JP Morgan Chase: Independent Security Assurance Using EKS
How a leading Financial Services Organisation securely unlocked Kubernetes in AWS using EKS
JPMC (JPMorgan Chase & Co.) is a global financial services organization and one of the largest banking institutions in the United States. With a rich history spanning over 200 years, JPMC provides a wide range of financial services to millions of customers worldwide, including banking, investments, asset management, and more. The company is known for its commitment to innovation and adopting cutting-edge technologies to deliver exceptional customer experiences.
Independent Security Assurance Using EKS
The JPMC sought to enhance the security of their cloud-native infrastructure by leveraging managed Kubernetes services such as Amazon Elastic Kubernetes Service (EKS). As part of their ambitious plan to scale the use of EKS across their organization, they recognized the critical importance of ensuring the secure configuration of their Kubernetes clusters. To achieve this goal, JPMC contracted ControlPlane, an open-source and cloud-native security consultancy, to provide independent security assurance for their EKS deployment.
Without expert assistance, JPMC faced several challenges in their project:
- Ensuring the secure configuration and management of their EKS clusters at scale.
- Evaluating the suitability of the cluster configuration for the workloads hosted.
- Mitigating the potential risks associated with incorrect configuration, including financial loss and reputational damage.
JPMC, as a financial services organization, faced the challenge of securely configuring and managing their EKS clusters as they scaled their usage of Kubernetes. The potential impact of incorrect configuration posed significant risks, making it crucial to obtain independent security assurance. The specific challenges included:
- Orchestrating fleets of clusters through a central mechanism
- Validating the security of the central cluster fleet management mechanism
- Evaluating the suitability of the cluster configuration for hosted workloads
ControlPlane devised a comprehensive set of solutions to address JPMC’s challenges:
- Orchestrated a series of workshops involving multiple stakeholders from engineering, security architecture, and security operations
- Augmented JPMC’s existing threat models and attack trees with EKS-specific content and cluster fleet management considerations
ControlPlane’s involvement in the project yielded the following outcomes:
- Identification and rectification of flaws in the cluster fleet management mechanism, reducing the likelihood of mass configuration attacks and minimizing the level of risk.
- Increased confidence in the secure configuration and management of the EKS deployment across clusters.
- Mitigation of potential risks and reduction of the impact of incorrect configuration through the implementation of ControlPlane’s findings.
ControlPlane’s expertise in cloud-native security and their ability to provide independent security assurance allowed JPMC to successfully achieve a secure and well-managed EKS deployment, safeguarding their sensitive financial services infrastructure.