The client chose the Azure Cloud Platform to scale and meet the needs of a growing partner base and rapid rise in the number of business applications. Though it enabled business growth, Azure had security issues, and the client had to reimagine their cloud security framework with a sophisticated, large-scale, multi-layered security architecture.

Business Challenges

The air carrier wanted to migrate its on-premise data to the cloud. They were investing heavily in digital marketing platforms to drive growth and justified the adoption of a cloud data lake to foster operational efficiencies in marketing activities, grow revenue, and enrich customer experiences. They migrated their data to Azure to meet the requirements of clients and partners.

Azure security challenges included a lack of visibility of data, absence of data control and non-compliance, a lack of staff with skills to assess security gaps,

and an increased risk of data theft. These compromises in security could result in the unavailability of platform services, causing financial and reputational losses.

Solution Framework

Integration of security tools and technologies: Integrate cloud-based security tools and technologies using virtualized containers to enhance stability.

Configuration of custom rules: Configure custom rules to obfuscate data while preserving format and usability to provide business context when consumed by Bl applications.

Enable data integration and data governance: Ensure custom rule configurations help the client to build data integration, drive data quality, establish data governance processes, and execute business intelligence and analytics use cases in a secure environment. 

Strategy Design and Solution Approach

• Examine the current state of cloud
• Recommend a comprehensive cloud security framework to secure the airline’s cloud platform.
• Build a multi-layered, scalable architecture to support their business intelligence platform, which consolidates transactional and customer data for their marketing team to identify prospects and drive marketing campaigns.
• Instill security into architecture design, monitor cloud activity in real-time, and conduct penetration tests to keep the platform and customer data safe.
• Set up Terraform templates to bring up the lnspec automation tool and deploy benchmark profiles for constant scanning, compliance, and measure the state of Azure resources deployed by Ansible/Terraform.
• Voltage tool implementation for end-to-end data masking and encryption, including the protection of PII information used by data lake infrastructure.
• Build capabilities into the solution to handle custom application rolling logs and devise processes to pass the logs to EventHub and be consumed by the Jask