Security Architecture Support to a Government Client

How a Government client developed a secure by design Kubernetes platform to support payments and identity applications
Security Architecture Support to a Government Client

About the client

The client had a requirement for two public-facing systems, implemented by a development partner:

  • a central payments platform to enable public sector organisations to make secure payments to payees
  • an identity platform to enable users to securely sign in and prove their identity to a variety of public services

AWS and Kubernetes Security Architecture

ControlPlane was engaged by the client’s chosen implementation and development partner to provide security architecture and threat modelling services during development of the Kubernetes-based common platform, and through-life security support to the running applications.

Challenges

The client faced the following challenges:

  • limited insights of the required security controls for each delivery phase, necessitating assistance from container and Kubernetes security experts
  • the customer lacked an understanding of potential threat actors targeting the organisation and the most probable attack paths

Solutions

ControlPlane helped the client in the following ways:

  • Development of a comprehensive threat model to identify and assess potential security risks at every phase of the project.
  • Close Collaboration with the development teams to refine security stories, translating them into actionable security controls within each agile sprint.
  • Regular presentations to key stakeholders with the threat model and the corresponding security controls for important milestones, fostering transparency and understanding.
  • Supporting the client’s compliance goals by aligning each security control with established industry standards such as NIST, OWASP, and CIS.

Business outcomes

The customer successfully established secure and robust payments and identity platforms, enabling business goals to be met with robust security standards maintained. ControlPlane’s threat model-driven approach, collaboration with development teams, stakeholder communication, and adherence to industry best practices ensured the projects’ overall success.

Similar case studies

Featured Image

Lloyds Banking Group: Container Security Maturity Model

How a financial institution assessed and improved their container security posture
Featured Image

The Linux Foundation: Authoring the Kubernetes and Cloud Native Security Associate (KCSA) Exam

How the world’s leading open source organisation developed a new certification for the next generation of Cloud Native security professionals
Featured Image

Citigroup: Continuous Secure Ingestion for OSS Software Packages

How a multinational bank implemented automated provenance verification of over three million external packages