Kiteworks Accelerates Private Content Network Provisioning with Automation on AWS
By Inder Mohan Singh, Technical and Cloud Services Director – Kiteworks
By Hariharan Suresh, Sr. Solutions Architect – AWS
By Mingwei Leong, Sr. Partner Solutions Architect – AWS
Securing digital communications across omnichannel depends on the tools used by the organization. Infrastructure as code (IaC) and DevOps help product teams to automate provisioning for their software applications. Amazon Web Services (AWS) helps customers to deploy, scale, and maintain their solutions based on their business needs.
Kiteworks is an AWS Partner that delivers a dedicated Private Content Network (PCN) to unify, track, control, and secure the private information interchanged between organizations and their trusted partners like consultants, customers, and suppliers.
In this post, learn how Kiteworks uses AWS for infrastructure provisioning, data protection, and automation of its PCN.
Kiteworks’ hosted or supported communication channels, including email, file sharing, managed file transfer, web forms, and application programming interfaces (APIs), are used by thousands of public and private sector customers globally for mitigating communication-oriented risks like data breaches and compliance violations.
Automating the Delivery of a Private Content Network
The Kiteworks operations team discovered that software provisioning was taking days due to the manual practices used. In response, Kiteworks’ technical services team embarked on automating provisioning of their Private Content Network to deliver a better customer experience and boost employee performance.
The technical services team set out to reduce a customer’s waiting time by automating the following:
- Data isolation and data loss prevention
- Service quotas
Kiteworks begins customer onboarding by analyzing organizational needs related to tenancy; namely the isolation requirements for provisioning the PCN infrastructure. The operations team then works with the technical services team to execute end-to-end provisioning. Kiteworks runs hundreds of servers for securing customer communications.
Before automation was introduced, Kiteworks needed at least 2-3 hours to manually provision infrastructure to set up its software solution. Working with AWS tools, the Kiteworks technical services team built two layers of automation.
Figure 1 – Kiteworks’ automated customer on-boarding.
- First, the software component testing process is automated.
- Source code managed using GitLab repositories and GitLab runners is used for unit testing and feature development.
- Integration testing is conducted using Amazon EC2 Spot instances, resulting in production-ready Amazon Machine Images (AMIs). Kiteworks launches test clusters ranging from 70-100 instances for executing integration tests.
- Second, Salesforce customer information and configuration data are used to trigger Jenkins jobs for infrastructure provisioning and automation.
- IaC practices are employed and AWS CloudFormation templates are created based on broader customer profiles.
- Subnets and virtual private clouds (VPCs) are created based on defined CloudFormation templates and a customer profile.
- Standalone instances or clusters are provisioned based on a customer’s consumption requirements. New Amazon Elastic Compute Cloud (Amazon EC2) instances are preconfigured with the vCPU and memory requirements on their subscription. (See below for AWS account quota management automation based on consumption.)
- After launching infrastructure components, the technical services team uses the testing team’s certified AMI and deploys instances into the launched customer’s PCN infrastructure.
- Third, manual human operational errors are mitigated using CloudFormation templates establishing deployment hygiene, resulting in error reduction by 50%, thus speeding up the entire provisioning process.
- Least-privilege permissions are enforced using AWS Identity and Access Management (IAM) policies and roles to ensure segregation of duties. IAM’s single sign-on (SSO) is integrated to simplify access to applications with ease.
- Amazon Simple Notification Service (SNS) is used to notify the sales and technical services teams about the completion and availability of the customer infrastructure.
With the automation described above, Kiteworks successfully reduced the time required for product testing and certification from 3 days to just 4 hours. The technical services team now launches an average of 800 Spot instances for automating their product testing and certification process.
The automated onboarding process has improved the customer experience by providing the customer with an environment ready for use within 15 minutes of subscription confirmation. This is an 87.5% reduction from the previous 2 hours needed for manual onboarding.
Data Isolation and Data Loss Protection
Kiteworks isolates customer data and configures it with data encryption, backup, and safe deletion after consumption.
Figure 2 – Kiteworks data isolation and loss prevention workflow.
- Customer data handled by the Kiteworks security applications is hosted in Amazon Elastic Block Store (Amazon EBS) volumes with multilayered encryption enabled. Kiteworks’ software packages are certified and built into AMIs and EBS volumes and attached to the EC2 servers created from the AMIs.
- Data transmitted on a customer-managed PCN is encrypted using multiple options. Kiteworks provisions configuration based on customer requirements using the services below.
- AWS Key Management Service (AWS KMS) is used to create, manage, and control cryptographic keys used for securing customer data in transit and in storage.
- Customers are provided with the option of configuring their own private keys or using managed keys.
- The Kiteworks team uses AWS Backup to back up customer servers in the form of AMIs and EBS snapshots. Detailed tagging mechanisms are put in place for identifying and scheduling backups for the application servers specific to customers.
- Using AWS Backup, customer servers can be recovered with ease using point-in-time recovery and made configurable using backup, plan-based time schedules. Backup starts on the day of the first login by the customer, and backup schedules are effectively configurable for customers operating large clusters.
- Infrastructure provisioning powered by CloudFormation ensures the creation of EBS volumes and data security configurations using AWS KMS. Customer data flows through the PCN in real-time and is stored into customer-specific EBS volumes.
- Customer data is transitory on the Kiteworks network, and by default customer data expires in 30 days, which can be configured. After the expiration time lapses, data is moved to recycle bins for safe deletion. This protects against data theft and replay attacks using software shredding approaches.
Service Quota Management
Kiteworks manages hundreds of isolated and multi-tenant customer environments. Kiteworks built its dashboard to be aware of the service quotas and constraints of their AWS accounts and the AWS resources used in multiple regions.
Figure 3 – AWS service quotas automation workflow.
- Kiteworks uses Amazon EventBridge triggering AWS Lambda on a daily basis.
- AWS Lambda calculates the consumed resources like VPCs, subnets, EC2 instances, and volumes. Lambda checks the quotas with information via service quota APIs.
- The service quota information is sent to the Kiteworks technical services team through SNS.
- The technical services team decides upon the usage and creates the service quota increase request on an as-needed basis.
Through automation on AWS, Kiteworks has made efficiency and cost control improvements by improving control over resource wastage. Compared to an on-premises deployment, this approach has reduced by 90% the time spent by Kiteworks’ technical teams on customer infrastructure setup such as configuration, networking, security, and provisioning.
This approach has also resulted in swift security clearances and lower human interaction within Kiteworks teams. AWS developer tools, AWS Backup, and AWS service quotas have helped Kiteworks improve the customer experience by removing their operation team’s undifferentiated heavy lifting and helping them elevate their business value by focusing on product development.
Kiteworks – AWS Partner Spotlight
Kiteworks is an AWS Partner that provides various AWS deployment options to mitigate the risk of breaches and compliance violations from third-party communications.