Experian Uses Automatic Remediation on AWS Config to Maintain a Secure Cloud Environment

Experian uses technology and innovation to help modernize the credit reporting industry and satisfy the near-real-time data demands of consumers and businesses. To do this, the company had been operating many different cloud environments across multiple business units to afford its internal teams and customers the flexibility to customize functionality within their own environments. The result was having to manage security alerts across multiple environments. Experian’s global security team found itself spending its time remedying symptoms instead of the root cause of its security alerts. “The question became ‘How can we best give our clients the tools that provide them flexibility in their environments’ functionality without compromising security?’” says Neil Boulter, global director of application security for Experian.

Experian needed a solution that could help prevent security alerts by keeping all its cloud environments in a continual state of compliance and automatically take care of residual security alerts in near real time. “Standardizing our tooling and functional use cases would give our clients a single, more unified view from an application and a functional perspective, and that’s where AWS came in with the ideal services to support us in realizing that vision,” says Boulter.

Experian made the decision to automate and standardize its cloud environments by implementing AWS-native security tools in March 2020, and it deployed its first environments within this centralized structure in July. Experian decided to use AWS-native security tools for the practicality of building on top of its existing cloud infrastructure, which uses Amazon Simple Storage Service (Amazon S3)—an object storage service that offers industry-leading scalability, data availability, security, and performance—among other AWS services. Using AWS-native security tools removed layers of management and maintenance for Experian as well as the need to abstract third-party tools.

Experian deployed the new security solution built using AWS in its centralized cloud environment called Experian Express Cloud (EEC). This deployment delivered automatic remediation of misconfigurations throughout all the EEC-linked accounts. To accomplish this, Experian used AWS CloudFormation, which lets users model, provision, and manage AWS and third-party resources by treating infrastructure as code. “At Experian, cloud security has been at the forefront for keeping our cloud environments compliant with enterprise standards,” says Vinay Rudrappa, director of cloud engineering services. “Enterprise cloud environments that are managed through automated policy-driven governance drive best practices in cloud operations, cloud financial management, and cloud security compliance,” says Reuben Landge, cloud security architect at Experian. So far, Experian has applied standardized security controls to over 400 of its accounts, and the number is continually growing.

Experian now has near-real-time visibility and automatic remediation of its cloud environments through AWS Config and AWS Lambda—a serverless, event-driven compute service that lets developers run code for virtually any type of application or backend service without provisioning or managing servers. By setting up AWS Lambda to automatically respond to real-time alerts from AWS Config, Experian has simplified the assessing, auditing, and remediating of its cloud resources to maintain desired configurations, which in turn simplifies cloud management and operational troubleshooting. The company has also built flexibility for its internal teams and clients into its automatic remediation by creating an exception process to policy enforcements. It uses AWS Systems Manager—a secure, complete management solution for hybrid cloud environments—to gain detailed information about the account when misconfigurations trigger a security alert.

Since Experian’s implementation of AWS tools and its environment standardization, its cloud security teams have been able to remain flexible and innovative. “Using AWS Config, we can automatically change the configurations that need remediation, so our teams can focus on applications and servicing their customers,” says Landge. By using AWS Config, Experian enjoys visibility and can correct misconfiguration in 2–5 minutes, compared to 24 hours using third-party tools.

By applying standardized cloud infrastructure, Experian decreased the number of security alerts in its Amazon S3 buckets by 80 percent from June to August 2021. Additionally, after implementing queue encryption remediation through Amazon Simple Queue Service (Amazon SQS)—a fully managed message queuing service—in October 2021, Experian saw an 80 percent reduction in alerts. This standardization has also made it simpler and faster for the company to spin up new environments and apply changes across existing ones, increasing scalability. The modularity of the security solution means Experian can reuse components and automate aspects of development, which saves engineers time.

Experian expects to see a continued decrease in security alerts, including a 27 percent reduction of alerts across EEC accounts within 1 month. Deploying AWS-native security tools across standardized cloud environments gives the company the ability to maintain the flexibility it likes to offer its customers while freeing Experian’s cloud security teams from constant manual remediation of alerts. “We can now go to our teams and say, ‘Here is a tool that can help you not only manage these alerts but also immediately reduce the number of alerts in your account by 80 percent,’” says Landge.