作为全球各国政府的主要战略合作伙伴, 马克西姆斯有助于在复杂的技术环境中改善公共服务的提供, 健康, 经济, 环境, 社会挑战. 对项目服务交付有深刻的理解, 敏锐的洞察力,实现卓越运营, 以及对被服务对象需求的广泛了解, 我们的员工推动我们合作伙伴的关键任务. 马克西姆斯提供创新的业务流程管理, 有影响力的咨询服务, 和 technology solutions that provide improved outcomes for the public 和 higher levels of productivity 和 efficiency of government-sponsored programs.
马克西姆斯’ key challenge was enforcing st和ards 和 ensuring consistency across all public cloud environments. The company has more than 200 AWS 账户 under management, 和 its Azure presence is also growing. It is critical for the organization to have visibility into the many projects spanning AWS 和 Azure, 所有的技术支持团队, 一直到c级领导, 是否了解整个企业的法规遵循状态.
马克西姆斯寻找一个解决方案,使它能够:
为了应对这些挑战, 马克西姆斯实现了InsightCloudSec, Rapid7的云风险和合规解决方案. Rapid7 worked with 马克西姆斯 to customize the product release to meet their compliance requirements. As a result, the total compliance score across 马克西姆斯’ multi-cloud environment increased.
马克西姆斯 has two models for 支持ing its hundreds of AWS 和 Azure projects:
马克西姆斯的安全架构团队, 哪个部门直接向首席信息安全官报告, 确定云标准. “我们的目标是确保我们的标准和环境得到遵守, 账户, 资源是兼容的,Jon Powers说道。, 安全架构高级经理. But enforcing st和ards across the entire enterprise with hundreds of AWS 账户 和 Azure subscriptions 和 different 支持 models was very challenging.
Bridgeman的CCoE团队在CIO办公室内运作. It is responsible for enforcing all written compliance 和 security st和ards in an automated way to enable the project teams to move securely with speed. They have implemented 和 enforced their internal security st和ards 和 st和ards from industry frameworks like NIST 800-53, 独联体, 和AWS基础知识.
“Written st和ards are difficult to consume when you need to build AWS 和 Azure infrastructure resources quickly, 在整个企业中使用不同的工具和自动化,布里奇曼解释道. “We were trying to do it through AWS native tooling, primarily AWS Config, but it had limitations. 和 it didn’t allow us to enforce auto-remediation the way we can take action with InsightCloudSec today.”
正如布里奇曼解释的那样,马克西姆斯并不想建立自己的解决方案. They chose Rapid7 because it provided all the functionality they required, including:
Ultimately, Bridgeman cites ease-of-use as the deciding factor in selecting Rapid7 InsightCloudSec. Rapid7的云解决方案不仅可以轻松扩展, but Rapid7’s GUI means that less experienced technical 支持 folks can navigate it. 和 the ability of InsightCloudSec to integrate with Splunk allows us to enrich our data 和 display it in consumable dashboards for Security, IT, 项目所有者.”
Rapid7对马克西姆斯的安全环境产生了积极的影响. It’s unified their security st和ards in a consistent way, across all AWS 和 Azure 账户. 马克西姆斯 has already begun using auto-remediation bots where needed (where remediation steps weren’t being taken by the account owner themselves). 和, Bridgeman says that Rapid7 has provided them a more holistic view of what their compliance looks like—across their entire footprint.
今天,马克西姆斯的亚马逊网络服务(企业主付款人账户)是:
“Perhaps the most important success story is the simple fact that with Rapid7 we now have a tool that we can trust,布里奇曼说. “我们相信InsightCloudSec提供的数据. That confidence has in turn given the account owners across 马克西姆斯 和 our different business divisions more confidence in the recommendations that we’re presenting them. One of the problems we had before is it was always, ‘Oh, it’s a false positive. 继续前进.但是现在, 实际上,我们能够提供更多关于这些发现的数据, 这是真的, 真的很有帮助.”
“Rapid7 has definitely decreased our risk 和 brought us to a much more consistent state where everybody is working from the same page 和 are very aware of the st和ards. 他们可以看到它. 他们知道InsightCloudSec正在监控合规性,”布里奇曼总结道.
Not only has the total compliance score under their Corporate Master Payer Account improved, 但现在护栏是通过自动化来实施的, 减少不兼容资源的数量. 资源 which are built in a non-compliant way are automatically remediated, 禁用, 删除, 或标记.
“我们现在有人在构建更合规的资源. 和,they’re taking action on the non-compliant resources much quicker because they’re getting alerted 和 notified. 我们对环境有了更好的了解, 现在,我们可以把它传递给我们的行政领导层.
最大的收获? Perhaps that the security posture of 马克西姆斯 aligns with the firm’s strategic growth pillars–elevating the customer experience. 换句话说, 他们获得了更高的满意度, 表演, 以及智能自动化和认知计算的结果.