CDT Utilizing AWS Cloud Migration to Enhance Security and Agility for an Indonesian Insurance Company 

Posted by taufik

September 30, 2024

A leading insurance provider in Indonesia, part of a global insurance group, offers a wide range of products and services, including general, health, and life insurance, tailored to both individuals and businesses.  

The company has decided to migration to AWS Cloud services due to the limitations of its outdated on-premises infrastructure. They selected AWS because it has data centers in Indonesia and offers potential cost savings, flexibility, and agility. This migration aims to enhance their security and meet compliance requirements. 

With AWS, the company can continue its commitment to delivering reliable and innovative solutions, ensuring strong customer protection and comprehensive coverage for various needs in the Indonesian market. 

The Challenges 

The company operates in a hybrid environment, utilizing both AWS and on-premises infrastructure, which provides greater flexibility. Their applications include internal systems and public-facing B2B solutions. However, they encountered challenges related to operational resources, knowledge, and technical skills, which slowed their progress. They also needed to enhance their security and compliance. CDT assist with their migration with implemented several key measures, including AWS GuardDuty, AWS CloudTrail, AWS Key Management Service (KMS), Virtual Private Network (VPN), AWS Control Tower, and landing zone.

Solution for Security and Compliance Needs 

The organization recognized a pressing need for enhanced security and compliance measures. To bolster security, CDT adopted a multi-layered approach, integrating various AWS services and best practices. 

Since they operate in hybrid environments, CDT implemented encryption on all servers using custom keys through AWS KMS. They also utilize a VPN and AWS Direct Connect to create secure network connections, allowing private access to the AWS Cloud. Additionally, load balancers are used to enhance traffic management. 

Amazon GuardDuty and AWS CloudTrail are implemented across all accounts to detect malicious activity and monitor log activities, enhancing security visibility. They also use a centralized ingress system with an application load balancer and a network load balancer to minimize the risk of security attacks and exposure. 

For traffic inspection, they utilize third-party solutions like FortiGate, which is integrated with a gateway load balancer to ensure high availability. Additionally, a multi-AZ NAT Gateway is utilized to centralize egress traffic. 

For access management, the company utilizes Identity and Access Management (IAM) with multiple management accounts set up through AWS Organizations. AWS Control Tower enhances governance and privilege management, streamlining organizational operations. They have already implemented landing zone concepts within AWS Control Tower, with main access provided through Single Sign-On (SSO) and a least privilege access model. 

And for incident response, the organization used AWS Disaster Recovery (DRS) for its production environments, while AWS Backup is used for non-production environments to ensure data resilience. 

The organization has successfully complied with the National Institute of Standards and Technology (NIST) standards and local regulations (OJK). It is now actively pursuing ISO certification to enhance its credibility and establish itself as a responsible player in the insurance sector. 

Benefits Gained 

Key security improvements include robust IAM Identity Center practices that facilitate easier management and oversight. The use of Control Tower has streamlined and made it easier to manage the account resources and governance of the organization and improved segmentation, making them more aware that their workloads are clearer, and their segmentation is clearer. Their infrastructure is now more isolated, as many components are inaccessible due to the principle of least privilege. 

Looking ahead, the company is focused on implementing a more robust network firewall and cyberattack mitigation as part of its ongoing security strategy. While maintaining a hybrid environment, they are working towards migrating core systems to AWS and exploring further enhancements in data protection, particularly regarding database encryption and centralized monitoring through a Security Information and Event Management (SIEM) system. 

Through the adoption of AWS Cloud services, the organization has significantly advanced its digital transformation journey, emphasizing security, compliance, and operational efficiency. As they continue to refine their cloud strategy, the focus remains on enhancing their security posture while achieving compliance goals. 

Privacy & Policy

PT Central Data Technology (“CDT” or “us”) is strongly committed to ensuring that your privacy is protected as utmost importance to us. https://centraldatatech.com/ , we shall govern your use of this website, including all pages within this website (collectively referred to herein below as this “Website”), we want to contribute to providing a safe and secure environment for visitors.

The following are terms of privacy policy (“Privacy Policy”) between you (“you” or “your”) and CDT. By accessing the website, you acknowledge that you have read, understood and agree to be bound by this Privacy Policy

Use of The Subscription Service by CDT and Our Customers

When you request information from CDT and supply information that personally identifies you or allows us to contact you, you agree to disclose that information with us. CDT may disclose such information for marketing, promotional and activity only for the purpose of CDT and the Website.

Collecting Information

You are free to explore the Website without providing any personal information about yourself. When you visit the Website or register for the subscription service, we provide some navigational information for you to fill out your personal information to access some content we offered.

CDT may collect your personal data such as your name, email address, company name, phone number and other information about yourself or your business. We are collecting your data in some ways, online and offline. CDT collects your data online using features of social media, email marketing, website, and cookies technology. We may collect your data offline in events like conference, gathering, workshop, etc. However, we will not use or disclose those informations with third party or send unsolicited email to any of the addresses we collect, without your express permission. We ensure that your personal identities will only be used in accordance with this Privacy Policy.

How CDT Use the Collected Information

CDT use the information that is collected only in compliance with this privacy policy. Customers who subscribe to our subscription services are obligated through our agreements with them to comply with this Privacy Policy.

In addition to the uses of your information, we may use your personal information to:

  • Improve your browsing experience by personalizing the websites and to improve the subscription services.
  • Send information about CDT.
  • Promote our services to you and share promotional and informational content with you in accordance with your communication preferences.
  • Send information to you regarding changes to our customers’ terms of service, Privacy Policy (including the cookie policy), or other legal agreements

Cookies Technology

Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. Cookies can record your preferences when visiting a particular site and give the advantage of identifying the interest of our visitor for statistical analysis of our site. This information can enable us to improve the content, modifying and making our site more user friendly.

Cookies were used for some reasons such as technical reasons for our website to operate. Cookies also enable us to track and target the interest of our users to enhance the experience of our website and subscription service. This data is used to deliver customized content and promotions within the Helios to customers who have an interest on particular subjects.

You have the right to decide whether to accept or refuse cookies. You can edit your cookies preferences on browser setup. If you choose to refuse the cookies, you may still use our website though your access to some functionality and areas of our website may be restricted.

This Website may also display advertisements from third parties containing links to other websites of interest. Once you have used these links to leave our site, please note that we do not have any control over the website. CDT cannot be responsible for the protection and privacy of any information that you provide while visiting such websites and this Privacy Policy does not govern such websites.

Control Your Personal Data

CDT give control to you to manage your personal data. You can request access, correction, updates or deletion of your personal information. You may unsubscribe from our marketing activity by clicking unsubscribe us from the bottom of our email or contacting us directly to remove you from our subscription list.

We will keep your personal information accurate, and we allow you to correct or change your personal identifiable information through marketing@centraldatatech.com