作为全球各国政府的主要战略合作伙伴, 马克西姆斯有助于在复杂的技术环境中改善公共服务的提供, 健康, 经济, 环境, 社会挑战. 对项目服务交付有深刻的理解, 敏锐的洞察力,实现卓越运营, 以及对被服务对象需求的广泛了解, 我们的员工推动我们合作伙伴的关键任务. 马克西姆斯提供创新的业务流程管理, 有影响力的咨询服务, 和 technology solutions that provide improved outcomes for the public 和 higher levels of productivity 和 efficiency of government-sponsored programs.
马克西姆斯’ key challenge was enforcing st和ards 和 ensuring consistency across all public cloud environments. The company has more than 200 AWS 账户 under management, 和 its Azure presence is also growing. It is critical for the organization to have visibility into the many projects spanning AWS 和 Azure, 所有的技术支持团队, 一直到c级领导, 是否了解整个企业的法规遵循状态.
马克西姆斯寻找一个解决方案,使它能够:
为了应对这些挑战, 马克西姆斯实现了InsightCloudSec, Rapid7的云风险和合规解决方案. Rapid7 worked with 马克西姆斯 to customize the product release to meet their compliance requirements. As a result, the total compliance score across 马克西姆斯’ multi-cloud environment increased.
马克西姆斯 has two models for 支持ing its hundreds of AWS 和 Azure projects:
马克西姆斯的安全架构团队, 哪个部门直接向首席信息安全官报告, 确定云标准. “Our goal is to ensure that our st和ards are being followed 和 environments, 账户, 资源是兼容的,Jon Powers说道。, 安全架构高级经理. But enforcing st和ards across the entire enterprise with hundreds of AWS 账户 和 Azure subscriptions 和 different 支持 models was very challenging.
Bridgeman的CCoE团队在CIO办公室内运作. It is responsible for enforcing all written compliance 和 security st和ards in an automated way to enable the project teams to move securely with speed. They have implemented 和 enforced their internal security st和ards 和 st和ards from industry frameworks like NIST 800-53, 独联体, 和AWS基础知识.
“Written st和ards are difficult to consume when you need to build AWS 和 Azure infrastructure resources quickly, 在整个企业中使用不同的工具和自动化,布里奇曼解释道. “We were trying to do it through AWS native tooling, primarily AWS Config, but it had limitations. 和 it didn’t allow us to enforce auto-remediation the way we can take action with InsightCloudSec today.”
正如布里奇曼解释的那样,马克西姆斯并不想建立自己的解决方案. They chose Rapid7 because it provided all the functionality they required, including:
Ultimately, Bridgeman cites ease-of-use as the deciding factor in selecting Rapid7 InsightCloudSec. Rapid7的云解决方案不仅可以轻松扩展, but Rapid7’s GUI means that less experienced technical 支持 folks can navigate it. 和 the ability of InsightCloudSec to integrate with Splunk allows us to enrich our data 和 display it in consumable dashboards for Security, IT, 项目所有者.”
Rapid7对马克西姆斯的安全环境产生了积极的影响. It’s unified their security st和ards in a consistent way, across all AWS 和 Azure 账户. 马克西姆斯 has already begun using auto-remediation bots where needed (where remediation steps weren’t being taken by the account owner themselves). 和, Bridgeman says that Rapid7 has provided them a more holistic view of what their compliance looks like—across their entire footprint.
今天,马克西姆斯的亚马逊网络服务(企业主付款人账户)是:
“Perhaps the most important success story is the simple fact that with Rapid7 we now have a tool that we can trust,布里奇曼说. “我们相信InsightCloudSec提供的数据. That confidence has in turn given the account owners across 马克西姆斯 和 our different business divisions more confidence in the recommendations that we’re presenting them. One of the problems we had before is it was always, ‘Oh, it’s a false positive. 继续前进.但是现在, 实际上,我们能够提供更多关于这些发现的数据, 这是真的, 真的很有帮助.”
“Rapid7 has definitely decreased our risk 和 brought us to a much more consistent state where everybody is working from the same page 和 are very aware of the st和ards. 他们可以看到它. 他们知道InsightCloudSec正在监控合规性,”布里奇曼总结道.
Not only has the total compliance score under their Corporate Master Payer Account improved, 但现在护栏是通过自动化来实施的, 减少不兼容资源的数量. 以不兼容的方式构建的资源将自动修复, 禁用, 删除, 或标记.
“我们现在有人在构建更合规的资源. 和,they’re taking action on the non-compliant resources much quicker because they’re getting alerted 和 notified. 我们对环境有了更好的了解, 现在,我们可以把它传递给我们的行政领导层.
最大的收获? Perhaps that the security posture of 马克西姆斯 aligns with the firm’s strategic growth pillars–elevating the customer experience. 换句话说, 他们获得了更高的满意度, 表演, 以及智能自动化和认知计算的结果.