ENGIE Helps Secure 51 Business Entities Using AWS WAF and AWS Firewall Manager
As energy group ENGIE migrated assets to the cloud, it needed a scalable security solution. A decentralized organization with hundreds of business entities, ENGIE was hard pressed to standardize its web security. ENGIE turned to Amazon Web Services (AWS) and chose AWS Web Application Firewall (AWS WAF)—which protects web applications and APIs against common web exploits and bots—because it offered a simple solution to set custom, managed security rules and implement them across multiple accounts.
“It’s great to have this kind of flexibility. In a big, decentralized organization, our use of AWS WAF and AWS Firewall Manager helps greatly.”
Network Security Engineer, ENGIE
Securing Assets across a Global Organization
ENGIE is an energy group working to accelerate the transition toward a carbon-neutral world by offering low-carbon energy and services. The group has 450 business entities across 70 countries, each managing its own projects and information technology (IT) assets. When ENGIE began migrating to AWS in 2016, the group provided guidelines for the migration, but each entity ultimately developed its own cloud strategy.
Once on AWS, the team in charge of the project, ENGIE IT by Engie Group Security, wanted an intuitive solution to enforce a company-wide security policy while giving individual teams the flexibility to add security rules as required. The solution would need to cover 2,200 workloads across 51 ENGIE entities. “Our greatest challenge at the group level is to find the correct tool to cover the most assets,” says Samy Khomsi, network security engineer at ENGIE.
ENGIE IT by Engie Group Security was already on AWS, so it could implement AWS WAF without difficulty. “Using AWS WAF helps us quickly propose a set of rules and share them with different entities in our organization,” says Khomsi. “AWS WAF is really simple to use, so it doesn’t take long to start implementing helpful measures.”
Testing and Implementing Security Rules on AWS
In 2020, ENGIE IT by Engie Group Security set up an initial set of AWS WAF security rules. With a panel of developers from various entities, it tested and refined the rules, using advice from AWS Support throughout the implementation. The goal was to find a set of rules covering the most use cases with the least number of false positives.
Once ENGIE IT by Engie Group Security met its goal and finalized its set of rules, it deployed those rules to other entities using AWS Firewall Manager, a security management service that lets security administrators centrally configure and manage firewall rules and security policies across multiple accounts. Each ENGIE entity could then customize its security rules based on the specific use cases of its applications and any specific regional security requirements.
Now using AWS WAF and AWS Firewall Manager, ENGIE IT by Engie Group Security spends less time maintaining security for other entities, and its developers can focus on their main activities. “It helps everyone contribute to the group and publish more services while still staying secure,” says Joël Kisala Kinavuidi, network security engineer at ENGIE.
Keeping an Eye on Security
Through 2021, ENGIE will work to make sure that its web security covers the Open Web Application Security Project Top 10. ENGIE IT by Engie Group Security also keeps an eye on web security by collecting near-real-time log streams from AWS WAF using Amazon Kinesis Data Firehose, which reliably loads streaming data into data lakes, data stores, and analytics services. “Now that we have a base security covered by AWS WAF, the next step is to have visibility,” says Khomsi. “It’s great to have this kind of flexibility. In a big, decentralized organization, our use of AWS WAF and AWS Firewall Manager helps greatly.”
Global energy solutions group ENGIE acts as a reference in low-carbon energy and works to accelerate the transition toward a carbon-neutral world to create a more sustainable future.
Benefits of AWS
- Reduced the time needed for security maintenance
- Scaled security across 51 entities
- Facilitated quick, simple sharing of security rules
- Helped entities establish custom security rules
AWS Services Used
AWS Web Application Firewall (AWS WAF)
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
AWS Firewall Manager
AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.
Amazon Kinesis Data Firehose
Amazon Kinesis Data Firehose is the easiest way to reliably load streaming data into data lakes, data stores, and analytics services.
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.