AirWalk conducted a series of workshops with Zegal’s infrastructure team as part of a discovery exercise. AirWalk also conducted its own review of the account using read-only credentials, with a deep focus on security in-line with best practice.
Following this, AirWalk created a report which advised on the current gaps in the architecture and the steps required to fix them. This included creating separate AWS accounts for development, test, production and audit log environments while using AWS Organizations to ensure there is a single bill at the end of the month.
The segregation of environments ensured that the production applications remained separated from development. Also, by leveraging repeatability of environments, AirWalk helped Zegal to automate the provisioning of resources for disaster recovery testing and to speed the creation of accurate development environment replicas to provide separate work areas for a growing team of developers. AirWalk identified resilience risks in the existing single-master, KOPS-based Kubernetes deployment and helped move Zegal towards the more managed EKS.
Other services were also made AZ-resilient AirWalk helped Zegal to implement a deployment pipeline to make the deployment of application code to their EKS clusters faster and more reliable.
AirWalk also recommended and implemented CloudTrail for all accounts under the organization for auditing and troubleshooting, feeding logs into a separate audit log account. The use of MFA was promoted to provide an additional layer of security for all developers and administrators of the accounts. AirWalk provided a secure password policy and guided the setting up of a phone app based MFA for all users.