DEV Community

Madhu Kumar for AWS Community Builders

Posted on

Protecting Employees Using Secure AWS Solutions

What is TMA?

Since 2014, Deutsche Telekom AG (DTAG) has run an employee threat management system internally. Dealing with all kinds of workplace issues and threats, the ultimate aim of the system is to ensure that each employee is treated with dignity and respect and to protect the company and its employees from harm.

Image description

Since data privacy and security are paramount for this project, these aspects are taken into serious consideration when architecting and implementing the solution in AWS:

The points below reflect the services implemented based on the security recommendations and improvements suggested by the AWS Well-Architected Review:

Ruby on Rails as a web-application framework — introduced containerisation using Docker process
Deployments via CodePipeline managed by Elastic Container Service
RDS PostgreSQL for data tier — multi-AZ for high availability and failover support
GitLab (Workbench)/CodePipeline for versioning and CI/CD
SSM Parameter Store for passwords and parameters
Elastic Load Balancing — Application Load Balancer for availability
AWS Key Management Service — encryption for data at rest
AWS Certificate Manager for certificate management
AWS CloudFormation — Infrastructure as Code
Amazon CloudWatch — Monitoring

AWS Architecture — Security design implemented by T-Systems:

Image description

AWS Architecture — CI/CD Pipeline implemented by T-Systems:

Image description

Today, threat management is an integral part of Telekom’s personnel security in Germany. In fact, DTAG is the first company in Europe to employ a professional and firmly established Threat Management Assistant system.
Migrating the TMA system to AWS fulfilled all the business’s requirements, including flexibility, security, increased agility, scalability and improved business continuity. It also accelerated development of new features. Zero downtime deployments and AWS automated solutions contributed to a TMA cloud infrastructure with resulting benefits for operations.


Top comments (0)