Supporting the Heart Foundation on their Cloud Migration Journey

Enhancing cybersecurity capability and providing Cloud Security expertise.

VISION

Heart Foundation is New Zealand’s heart charity leading the fight against the country’s biggest killer – heart disease. Their vision was to create an efficient and secure environment, leveraging Amazon Web Services to deploy their variety of websites that support multiple business areas.

Over the years, multiple initiatives leveraging distinct platforms have been developed, leading to bespoke and unsupported solutions that requireD significant resources from the business to keep them operational.

The ultimate goal was to provide an environment that enables multiple application vendors to deliver their solutions following well-documented interfaces to deploy applications while inheriting security controls and cloud governance from Heart Foundation’s platform.

OUR APPROACH

Leveraging DEFEND’s Cybersecurity Transformation Service (CTS), Heart Foundation initiated its Cloud Migration Journey by assessing its cybersecurity maturity. DEFEND helped Heart Foundation by providing an outside view that aligned its target state with an industry-recognised framework. While enhancing Heart Foundation’s cybersecurity capability, DEFEND provided Cloud Security Specialists expertise, DEFEND’s Intellectual Property and proactive thought leadership by advising on Cloud Security Governance, Policy and Standards, Incident Management and Compliance.

Once strategic goals and objectives were defined in alignment with the overarching Cybersecurity Program led by DEFEND’s CSO capability.

Our Professional Service Team started developing the Reference Architecture documents required to drive the implementation of an AWS Landing Zone, which is a multi-account environment with Security Controls and Guard-rails to enable developers to innovate at a fast pace without compromising security and governance aspects.

The AWS Landing infrastructure setup streamlines security, compliance, and governance controls, allowing developers to focus on innovation whilst reducing the operational overhead and accelerating development cycles, collaboration and confidence in the cloud deployment process.

After the AWS Landing Zone deployment, DEFEND engaged with Heart Foundation to assist with re-platforming their applications to leverage containers and Amazon Elastic Container Service (ECS) Fargate. Containers provide a lightweight and portable way to package applications and their dependencies, ensuring consistency across different environments. This approach allowed a better development workflow, allowing developers to bring their applications into the AWS Landing Zone with agility and efficiency while keeping a low management overhead.

HEART FOUNDATION’S OUTCOME

Governance and Compliance

Heart Foundation was able to establish guard rails and security controls across all the workloads within the AWS Landing Zone, without compromising agility and innovation by offering a standard mechanism for onboarding applications to their cloud platform.

Platform standards

By creating a framework leveraging cloud native practices, Heart Foundation could present a common interface to deploy containerised applications via its integrated CI/CD pipeline without relying on manual interventions while reducing administrative tasks related to patching and virtual machine management.

Security

Leveraging AWS native tooling and Infrastructure as Code with Terraform the Heart Foundation’s environment limits changes via pull requests allowing for traceability, visibility and control. All egress network traffic is controlled and a centralised logging solution helps with the environment monitoring and incident handling and investigation.

Cost optimisation

The entire Cloud Journey was based on AWS Cloud Adopt Framework (CAF) and on multiple occasions, DEFEND engaged with AWS Solution Architects to perform a Well-architected review of Heart Foundation’s Landing Zone following all pillars including cost optimisation. Workloads are scaled based on demand and frequently reviewed to ensure appropriate resource allocation. DEFEND also helped with planning the reserved instance capacity for RDS in order to achieve cost efficiency.