud infrastructure.

“Our primary focus was to ensure regulatory compliance, including incident response protocols, establishing clear Standard Operating Procedures (SOPs), and performing regular disaster recovery (DR) drills. The challenge here was ensuring that these essential security practices were in place from the start of the migration while keeping pace with the project’s rapid deployment”, said the company’s IT Infrastructure Manager.

CDT Proposed Solutions 

To address the the company’s cybersecurity challenges during their cloud migration, CDT provided several solutions focused on ensuring robust security and compliance, with a strong focus on preventing cyberattacks that is AWS Web Application Firewall (WAF). With AWS WAF, the company was able to monitor and control HTTP(S) requests to their web applications. AWS WAF enabled custom rule creation for filtering traffic based on IP addresses, URI strings, and other customizable parameters.

In addition to WAF, CDT also conducted a Well-Architected Review (WAR) to evaluate the company cloud infrastructure’s security posture. This review categorized risks as high, medium, or low, allowing the company to prioritize and address vulnerabilities accordingly. The WAR also helped identify areas where security could be improved and provided guidance on how to maintain a secure environment moving forward. 

Results and Benefits 

The deployment of AWS WAF successfully met the company’s primary goal of preventing common cyberattacks. By using custom filtering rules, the company effectively mitigating the risks associated with threats identified in the Open Web Application Security Project (OWASP) Top 10. With WAF, they can manage to lay a strong foundation for more advanced security measures in the future.

They successfully passed audits, proving that their security and compliance measures were effective. Notably, no security incidents occurred in previous years, highlighting the robustness of their current approach. CDT’s role as partner, conducting assessments and offering remediation ensured that the security measures remained balanced and efficient. The partnership also helped establish a long-term IT Security Roadmap, ensuring the company continues to improve and mitigate risks proactively sustain long-term protection while adapting to evolving threats.  

Privacy & Policy

PT Central Data Technology (“CDT” or “us”) is strongly committed to ensuring that your privacy is protected as utmost importance to us. https://centraldatatech.com/ , we shall govern your use of this website, including all pages within this website (collectively referred to herein below as this “Website”), we want to contribute to providing a safe and secure environment for visitors.

The following are terms of privacy policy (“Privacy Policy”) between you (“you” or “your”) and CDT. By accessing the website, you acknowledge that you have read, understood and agree to be bound by this Privacy Policy

Use of The Subscription Service by CDT and Our Customers

When you request information from CDT and supply information that personally identifies you or allows us to contact you, you agree to disclose that information with us. CDT may disclose such information for marketing, promotional and activity only for the purpose of CDT and the Website.

Collecting Information

You are free to explore the Website without providing any personal information about yourself. When you visit the Website or register for the subscription service, we provide some navigational information for you to fill out your personal information to access some content we offered.

CDT may collect your personal data such as your name, email address, company name, phone number and other information about yourself or your business. We are collecting your data in some ways, online and offline. CDT collects your data online using features of social media, email marketing, website, and cookies technology. We may collect your data offline in events like conference, gathering, workshop, etc. However, we will not use or disclose those informations with third party or send unsolicited email to any of the addresses we collect, without your express permission. We ensure that your personal identities will only be used in accordance with this Privacy Policy.

How CDT Use the Collected Information

CDT use the information that is collected only in compliance with this privacy policy. Customers who subscribe to our subscription services are obligated through our agreements with them to comply with this Privacy Policy.

In addition to the uses of your information, we may use your personal information to:

  • Improve your browsing experience by personalizing the websites and to improve the subscription services.
  • Send information about CDT.
  • Promote our services to you and share promotional and informational content with you in accordance with your communication preferences.
  • Send information to you regarding changes to our customers’ terms of service, Privacy Policy (including the cookie policy), or other legal agreements

Cookies Technology

Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. Cookies can record your preferences when visiting a particular site and give the advantage of identifying the interest of our visitor for statistical analysis of our site. This information can enable us to improve the content, modifying and making our site more user friendly.

Cookies were used for some reasons such as technical reasons for our website to operate. Cookies also enable us to track and target the interest of our users to enhance the experience of our website and subscription service. This data is used to deliver customized content and promotions within the Helios to customers who have an interest on particular subjects.

You have the right to decide whether to accept or refuse cookies. You can edit your cookies preferences on browser setup. If you choose to refuse the cookies, you may still use our website though your access to some functionality and areas of our website may be restricted.

This Website may also display advertisements from third parties containing links to other websites of interest. Once you have used these links to leave our site, please note that we do not have any control over the website. CDT cannot be responsible for the protection and privacy of any information that you provide while visiting such websites and this Privacy Policy does not govern such websites.

Control Your Personal Data

CDT give control to you to manage your personal data. You can request access, correction, updates or deletion of your personal information. You may unsubscribe from our marketing activity by clicking unsubscribe us from the bottom of our email or contacting us directly to remove you from our subscription list.

We will keep your personal information accurate, and we allow you to correct or change your personal identifiable information through marketing@centraldatatech.com