Design, deliver, and cross-train client’s team on a hardened, tailored AWS landing zone complete with shared services and third-party tool integrations. Dexcom contacted ScaleSec with an urgent need to prepare a new AWS environment to support workloads for its growing business, starting with an enterprise data lake based on Amazon Redshift. ScaleSec used an accelerator package to design, deliver, and cross-train Dexcom’s team.
ScaleSec helped secure Dexcom's cloud infrastructure through access controls, network segmentation, and security monitoring, reducing risk and improving the client's security posture.
Dexcom contacted ScaleSec with an urgent need to prepare a new AWS environment to support workloads for its growing business, starting with an enterprise data lake based on Amazon Redshift. ScaleSec used an accelerator package to design, deliver, and cross-train Dexcom’s team on a hardened, tailored AWS landing zone complete with shared services and third-party tool integrations. The ten-week engagement included the launch and implementation of a code-driven change management solution.
To support Dexcom’s ongoing global expansion, data analysts needed scalable, secure access to a growing set of structured and semi-structured data. Dexcom selected Amazon Redshift as the data warehouse. But before any workload could be deployed, a new enterprise AWS environment was needed to meet strict security, compliance, and operational requirements.
Jason Borinski is the Director of Information Security for Dexcom. As an experienced cloud customer, Jason recognized that the best time to secure the cloud platform was before workloads went live. With the cloud platform and shared services online, sensitive workloads can be supported without the need to disrupt adoption with costly refits in the future. Jason said, “Ideally you want to bake in security up front wherever possible. So if you’re getting into a new cloud environment, it pays to have a consultant like ScaleSec help you build a landing zone, configure security policy in code up front.”
Regulatory Compliance Built In
Managing Change Securely at Scale with GitOps
ScaleSec integrated this environment with Dexcom’s enterprise third-party tools for infrastructure management, identity management, log management and threat detection, as well as tools for cloud vulnerability management.
To prepare Dexcom for secure expansion of networked resources, ScaleSec designed a networking topology with shared VPCs in each authorized AWS region to meet region restrictions and data residency requirements. Each regional VPC is created in a central account managed by a networking team, with subnets shared to other AWS accounts as needed. This provides strict boundaries between zones, alleviates the need for application teams to manage their own VPCs, and allows the networking and security teams to mitigate the risk of inadvertently public resources. AWS Transit Gateway is used as a hub for cross-region and cross-cloud connectivity.
- AWS Control Tower
- AWS Organizations
- AWS IAM
- Amazon VPC
- Amazon Macie
- AWS IAM Identity Center
- AWS GuardDuty
- AWS KMS
- AWS Config
- AWS Transit Gateway