Ensuring Compliance and Cost Management with SCP Enforcement in the AWS Control Tower for Navneet Toptech

Industry

IT and Software

Expertise

AWS Control Tower, AWS WAF, Amazon S3, AWS CloudFront, AWS IAM, AWS Systems Manager, Amazon SNS, Amazon RDS, AWS CloudTrail, Amazon EC2

Offerings/Solutions

AWS Control Tower streamlines logging and monitoring with CloudTrail, enforces access restrictions and tagging policies, simplifies account management, ensures compliance with GuardRails, and automates secure landing zone setup.

About the Client

NAVNEET TOPTECH is a leading digital education provider in India, serving over 18,000 schools and 1.5 million students. They empower 75,000 teachers, offer 200,000+ MCQs, and engage 4,000+ active schools in the learning ecosystem.

Highlights

60% to 70%

Enhanced Logging and Monitoring

SCPs enforce regional access restrictions

Effective Access Control

AWS Control Tower

Streamlined Account Management

The Challenge

The customer faced challenges with a multi-account AWS setup, including manual account creation leading to complexity and errors. Ensuring security and compliance posed risks, and tracking actions was difficult without centralized monitoring. Managing expenses for each account individually became challenging.

“Acknowledging the successful project delivery on TopSchool infrastructure for WAFR remediation, Security Hub findings remediation, and SCP policy administration. In collaboration with CT team the security advancements we have achieved on our infra, we can now safely convene on the platform without security concerns. The team has diligently worked to identify and rectify the vulnerabilities, implementing robust measures and industry specific standards. Thanks to the entire team who were involved in the project.”

Shamik Bhattacharya, Navneet Toptech

Solutions

To enhance security and compliance, we implemented AWS Control Tower, ensuring consistent settings across multiple accounts, mitigating misconfigurations, and strengthening overall security by providing a centralized framework.
Implementing AWS SSO to centrally managing user access to multiple AWS accounts and business applications, integrating with existing identity providers, enforcing security measures such as MFA, and providing auditing capabilities, suitable for enterprise environments, compliance adherence, and temporary access provisioning.
AWS Service Control Policies (SCPs) to be implemented for centrally manage and enforce governance, security compliance, cost control, and risk mitigation across multiple AWS accounts within the organization, ensuring consistency, security, and regulatory compliance, leading to improved operational efficiency and reduced risk of unauthorized access or data breaches.
To address the client’s issue of managing multiple bills across various accounts, we recommended implementing AWS Control Tower. This centralized solution streamlines billing processes, enhancing financial management and efficiency for the client’s diverse accounts.
The audit account, designed for security and compliance teams, restricts customer accounts, granting read and write access to all accounts within the organization. It is a vigilant monitoring tool, enabling continuous assessment of activities across the AWS Control Tower environment.

The Results

AWS Control Tower enhances logging and monitoring by integrating with AWS CloudTrail, saving 60% to 70% of the time. It enforces access restrictions, simplifies account creation, meets compliance with GuardRails, and reduces manual work by 80%.

Download the Case Study