Leading Energy Provider

Client Overview

Versent collaborated with one of Australia’s leading energy infrastructure businesses to modernise their cloud services and address complex digital sovereignty requirements. The customer faced significant compliance challenges, including federal data privacy regulations, state-specific data laws, and energy sector cybersecurity frameworks. Managing an extensive gas infrastructure network, the customer needed a robust cloud solution that ensured data residency, protection, and regulatory compliance throughout their cloud journey.

Challenge

The customer’s initial cloud transition and modernisation efforts encountered multifaceted challenges, particularly around maintaining digital sovereignty. As a critical infrastructure provider, they were subject to Australian laws mandating that sensitive data be stored and processed within the country’s borders. They also needed to address security concerns associated with migrating and maintaining sensitive data in the cloud while ensuring continuous compliance with industry regulations, including stringent access controls. Their existing cloud foundation was inadequate, necessitating an uplift to meet these compliance requirements.

Our customer’s aim was to;

• Attain full compliance with Australian data sovereignty laws, federal data privacy regulations, and industry-specific cybersecurity frameworks within six months to achieve a 100% Compliance rate.
• Maintain zero significant security breaches or data loss incidents by leveraging the enhanced security posture provided by AWS services to ensure zero Security Incidents.
• Achieve a 30% reduction in cloud infrastructure management costs through optimized resource utilization and automated processes, resulting in a 30% Reduction in Operational Costs.
• Reduce the time required to detect and mitigate security threats by half by utilizing the capabilities of AWS GuardDuty and AWS Security Hub, leading to a 50% Decrease in Time-to-Resolution for Security Incidents.
• Double the ability to scale infrastructure to meet business demands, ensuring no downtime or performance degradation during peak times, resulting in a 200% Improvement in Infrastructure Scalability.
• Maintain a high availability rate of 99.99% for critical cloud services to ensure continuous and reliable operation of the energy infrastructure network, achieving 99.99% Uptime.
• Ensure that all sensitive data is stored and processed within Australia’s borders, adhering to local data residency requirements, to achieve 100% Data Residency Compliance.
• Reduce the time required to develop and deploy new services and applications by 25%, fostering a more agile and competitive business environment, resulting in a 25% Faster Time-to-Market for New Services.
• Implement real-time monitoring across 100% of the cloud infrastructure to ensure continuous visibility and proactive management of resources and applications, providing Real-Time Monitoring Coverage.
• Implement automated compliance reporting mechanisms for 100% of regulatory requirements, reducing manual effort and ensuring timely and accurate compliance documentation. These compliance requirements include AESCSF (Australian Energy Sector Cyber Security Framework), CIS, and the Australian Privacy Act, ensuring Automated Compliance Reporting.

Solution by Versent

As a trusted AWS Premier Partner known for its expertise in cloud solutions, Versent collaborated closely with the energy infrastructure provider. Using our risk assessment framework, we developed and implemented a comprehensive strategy to achieve digital sovereignty in the cloud. We leveraged a suite of AWS services, including AWS Landing Zone Accelerator (LZA), AWS Config, Amazon CloudWatch, Amazon GuardDuty, AWS CloudTrail, AWS Trusted Advisor, AWs Audit Manager, and AWS Security Hub, to design a tailored solution meeting the customer’s unique requirements.

Details of AWS Services and Their Role in Ensuring Digital Sovereignty

AWS Landing Zone Accelerator:

The AWS Landing Zone Accelerator expedited the deployment of the customer’s cloud infrastructure, ensuring a secure and scalable foundation for their digital transformation. By automating the setup of a well-architected AWS environment, Versent established standardised security controls across multiple AWS accounts, ensuring consistency and compliance. AWS Control Tower was the central governance and compliance hub, providing a unified view of their cloud infrastructure and enforcing guardrails and compliance policies.

AWS Config:

AWS Config maintained the integrity and compliance of the AWS cloud environment by continuously monitoring and recording configurations. Versent configured AWS Config to detect and alert on deviations from established security and compliance policies, enabling proactive remediation of potential vulnerabilities. Versent utilised a combination of both pre-built and custom conformance packs to provide remediation actions. The conformance packs included operational best practises related to specific AWS services (EC2, S3, RDS, etc.), the CIS AWS Foundations Benchmark, NIST 800-53, AWS Well-Architected Security Pillar, and AWS Foundational Security Best Practices. Custom conformance packs were created for the AESCSF (Australian Energy Sector Cyber Security Framework).

Amazon CloudWatch:

Versent implemented Amazon CloudWatch for real-time monitoring and visibility into the cloud environment’s infrastructure, applications, and logs. By leveraging CloudWatch metrics and alarms, the customer gained insights into resource utilisation, performance, and security, empowering them to respond promptly to security incidents and performance anomalies.

Amazon GuardDuty:

Amazon GuardDuty was deployed to bolster the AWS cloud environment’s security posture by continuously monitoring for malicious activity and unauthorised access. GuardDuty’s advanced threat detection capabilities, powered by machine learning, enabled the customer to identify and mitigate security threats, like unauthorised access, malware detection, credential exfiltration, data exfiltration, DDoS attacks, and port scanning, safeguarding their sensitive data and infrastructure.

AWS Security Hub:

AWS Security Hub served as a centralised platform for aggregating and prioritising security findings from various AWS services. Versent configured Security Hub to automate security compliance checks and provide actionable insights into security vulnerabilities, enabling the customer to address risks and maintain compliance with data sovereignty regulations proactively.

AWS CloudTrail:

AWS CloudTrail was used to record AWS API calls and activities within the AWS accounts. Using CloudTrail Insights, the team was able to detect any unusual API activity. This was crucial for auditing purposes and compliance verification.

AWS Trusted Advisor & Audit Manager:

Using the baked-in & introduced custom compliance frameworks, including the Australian Energy Sector Cyber Security Framework (AESCSF), in both AWS Trusted Advisor & Audit Manager, the customer was able to perform automated continuous compliance reporting and react to any identified risks or threats.

Integration of AWS Network Firewall

AWS Network Firewall was integrated to enhance security, providing scalable protection against advanced threats. Leveraging granular control over network traffic, the customer was able to enforce custom security policies tailored to their requirements, effectively mitigating security risks. With centralised management and automated scalability, AWS Network Firewall streamlined security operations, ensuring consistent performance and reliability. This proactive approach strengthened our customer’s cybersecurity defences, aligning with their commitment to compliance and reinforcing their position as a trusted leader in the energy sector.

Outcome

Through close collaboration with Versent and the strategic implementation of AWS services, the customer successfully addressed the challenge of digital sovereignty while modernising their AWS cloud foundation. By leveraging AWS accelerators and services, the energy infrastructure provider achieved enhanced visibility, control, and security across their AWS environment. This modernisation allowed them to maintain continuous compliance with data sovereignty laws and industry regulations, positioning the organisation for continued growth and success.

With stronger governance and controls in place, the organisation has since onboarded its Enterprise Data Platform onto the foundation, along with its suite of DevSecOps tooling. The platform currently supports twenty users, with significant user growth anticipated in FY25 as critical workloads are onboarded. This foundation has not only ensured compliance and security but also paved the way for future scalability and innovation.

Key Benefits and Further Impact:

• Increased agility and scalability: Ability to rapidly scale infrastructure to meet evolving business needs, driving innovation and competitiveness in the energy sector.
• Enhanced data protection and privacy: Strengthened data protection measures, safeguarding sensitive information from unauthorised access or breaches by leveraging AWS’s robust security features.
• Improved regulatory compliance, with up to 80% reduction on non-compliance issues: Ensured continuous compliance with data sovereignty laws and industry regulations, mitigating the risk of regulatory fines or penalties.
• Potential to reduce the Time to Identify Non-Compliant Resources by up to 90%: Centralised monitoring and real-time alerts helped reduce the time to identify non-compliant resources by up to 90%.
• Potential to reduce the Remediation Time of Non-Compliance Resources by 50-70%: Automated remediation workflows helped cut down the time required to remediate issues by 50-70% compared to manual processes on-premises.
• Cost optimisation: Achieved cost savings and improved operational efficiency through optimised resource utilisation and efficient management of AWS infrastructure.
• Accelerated innovation: Empowered to focus on innovation and digital transformation initiatives, driving business growth and value creation with a secure and compliant cloud foundation.
• Resource Efficiencies: The new AWS cloud platform has provided efficiencies in IP address utilisation, greater security controls, and tag enforcement.
• Potential for improvement in Software Delivery: The new AWS foundation has provided the organisation with the ability to deploy more frequently, the capability to significantly reduce the lead time to change & mean time to recovery, alongside achieving a change failure rate of less than 15% whilst increasing performance & operational efficiency.

Conclusion

Versent’s solution enabled one of Australia’s largest energy infrastructure providers to navigate the complexities of cloud modernisation while ensuring compliance with data sovereignty regulations and industry standards. By leveraging AWS services and best practices, they achieved a secure, scalable, and compliant cloud environment, laying the foundation for future growth and innovation in the energy sector. This partnership underscores the importance of prioritising digital sovereignty and security in cloud adoption strategies as organisations worldwide continue to embrace the cloud.

MORE VERSENT CUSTOMER STORIES

Want to learn more about Versent’s cloud transformation work? Visit versent.com.au/case-studies for more.