Customer Stories / Energy - Power & Utilities / United Kingdom

Untitled design - 4

EDF UK Achieves Cyber Essentials Plus Certification Using Amazon Inspector

Learn how EDF UK improved its security posture and achieved faster time to remediation on AWS.

2 months

to Cyber Essentials Plus certification


security posture


government contracts


routed to correct team

Enhanced visibility

into AWS estate


For organizations based in the United Kingdom, achieving Cyber Essentials Plus (CE+), a key accreditation overseen by the National Cyber Security Centre, is no small feat. Yet, for EDF UK (EDF), a prominent energy provider, the mission was not simply about attaining this certification. The company saw an opportunity to reform its cybersecurity operations, reinforce its reputation, and, most important, enhance cyberattack protection.

With a vast and complex estate on Amazon Web Services (AWS), EDF needed a solution that would not only satisfy the CE+ certification requirements but also set a new standard for cybersecurity. By building a comprehensive, effective security monitoring and remediation workflow on AWS, it managed to do just that.

This solution evaluates EDF’s AWS estate for common vulnerabilities and exposures (CVEs) and routes them to the correct team for support while looking across containers, functions that are powered by AWS Lambda, a serverless, event-driven compute service, and Amazon Elastic Compute Cloud (Amazon EC2) instances, which offer resizable compute capacity for virtually any workload.

In a few months, EDF successfully earned its CE+ certification. The achievement marked a significant turning point in EDF’s cybersecurity operations, empowering it to remediate potential vulnerabilities with increased agility.

windmills near a large body of water

Opportunity | Using Amazon Inspector to Identify Security Vulnerabilities for EDF UK

With a focus on renewable energy, EDF serves five million homes and businesses in the United Kingdom. One of its flagship customers is Crown Commercial Services, a UK government agency that manages the procurement of common goods and services. Through its specialist risk-managed energy procurement service, central government and wider public sector organizations can access electricity and gas. 

Crown Commercial Services requires suppliers to adhere to CE+, a government-backed scheme for cyberattack protection. There are two levels of certification; to achieve the first level, Cyber Essentials, suppliers need to mitigate all CVEs with a criticality of 7 or above within 14 days. To achieve the CE+ certification, they must meet all first-level requirements and have their estates technically validated by a third party. 

“CE+ is an incredibly rigorous audit and process to go through, especially for an enterprise the size of EDF,” says Jamie Banks, enterprise product owner for AWS and DevOps at EDF. “However, Crown Commercial Services is an extremely valued customer and has a great reputation, so we knew we had to pass CE+. By gaining this accreditation, we could show Crown Commercial Services and our wider customer base how strong our security posture is.”

However, this task was far from simple. EDF has a massive AWS landscape with over 450 accounts, more than 1,000 Amazon EC2 instances, and thousands of Lambda functions. With a lack of time, resources, and visibility, EDF needed an efficient solution.

After extensive planning with business and technical stakeholders, it chose to build a monitoring and observability workflow on AWS and adopted Amazon Inspector, an automated and continual vulnerability management service.

“With Amazon Inspector, we could respond fast and get visibility into vulnerabilities across our entire estate quickly and in a controlled manner,” says Jamie. “Given our established history on AWS, we could start using the vulnerability management service straight away and track costs through our existing mechanisms. This, in turn, meant that we could roll out the solution quickly, safely, and efficiently.”


With Amazon Inspector, we could respond fast and get visibility into vulnerabilities across our entire estate quickly and in a controlled manner."

Jamie Banks
Enterprise product owner for AWS and DevOps, EDF UK

Solution | Enhancing Vulnerability Response and Remediation Capabilities on AWS

After turning on Amazon Inspector, EDF gained clear visibility across its AWS estate within a few hours. Although EDF could now identify CVEs much faster, it still needed to route the vulnerabilities to the correct teams for remediation. To establish this workflow, EDF experimented with different methods. 

First, the central platform team identified the scope of the work and delegated remediation responsibilities between engineering teams that were responsible for certain sets of accounts. Then, they started to consume security findings from Amazon Inspector into its project management software. When engineering teams learned how to use Amazon Inspector, they started to innovate and automate, setting up automated alerts that notified them if a vulnerability was detected in their accounts.

“We are now in a place where we have established a common automated process for reporting findings straight out of Amazon Inspector into our service management tools,” says Jamie. “For example, if a security vulnerability is identified in AWS, it is passed through to the service management tool, automatically assigned to the correct team, and logged as a vulnerability in the SecOps module. As tickets are closed, they are automatically updated, meaning we always have an up-to-date picture.”

Amazon Inspector first identifies all vulnerabilities, and then it feeds this information to AWS Security Hub, a cloud security posture management service that checks against current security best practices, aggregates alerts, and facilitates automated remediation. Using an AWS Lambda function, AWS Security Hub then passes this information to EDF’s service management tool, where it is assigned to a team for remediation. (See Figure 1.)

After establishing this workflow, EDF began remediating vulnerabilities and preparing for certification. It increased its patching schedule from monthly to weekly. EDF also used the AWS Cost and Usage Dashboards Operations Solution (CUDOS) Dashboard to manage deprecated AWS Lambda functions, along with several other security-related initiatives.

For components of its infrastructure that could not be remediated, EDF established a new network with restricted access and set up a firewall attached to AWS Transit Gateway, which connects Amazon Virtual Private Clouds (Amazon VPCs) and on-premises networks through a central hub. By isolating the nonremedial legacy estate, EDF can mitigate potential vulnerabilities and reduce the risk of an adverse impact spreading across its network.

Figure 1: Architecture Diagram

Outcome | Improving Security Posture and Accelerating Modernization Opportunities

In December 2022, EDF successfully earned its Cyber Essentials certification. Two months later, in February 2023, the company attained the coveted CE+ and passed its third-party technical assessment.

On AWS, EDF has improved its security posture, maintained its government contracts, and empowered its teams to remediate issues faster. This project also cleaned up EDF’s technology landscape, reducing its attack surface.

With clearer visibility into its AWS estate, EDF can now explore new solutions, modernize, and innovate. “EDF operates in a marketplace that is constantly changing; we are always looking for new and exciting avenues to explore,” says Jamie. “Now we have a comprehensive lens over our AWS architecture, which makes it simpler to maintain. And we can be more nimble in our approach to stay up to date in an ever-changing environment.”

“Using AWS, we've made significant strides in hardening our cloud security posture. Our security monitoring and remediation system has set the foundations for us to build on so that we can efficiently identify and address risks as they arise,” says Sam Rigelsford, chief information security officer at EDF. “This progress played a significant role in our attainment of the CE+ certification, something we're incredibly proud of.”

About EDF UK

EDF UK is one of the United Kingdom’s biggest electricity providers. It is a wholly owned subsidiary of the French utility EDF.

AWS Services Used

Amazon Inspector

Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

Learn more »

AWS Security Hub

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.

Learn more »

AWS Lambda

AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers. 

Learn more »

AWS Transit Gateway

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships.

Learn more »

More Security, Identity, & Compliance Customer Stories

no items found 


Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.