_Enhancing productivity and security with Cloud Native solution
- Increased productivity
- Improved certificates management
- Ensured the highest security
- Globally available solution that serves as one place to upload all certificates
- Reliable, secure, cost-efficient, and time-saving system using Serverless & Cloud Native solutions
One of the IT and Security market giants has turned to TT PSC for support in delivering a global store where users can upload all their certificates at once without worrying about them later. The customer wanted a highly reliable, resilient, and secure solution that could minimize the risk of misplacing or losing certificates. Additionally, a global store for certificates should promote consistency and standardization throughout the company, ensuring that all services are held to the same standards.
Our customer, a publicly traded enterprise founded over 20 years ago, is one of the world’s most significant information security companies offering identity management. Their technology is used in the Finance, Energy, Retail, Healthcare, and Public Services industries. The company achieves a few hundred million in revenue annually and employs several thousand people worldwide.
- Time-consuming tasks, such as users uploading certificates separately, for each service and every day, had to be performed more efficiently. #increasedproductivity
- A global certificate store is needed to enable access for users to all services effortlessly but securely, which should improve the daily execution of tasks. #improvedmanagement
- A high risk of misplacing or losing certificates, which can lead to significant consequences such as regulatory violations or compromised security. The customer wanted to make their solution more resilient with improved security and consistency. #highestsecurity
The TT PSC Team designed and developed a Cloud Native solution for a global certificate store to meet customer needs.
The solution consists of two API Gateways:
- public one for the UI (authorized by JWT),
- private one (IAM authorization) for serving certificates to all customer services.
Several Lambda functions work as the backend and a DynamoDB table is employed using a single-table design. Additionally, CloudMap is used as a service discovery.
AWS Cloud Services used:
- API Gateway
Main results and advantages
The solution is available globally in all regions currently supported by our customer. Now, in every AWS region that the customer uses, there is one single source of truth, where users can upload the certificate files.
This system is more cost-effective than the previous one. Instead of many different systems, using VMs or containers, there is a Serverless solution. It’s also significantly more reliable and secure than the previous one.
From the customer’s perspective, it’s also much more convenient to upload, edit, delete, or revoke the certificate in one centralized location rather than being required to perform these actions across multiple platforms.