AWS Blu Age integrates with the AWS Mainframe Modernization service to expedite the migration of mainframe applications to AWS. The initial step for each migration project involves creating a fresh, isolated and dedicated AWS Blu Insights environment fully managed by the customer. This environment is fortified with a set of security measures and safeguards implemented to protect customers’ uploaded artifacts throughout the entire duration of the project lifecycle.
This fortified environment undergoes regular and rigorous scrutiny through AppSec reviews and penetration tests performed by an independent security team within AWS. This ensures that the security controls and configurations align with AWS security standards’ best practices.
It is also important to mention that AWS Blu Insights does NOT:
AWS Blu Insights is a managed service operating in a multitenant environment meticulously designed with clear-cut boundaries between resources.
These airtight measures suppress any possibility of cross-tenant access and ensure data security through rigorous logical isolation.
The resources you entrust with us remain strictly inaccessible to other tenants.
AWS Blu Insights isolation scheme is rooted in a combination of identity and other sophisticated constructs, prominently featuring Role-Based Acess Control (RBAC).
Our approach revolves around storing comprehensive tenant context for each customer.
This context includes a wide range of information linked with that tenant such as their affiliated database, owned license, accessible features, permitted projects, and more.
The AWS Blu Insights contextual framework integrates seamlessly with the application.
Upon successful authentication, the system promptly provides the application with the instrumental tenant context. It encapsulates the user’s association with a specific tenant and the underpinning policies mandated to ensure strict isolation.
This context flows through downstream components’ interactions and is used to scope access to resource ranging from projects to files and documents.
Each single operation undergoes separate stringent verifications, effectively preventing spoofing and escalation of privilege.
Authorized users get access to AWS Blu Insights through the AWS console using their AWS accounts. When a user seeks access to the service, the email address associated with the request becomes tied to their AWS account.
In scenarios where multiple users share the same AWS account, a distinct isolated environment is generated for each user. This prudent approach ensures the integrity of the operational environment.
The control of individual user rights in the scope of a project rests securely in the hands of the project owners. They can manage these controls by granting fine-grained user permissions tailored to specific actions. Customer data, including pivotal elements like source code files and analysis, can only be accessed by fellow users if those items were specifically shared with them, or if the items have been placed within a shared feature.
AWS Blu Insights offers a flexible data access control system that adapts to your requirements. Project owners take the reins by configuring their personalized access roles, offering the choice of over 50 different permissions. This impressive range of permissions governs all user actions and access levels to specific features and content.
Artifacts uploaded to AWS Blu Insights are secured in transit via TLS encryption and at rest on AWS EFS where they are and encrypted and automatically rotated using AWS KMS, with vigilant monitoring for rotation integrity.
Access to the customer’s EFS folder is fortified at:
Customers exercise full control over their resources. They can:
As an AWS Mainframe Migration managed service, AWS Blu Insights rests on a fortified software stack which undergoes daily scans to detect any vulnerabilities. These scans yield automatic reports, swiftly followed by patch fixes. Uploaded files undergo rigorous antivirus scanning to prevent any malware or virus infiltration.
For pivotal releases, a strict protocol is set in motion involving a mandatory AppSec reviews, often complemented with thorough penetration tests. This meticulous evaluation delves into new features, their architecture, and an updated threat model. These assessments are orchestrated in collaboration with AWS security engineers and third party pentesters. Supplementing these proactive measures, our service team maintains hundreds of automated tests, encompassing numerous security tests.
AWS Blu Insights identifies threats by monitoring the network activity and platform behavior. To fortify this stance, comprehensive log management, audits, and incident response protocols are strictly followed, reflecting industry-leading AWS standards.
Here is a succinct breakdown of our vigilant stance: