Decisiv Upgrades AWS Cloud Security with Automation and Encryption

Executive Summary

Decisiv is a leading organization in the commercial vehicle space that provides applications, data tools, and a robust platform for optimizing asset service management. The Decisiv ecosystem has enabled nearly 27 million service events to date and currently supports over 7 million assets in operation. Furthermore, Decisiv facilitates access to more than 5,000 service locations and promotes higher uptime, increased efficiency, and fewer repeat repair jobs.

After working with ClearScale on two previous cloud projects (a data management project and a cloud infrastructure upgrade), Decisiv decided to partner with the team once again on a security initiative. As an AWS Premier Tier Services partner with extensive cloud security experience, ClearScale helped Decisiv make important updates based on findings from a comprehensive security posture assessment, leading to better compliance and protection against cyber threats.

The Challenge

Decisiv was looking to remediate security risks across its cloud infrastructure. The company’s customer base and service utilization were growing quickly, which meant any security mishaps would have a major impact on business outcomes. Given this risk, Decisiv decided to contract AWS to deliver a full security assessment of its AWS implementation.

AWS team members conducted interviews with Decisiv personnel and used configuration scanning tools to evaluate the client’s security posture. This evaluation resulted in a Security Assessment Report with tailored recommendations on how Decisiv could improve security performance. The company’s leadership team decided to move forward accordingly.

The first change the internal IT team wanted to make involved encrypting certain AWS resources, including Amazon S3, Amazon RDS, Amazon Redshift, Amazon EBS, and AWS Storage Gateway. The initial security configuration across these services was inconsistent, and any changes would need to administer proper access controls between multiple AWS accounts. Decisiv also wanted to update access controls for API calls.

Furthermore, Decisiv hoped to minimize downtime and ensure reliability for the services that required encryption. This was especially important for the AWS Storage Gateway deployment, as it used EBS volumes for an internal time server.

Given the scope and critical nature of the project, Decisiv decided to hire ClearScale again to implement security upgrades and fixes for 30 AWS accounts. The high-level goal of the project was to complete a major security posture upgrade to bring the AWS environment in alignment with AWS security best practices, as well as the CIS AWS Foundations Benchmark standard.

The ClearScale Solution

ClearScale’s first objective was to design a new architecture for AWS Key Management Services (KMS) multi-region key management. This included creating a separate account dedicated to key management, as well as coming up with policies tailored to particular accounts and individual services.

Concurrently, ClearScale prepared automation solutions for Amazon RDS and Amazon EBS. The team produced the AWS Systems Manager (SSM) documents that created encrypted copies of initial resources. For Amazon S3, ClearScale used batch operations and provided documentation in the form of video tutorials to ensure Decisiv’s internal users could use the automation tools correctly.

For performance-sensitive migrations involved in the security upgrade, ClearScale coordinated with Decisiv engineers to make sure that everything was completed correctly and on time. Migrations were executed by engineers on both sides.

The Benefits

With ClearScale’s help, Decisiv was able to increase compliance within its AWS ecosystem and encrypt essential resources. Additionally, Decisiv gained more control over encryption across its multi-account environment. All migrations were executed within the proposed time frames and didn’t affect day-to-day operations.

Moreover, ClearScale made sure to optimize costs along the way, which was particularly relevant on the S3 encryption front due to the scale of Decisiv’s utilization of the service. Decisiv also gained automation tools for performing encryption operations internally.

With the new and improved security posture, Decisiv is well-positioned to maintain its position as an industry leader in the commercial vehicle service and asset management space. As the organization continues to grow, its AWS environment will remain secure and compliant, reducing areas of risk that could otherwise hurt the company’s ability to deliver exceptional services.