About HSA

Hydraulic Seals Australia (HSA) leads the hydraulic seals market in providing custom-engineered and OEM hydraulic components. With manufacturing and warehouses located in Melbourne West, Melbourne East, Sydney, Newcastle and Brisbane, HSA provides quality products along with highly trained professionals, each employee working directly with the customer from procurement to delivery and inventory management.

Drivers to the Cloud

HSA has been with WOLK for some time and as such has matured it’s use of AWS services along the way. Originally HSA was running an end of life on-premise server solution which was extremely noisy and caused a disturbance to the workplace to the point where people no longer wanted to sit in the office. After experiencing numerous problems with this ageing solution due to ageing hardware and software, HSA decided to look for an alternative solution to overcome the challenges.

Before moving to WOLK, HSA decided to abandon their physical servers and move to a private hosting solution, belonging to a third-party private vendor. But with the provider failing to address the company needs and not being able to deliver the demand, HSA was facing new problems. There were multiple issues relating to the underlying hardware and configuration used by the vendor – oversubscription, slows and extended periods of outages ranging in days rather than hours or minutes were very common.

“We were exhausted by the constant issues we had to deal with relating to the third-party who hosted the servers for the company” said Kelly Barrett, HSA. “WOLK technology brought us hope and faith that we could overcome these issues by moving to AWS” she further stated.

Why Amazon Web Services (AWS)

With the disappointing experience of on-site and private cloud server offerings, HSA was looking for a reliable, agile solution that could cater for their growing requirements without the huge capital outlay.

Being the world’s biggest and most reliable public cloud provider, moving to AWS gave HSA a lot of certainty that their data would be safe. There would not be capacity or speed issues and all branches would have the same experience when using shared company resources.

HSA had big growth plans and needed a solution that could scale with them, while being able to stay within budget.

The Benefits of Working with AWS and WOLK Technology – an AWS Advanced consulting partner

HSA had been through a rough time with regards to their IT environment and needed a robust, performant solution that would not break the bank and could grow with them. WOLK understood the customer needs, especially the desire to be able to launch new branches with minimal fuss so WOLK implemented an EUC (End User Compute) environment for HSA to meet their needs. Because of external factors, there was a very small time window during which WOLK managed to successfully migrate HSA from their old private cloud hosting facility to AWS.

Previously, HSA had regularly experienced slows when someone at the branch level uploaded files or synchronized their Documents or Photos from their local machine to the server. There were also a couple of incidents relating to lost files, file corruption and or virus related damage that goes hand in hand with the threat of losing a device with confidential company data on it. Moving all compute resources to the cloud and keeping the data secure meant that the endpoint devices no longer had an influence on the user experience. We removed the need for endpoint devices to contain any data and we removed the need for a VPN between branches – this has significantly improved the customer’s security posture. Backups are automated, data is encrypted, users are kept away from data and the payroll system and data is no longer on shared resources.

WOLK provide our customers with a simple per user cost for usage and support, providing the customer with an easy to calculate growth path. HSA recently opened a new branch in Melbourne which was made very simple thanks to their scalable AWS environment. The IT / communication part of this go-live took mere minutes. WOLK pre-ordered an NBN connection, supplied the needed equipment for the new branch and configured the Firewall to use a 4g connection until the NBN went live, allowing the branch to start trading as soon as they were granted occupancy of the building.

During periods where access to the office is restricted, staff have the option of working from home with the same efficiency as working from the office, even if using BYOD home grade equipment. The ease of switching from office based to remote working is one of the key advantages to having a cloud native end user compute solution.

So what did WOLK do for HSA?

Due to time constraints and the technology stack already in place, WOLK migrated HSA to AWS using a lift-and-shift method from the private cloud hosting facility. This was partly done to reduce pushback from users by completely changing the technology they used as the users were reluctant to change. There was no time to retrain staff at that point as they had only just learned how to use the previous systems. We implemented a classic Microsoft Terminal Server environment and migrated all users across all branches over to the new infrastructure – going offline on a Friday afternoon and being live on the new systems on the Monday at 9am. This also included an Office 365 migration at the same time.

HSA used this system for several years, slowly adding more and more services to the mix as they grew and matured within the AWS portfolio. A need arose to keep the payroll system completely isolated from the rest of the shared systems due to incompatibility with software versions, so we implemented Workspaces for that purpose and the rest of the users continued to use the Terminal Services environment and it worked really well.

The time came to think about modernizing again, based partly on the age of the operating systems used in various parts of the infrastructure and changes in Microsoft licensing. It was clear that the best option at this point was to move all users to Workspaces and remove the ageing Terminal servers.

As prescribed by the Well Architected Framework, we conducted a Well Architected Review with HSA’s new GM and modernized all components of their environment. This means that every component is now once again under Microsoft support, is modern and the account as a whole has had a refreshed look at security and compliance. This is something we look at as part of our managed services ongoing, but taking the time and reassessing with the client (especially if there is new management) by conducting a Well Architected Review is key.

Technologies used within this environment include but are not limited to:

– Organizations
– Cloudformation
– EC2
– Config
– GuardDuty
– Secrets Manager
– Systems Manager
– Workspaces
– FSx
– Lambda
– Route 53
– Cloudfront
– S3
– Cloudtrail
– Cloudwatch
– Backup

In the SMB segment it is also prudent to understand that sometimes there are valid business reasons why clients use certain technologies and not others. For example, using a SQL server hosted on EC2 is perfectly fine if the customer is using a line of business system that needs features that are simply not available when using an RDS solution.

About Deaf Services(DS)

Deaf Services (DS) is the prominent service provider for the Deaf and hard of hearing community with a focus on community and empowerment. Deaf Services are a not-for-profit organisation working with the community to enhance services and programs that benefit Deaf and hard of hearing adults and children across Australia. Deaf Services provide a broad range of services including ageing support, lifestyle support, community integration, child education, interpreting and sign language education.

Why Amazon Web Services (AWS)

Deaf Services host several workloads on AWS and when it came time to implement an EUC (End User Compute) environment it made sense to build that on AWS. Deaf Services implemented an EUC solution using Amazon Workspaces for roughly 180 members of staff to be able to work remotely. The solution was rapidly implemented and for the most part was working really well.

Overview of the challenge

There were a few challenges that lead to DS working with WOLK Technology on a AWS Well Architected Review. For DS the main challenges were a lack of visibility of the state of the Workspaces, users complaining of slow login times and a blown out budget.

What is AWS Well Architected

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.

The AWS Well-Architected Framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. By answering a set of foundational questions, you learn how well your architecture aligns with cloud best practices and are provided guidance for making improvements.

The Benefits of Working with AWS and WOLK Technology – an AWS Advanced consulting partner and “Amazon EC2 for Microsoft Windows” Solution Provider

WOLK worked with DS on a Well Architected Review with a particular focus on the Cost pillar. Through account visualisation and the Well Architected Review process we analysed the environment, customer needs and costs. We noticed that most staff worked more than 2 hours per day on average and some staff complained of connectivity issues in the mornings.

WOLK changed the running mode of the Workspaces fleet from “Auto-Stop” to “Always On” which gives DS a fixed monthly cost which helps with cost planning and analysis. “Auto-Stop” is great for users who work only a few hours at a time, giving a small monthly cost with a small hourly charge. If the service is used more regularly the hourly costs aggregate and eventually cost more than an “Always On” solution would, with fixed monthly costs.

WOLK then implemented a daily restart of the Workspaces instances, greatly reducing the number of issues the users were experiencing upon login. Combining the “Always On” option with a daily restart meant that the users had a much quicker login experience than before, saving an estimated 3 to 4 minutes per user per day. With 180+ users that very quickly adds up to a lot of wasted time waiting.

Moving DS from “Auto-Stop” to “Always On” and implementing the changes listed above saved DS roughly $4 000 per month in direct AWS usage costs and a further conservative estimate of $9000 in lost productivity savings.

WOLK implemented a 3rd party monitoring solution for the Deaf Services internal IT helpdesk to monitor the health of the EUC fleet, giving the IT helpdesk the power to rapidly see and fix issues before being contacted by end users.

WOLK also supplied DS with a dashboard which shows their compliance with the Well Architected standards from an account level while giving a daily snapshot of predicted vs actual vs budget cost.

Using Amazon Workspaces has been a great benefit for DS staff working from home during the Covid pandemic. Going forward DS believes that productivity will be maintained as they transition back into a more traditional / hybrid workplace as they know that the majority of staff will never return to the office.

So what did WOLK do for DS?

DS already had an AWS account with a production workload. Due to urgent work from home demands DS had created ~180 Workspaces to enable their users to continue functioning. For the most part this was a easy and smooth project and it was deemed a success.

The DS servicedesk were getting a fair amount of tickets and user complaints due to slows and unresponsive Workspaces instances. DS contacted WOLK to help, we recommended that we conduct a Well Architected Review.

WOLK found that the majority of issues came from users trying to log on in the morning, then having issues and slows due to Workspaces and applications resuming. WOLK implemented several changes to the Workspaces workload, first was to change all users from auto-stop to always on. This reduced the wait time in the mornings where users had to wait for their Workspaces instance to come alive. We also introduced a daily restart of the Workspaces instances which took care of slows caused by users never restarting their instances.

Lastly, WOLK gave DS a monitoring solution that checks the health of the individual Workspaces and displays it on a custom dashboard that the support staff can display in the office or in a browser. The result being that the servicedesk could resolve issues on unresponsive Workspaces before the users report them. Combining the time saved when logging on with the time saved by multiple users having non-responsive Workspaces each morning is where the productivity savings are realized.

Technologies used within this environment include but are not limited to:

– Organizations
– Cloudformation
– EC2
– Config
– GuardDuty
– Secrets Manager
– Systems Manager
– Workspaces
– FSx
– Lambda
– Route 53
– Cloudfront
– S3
– Cloudtrail
– Cloudwatch
– Backup
– Direct Connect

About The LOTE Agency

The LOTE Agency is a multicultural marketing agency that serves advertising needs for multicultural companies in helping them to deliver their message, product or brand to multicultural audiences. The LOTE Agency not only uses the best professional level translators available to translate the message and produce multilingual campaign materials, but also helps in effectively targeting a greater audience.

“While providing a range of advertising and marketing services like advertisements, brochures, corporate videos, research, planning and strategy to digital marketing production and delivery, The LOTE Agency serves the non-English Australian community including employers, advertising agencies and marketing professionals wishing to communicate with audiences from diverse cultural backgrounds.”

Drivers to the Cloud

The biggest influence for LOTE to move to a cloud-based platform was that their on-premises hardware was nearing end of life. An unexpected hardware failure nudged them towards a new solution slightly earlier than anticipated. “It was clear that we needed something more reliable than an on-site server”, spoke Peta Reynolds – Project Manager of The LOTE Agency about the disappointing experience caused by the server failure. The team have started realizing the significant limitations and challenges in cost, performance, and agility caused by the on-premise hosted server by the time this incident occurred.

The anticipation of the needs of its growing customer base was also one of the reasons that drove the company to move to the cloud.

Among many of the other drivers to the cloud, the security of data was a major concern with the rise of malicious attacks and crypto-style events. Having the data securely in an encrypted and secure cloud system removed the burden of further securing the physical office environment. The LOTE Agency now has all data encrypted at rest, all backups are encrypted and kept safe for as long as they require.

Why Amazon Web Services (AWS)

LOTE has been considering moving to AWS even before the server failure took place as they have been realizing the challenges and potential pitfalls that are inherent with on-premise servers. Without a remote solution and all the software running on that sever required staff to be located in the same physical location. AWS provides the ability to migrate from a normal workstation to a graphics workstation in a matter of minutes. This has been of benefit to LOTE as their needs change.

One of the other primary concerns for LOTE when contemplating the move to the cloud was the security. Data security being one of the main pillars of the Well Architected Framework, it is guaranteed that the data is stored more securely in their AWS tenant than in an on-premises server.

With AWS, the company exploits a scalable, reliable, and secure worldwide computing infrastructure, the virtual backbone of Amazon.com’s multi-billion-dollar online business that has been sharpened for over a decade. On the other hand, they can also scale up or down the computing resources according to business demand and requirements. Deploying new Workspaces or servers as well as the reduction of superfluous resources are instantly attainable.

The Benefits of Working with AWS and WOLK Technology – an AWS Advanced consulting partner and “Amazon EC2 for Microsoft Windows” Solution Provider

Moving to AWS has given LOTE the ability to go global, as it doesn’t require a specific location for staff members, In fact, they can work from anywhere in the world by logging into their own Workspaces environment. This has given the benefits and the capability to work globally despite the difficulties with doing so. Ash, Client Services Manager at The LOTE Agency, especially finds it convenient and easy as he can access the platform from anywhere with lower latency than before and also enjoys a better user experience. Moving to Workspaces has reduced the expenses on hardware – the company could cut down the expenditure on installation, configuration, and maintenance of high end graphics workstations and the on-premise servers including power costs, physical security concerns and cooling.

Looking Forward

The LOTE Agency keeps on propelling themselves to new heights while working closely with WOLK Technology, the organization intends to incorporate more AWS services into the platform.

The LOTE Agency now also has the ability to properly budget for tenders that they choose to bid for, having a fixed cost per employee or contractor, safe in the knowledge that the customer data never leaves the LOTE environment and when the tender ends, they no longer pay for those resources. A whole new way of working has opened up to LOTE, with the ability to engage staff or contractors from anywhere and at a moment’s notice. Applying for tenders that have extraneous security requirements is now also a lot easier – when completing the tenders they can now tick every box when it comes to security – “where is the data”, “how is the data stored, is it encrypted” or “who has access to the data” etc. Moving to AWS has given LOTE a solid security posture which really works in their favour when it comes to those security conscious customers.

So what did WOLK do for LOTE?

Due to hardware failure, WOLK lent LOTE some hardware thus time was a big factor in this migration so we fast-tracked the project and got all LOTE’s data synchronized and had the users working on AWS within a week. This was a pretty standard migration project for WOLK and fits our normal mold for Modern End User Compute.

WOLK conducted a Well Architected Review with LOTE. LOTE learned a lot about AWS and terms like RTO and RPO which was a fun process which added value to their business.

Moving to AWS and Workspaces has allowed LOTE predictable ongoing costs and an easy process for adding extra staff. Since moving to Workspaces LOTE has grown from an initial 4 users to over 25 users and still growing. These users are no longer restricted to a geographic location which means that there are far reaching implications for LOTE being able to employ people in the locations they physically need to work..

Technologies used within this environment include but are not limited to:

– Organizations
– Cloudformation
– EC2
– Config
– GuardDuty
– Secrets Manager
– Systems Manager
– Workspaces
– Lambda
– S3
– Cloudtrail
– Cloudwatch
– Backup

About Northwest Investments(NWI)

Northwest Investments Pty Ltd (NWI) owns and operates a number of Quick Service Restaurants throughout Australia. NWI have a head office located in Melbourne and run a Payroll system called Accrivia.

Drivers to the Cloud

NWI was running an old Microsoft Small Business Server in their head office location. The hardware was end of life and the operating system were no longer supported. Connectivity for remote staff was also an issue with store managers needing to log into the central system to submit data. Slows due to the NBN connection caused severe issues for remote staff trying to connect back to on-premise resources.

Accrivia (Payroll system) is a WOLK partner and always recommend AWS and WOLK as their preferred cloud offering. This is where NWI and WOLK started their journey to the cloud. NWI wanted a system that was up to date, easy to use and allowed their remote staff better access to their systems while also keeping user familiarity with the current systems as a priority to reduce user pushback.

“We needed to replace our aging hardware and considered several solutions and providers, the recommendation from Accrivia and the fact that WOLK supply services for a number of other similar franchisees made the decision easy” said Diana Earp, NWI.

Why Amazon Web Services (AWS)

NWI needed to replace their old server infrastructure and decided that cloud was the answer. As always, using a proven system is the easiest route to guaranteed success and WOLK had proven that it can provide solutions to other Accrivia customers, hosted on AWS.

Being the world’s biggest and most reliable public cloud provider, moving to AWS gave NWI a lot of certainty that their data would be safe. There would not be capacity or speed issues and all staff would have the same experience when using shared company resources.

WOLK implemented a new firewall appliance with failover to 4g at the NWI head office, which meant that the normal blocker of “what if my internet goes down” was negated very easily.

The Benefits of Working with AWS and WOLK Technology – an AWS Advanced consulting partner and “Amazon EC2 for Microsoft Windows” Solution Provider

NWI had been working with another Managed Service Provider (MSP) for the on-premise server who made things a lot easier for WOLK to transition NWI to the cloud. Moving all of NWI’s IT resources to WOLK meant that WOLK turned into their single point of contact for all their IT needs.

There was no longer a need for a VPN or insecure RDP connections to an unsupported Remote Desktop server. WOLK initially implemented a modern and secure Microsoft Remote Desktop solution which meant that everyone had access to everything they needed to do their job and meant that the store managers could be more efficient all while keeping the way they worked very similar to before.

WOLK provided a very straightforward solution, which includes the EUC environment, File shares, Office applications, Payroll system and their Legacy apps. With a baseline cost, every additional user cost can be easily calculated to allow for planning.

Most of the office-based staff now work from home and only occasionally go into the office. This is only possible because staff can now work from home with the same efficiency as working from the office, even if using BYOD home grade equipment. The ease of switching from office based to remote working is one of the key advantages to having a cloud native end user compute solution.

So what did WOLK do for NWI?

Due to time constraints and the technology stack already in place, WOLK migrated NWI to AWS using a lift-and-shift method from the on-premise server to reduce pushback by users when completely changing the technology they used. We were told that staff were very resistant to change and they are used to the previous / old systems. We implemented a classic Microsoft Terminal Server environment and migrated all users to the new infrastructure over a 48 hour period.

NWI used this system for about 12 months, but a change in Microsoft licensing forced a rethink of the environment and NWI agreed to move to Workspaces.

WOLK conducted a Well Architected Review with NWI. The result being that every component is compliant with the new Microsoft licensing terms and the account is in the best state possible. Going through the process of a review with the client highlights the reasons behind some of the recommendations we were making and the client learnt a lot along the way. Engraining the Well Architected principles into everything we do adds real value to clients.

Technologies used within this environment include but are not limited to:

– Organizations
– Cloudformation
– EC2
– Config
– GuardDuty
– Secrets Manager
– Systems Manager
– Workspaces
– FSx
– Lambda
– Route 53
– S3
– Cloudtrail
– Cloudwatch
– Backup

Failure Management and AWS: How to Withstand and Repair Problems

Every system will encounter problems and occasionally fail. What makes a system reliable is its ability to react quickly and efficiently to failures.

The goal is to create a workload that automatically returns to a standard operating level without creating a disruption.

Architecting for Resiliency
Resiliency is the ability to bounce back from failure, overload, or attack. The Well-Architected Framework has five best practices to ensure your workload is as resilient as possible.

Monitor All Components
Design automatic systems that monitor every aspect of your workload continuously. Determine key performance indicators (KPIs) based on your business goals, not your systems’ requirements. When the system notices a KPI breach, it can fix the failure.

You can also set monitoring systems to detect degradation, which lets you know that a failure is likely. Your automated systems can also take action to prevent the looming failure.

Keep Healthy Resources Separate
Instead of using a single workload, set up several smaller ones. Ensure that if a particular system fails, other healthy resources can continue to handle requests.

For essential services like location, create backup systems that can fail over to healthy resources. If you’re using AWS systems, they will automatically activate to ensure your healthy systems can keep working.

Automate Healing
It takes time for a team member to receive a notification, learn about the problem, and determine a plan of action. Instead, create automatic services that can fix failures quickly.

Consider utilising AWS systems, like Auto Scaling and EC2 Automatic Recovery, to help your system repair itself.

Static Stability Prevents Bimodal Behaviour
A workload is exhibiting bimodal behaviour when it acts differently under standard and failure modes. Design your workloads with static stability in mind, testing to ensure they always react the same way.

You also should not allow clients to avoid your workload’s cache even in a cascade failure, because it creates bimodal behaviour.

Have every automated system send the relevant team member a notification when a system is nearing failure or has failed. You also want teams notified when your systems detect a problem that will affect availability.

Well-Architected Review
If you’re struggling to make your systems reliable, WOLK, an experienced AWS Partner, is authorised to perform a Well-Architected Review.

Through the review, WOLK can identify high-risk items and any areas that are low in compliance with the Framework. The team can then mitigate the problems, ensuring your systems are reliable and resilient.

The 5 Design Principles for Cost Optimisation Using AWS

WOLK is a leading partner of AWS Well-Architected Framework and is certified to perform reviews that identify weaknesses in your cloud-based system.

The five pillars of AWS include operational excellence, security, reliability, performance efficiency and cost optimisation.

Cost optimisation is an ongoing process built on cost-aware workloads targeted to maximise investment while minimising costs. There are five design principles to keep in mind when seeking to optimise costs with AWS.

Five Design Principles

1. Implement cloud financial management
It is essential to invest resources in building capability in the technological domain of the cloud. That means investing in knowledge building programs and resources to become cost-efficient in Cloud Financial Management.

2. Adopt a consumption model
Pay only for the resources you use and target your usage to only what is necessary. Stopping resources during non-business hours can save up to 75% of the regular cost per week.

3. Measure overall efficiency
This information allows you to understand where you gain value when you reduce costs. Track the output of the workload and delivery costs using AWS.

4. Stop spending money on undifferentiated heavy lifting
This design principle allows you to focus on your customers instead of the software. AWS takes care of your data centre operations and removes the responsibility of using managed services for your systems and applications.

5. Analyse and attribute expenditure
To maximise your resources while reducing costs, you can accurately measure the value and use of workloads using the cloud.

Practising Cloud Financial Management

Cloud Financial Management allows you to realise your business value and optimise your costs. Best practices for CFM include:

● Functional ownership
The function can refer to a team or individual who is responsible for maintaining a culture of cost awareness. This group spends a designated percentage of time attending to cost optimisation activity.

● Finance and technology partnership
A relationship must be formed between essential finance and technology personnel to understand the financial goals of the company. This partnership is critical to tracking real-time cost and usage and developing a standard operating procedure.

● Cloud budgets and forecasts
There is high variability in cloud cost and usage amounts based on user activity. Budgets must be adjusted, and forecasts created using an algorithm to allow for this variance in the predictions.

● Cost-aware processes
Cost aware processes need adapting into organisation protocol, and training administered continuously.

● Cost-aware culture
By making information about cost optimisation available to individuals across teams (like a publicly visible dashboard), the workplace culture can adapt a cost-aware mindset. The directive should come from the top down and is achievable through a rewards-based training system for employees.

● Quantify business value delivered through cost optimisation
Don’t just report savings from cost optimisation, but quantify the additional value obtained. Quantifying business value makes it possible to identify the return on your investments.

Schedule a Review

If you’re interested in finding out how you can optimise your costs with AWS, schedule a review with WOLK. WOLK is a leading partner of AWS Well-Architected Framework and offers a service credit that covers the majority of expenses when working through your high-risk areas during remediation.

4 AWS Best Practices For Improving Performance

The AWS Well-Architected Framework allows you to implement designs consistently and examine architectures that can grow and change with your business. The framework is built on five pillars. Each pillar has best practices recommended by AWS to help you create an efficient and successful workload.

The Performance Efficiency Pillar
The Performance Efficiency pillar of the AWS Well-Architected Framework focuses on using resources efficiently to support your cloud-based system and uphold that efficiency level as demand changes.

4 Best Practices
Within the Performance Efficiency pillar, there are four best practices to guide you in your system development.

1. Selection
It’s important to select the best performing architecture for your cloud-based systems. A well-architected workload incorporates various solutions because their differing features can enhance the system’s performance efficiency. A crucial part of the selection process is choosing the best resources.

Compute resources for AWS come in three forms: instances, functions, and containers. When making choices about your compute resources, you’ll need to use your knowledge of workload and cost requirements. Since resource selections in the cloud are flexible, you can experiment with your selections.

Storage is another key selection you’ll make as part of your AWS performance efficiency. Choose between object, block, and file storage in the cloud depending on your system requirements.

With AWS, you’ll also choose your database. Different kinds of cloud databases remedy issues present in your workload. Once you identify the specific problems in your workload, you can select the database that base addresses them.

A network is shared between all aspects of your workload, meaning its impact is significant. To select the best network for your system, identify bandwidth, jitter, throughput, and latency requirements.

2. Review
Best practices for performance efficiency include careful evaluation of the technologies and your workload components to ensure they’re as up-to-date as possible.

AWS innovation is continual and is driven forward by consumer demands. New features that can improve performance and architecture are released regularly, so it’s important to review your system frequently for possible areas of improvement.

3. Monitoring
After you make selections and your workload is running, it’s critical that you’re carefully monitoring the workload performance. Services like Amazon CloudWatch are available to give you actionable feedback about your system performance and the optimisation of resources.

Monitoring this data in real-time allows you to move swiftly when problems occur so you can rectify them before clients are impacted.

4. Trade-Offs
Architecting solutions require you to weigh the benefits of a solution against its implementation’s negative impacts. A trade-off can mean you’re exchanging consistency for latency to improve performance because there is a higher value in lower latency at that time.

Carefully review metrics to see how your trade-offs are affecting the workload and its performance efficiency.

Work With WOLK
WOLK is a proud leading partner of the AWS Well-Architected Framework and can provide a thorough review of your cloud-based systems. We are certified to perform a detailed appraisal and help you determine any weaknesses within your system that require immediate attention.

Identity and Access Management: Permissions and Identification

AWS Well-Architected Framework is a system used to identify the at-risk areas in your company’s infrastructure. AWS ensures your applications are using the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimisation.

Why are Identity and Access Management Important?
For your cloud-based systems to operate safely, the right people must have access to the resources meant for them. Allowing users to have access, or other applications to have access, opens up the potential for security threats if the proper measures aren’t in place. Using identity management and permissions management are the two best ways to take care of human and machine security access.

Identity Management
It’s best to manage identity access in a centralised way, meaning that you use one identity provider to grant access for multiple platforms. If you need to deny access to someone (like an employee leaving the company) you can instantly revoke their ability to view sensitive information. These could include company calendars, email accounts, AWS services and more. By centralising access, it becomes easier to track and control who has permission to view and change data.

When dealing with AWS, both humans and machines require unique identities to be able to access these services. To keep track of who/what has access to which applications/information, consider grouping users who have similar security access requirements together. Thus, making it easier to manage large groups of users within an organisation because settings can be changed by group membership rather than for each individual.

Permissions Management
Permissions are essential to the second pillar of AWS Well-Architected Framework security. By creating permission boundaries and granting least privilege access, you can restrict user and administrator ability to only what is necessary.

AWS utilises attribute-based access control (ABAC) which allows you to provide access based on specific attributes called tags. Programming these tags into your management strategy ahead of time means permissions will be applied automatically as a project unfolds rather than you manually updating a policy part way through. Doing this creates an efficient way to handle multi-user and developer access while still maintaining a secure cloud-based system.

Work with WOLK
If you’re interested in improving your cloud-based security, work with WOLK. A leading partner of the AWS Well-Architected Reviews, our review process draws attention to the areas of risk in your system so you can take the necessary steps to up-level your security measures.

4 Security Solutions for Every Business

Virtually all businesses use cloud services for at least some functions. As this trend continues, it’s important to be on top of security to prevent a cyberattack or data breach.

Businesses can use Amazon Web Services (AWS) to increase the security of their cloud computing operations. Through AWS, organisations can automate security tasks that were previously controlled manually. This allows the business to focus solely on core operations.

Besides streamlining and progressing manual security, AWS is the only commercial based cloud service that’s deemed secure enough for top-secret workloads. AWS uses a five pillar framework to help build efficient systems for businesses. Security is the second conceptual pillar, and it contains key security solutions for every business.

1. Automate Security Best Practices
A measure outlined as a design principle is security automation. Automating system security can make your data more secure. It also makes scaling security easier and more cost-effective as it doesn’t require major architectural change.

Employ AWS security software to protect your systems, data, and applications. These systems can be tested and validated, ensuring you have the best practice systems in place.

2. Protect Data at All Times
Data is one of the most valuable commodities a business holds. Stolen data is not only detrimental to your business but can also lead to legal problems. Data must be protected at all times, meaning when it is in storage, during transfers, and when people access it.

Organise your data by security classification, defining classifications by sensitivity levels and use and allocate only essential human access. Storage solutions such as Amazon Glazier are extremely resilient to data loss.

AWS offers encryption services for data transfers and data at rest. Server-side encryption (SSE) is ideal to store encrypted data.

3. Implement Access Management Protocols
Access management can be implemented through basic security features like multiple-factor authentication and strong passwords. An AWS system, such as Identity and Access Management (IAM), allows only authorised employees to access certain information, resources, and programs. The AWS user can customise privilege management, increasing its security.

4. Utilise AWS Detection Systems
AWS detection systems scan and monitor linked operations to identify potential security compromises and threats. There is a wide variety of detection programs, with some more suited to specific industries. It’s essential that your company have at least a minimal level of security detection implemented.

Amazon GuardDuty is an effective security solution that detects dangerous and unauthorised activity within workloads.

Secure Your Business Using AWS
WOLK is a partner AWS Well-Architected Review Program and is certified to perform AWS reviews. Contact us today to arrange a review, allowing us to advise and assist you in securing your business and its cloud operations for the future.

The 7 Design Principles for Cloud Security Under AWS

Security, the second pillar of the AWS Well-Architected Framework, contains seven design principles. By adhering to these guidelines, you can increase the strength of your cloud security, and protect your data.

The design principles encompass the ideas of foundation, preparation, and automation.

1. Implement a Strong Identity Foundation

A strong identity foundation is critical to maintaining safe data. Utilise the principle of least privilege by allowing each team member the minimum amount of access necessary for their work.

You should also centralise your identity management and try to reduce using static credentials.

2. Enable Traceability

It’s easier to find problems when you have a pre-existing tracing system. By monitoring your workload and applications in real-time, you’ll also receive alerts at the exact moment when something breaks through your security.

3. Apply Security at All Layers

Every layer and level of your workload and applications should be secure. Just because it’s an internal system doesn’t mean it’s safe.

4. Automate Security Best Practices

Automation lessens the likelihood of human error. Automated security sweeps can be set to run at regular intervals, and will automatically alert the correct team member when there is a problem.

5. Protect Data at Transit and Rest

Your data should always be secure, even when it’s within your systems. Use a classification system that all team members understand, to determine what level of security your data needs.

Based on its classification, data should be secured using encryption, tokenisation, or access control. If you’ve automated your security best practices, your security system can sort the data itself.

6. Keep People Away from Data

In addition to the principle of least privilege, you should also use tools that help to lower the need for human access to data. Human error can cause security breaches or loss of data.

7. Prepare for Security Events

Prepare your systems and teams for a future security event. Following your organisational best practices, create an incident management and investigation policy. Train all team members in your response policy by running drills.

Schedule a Well-Architected Review
To ensure your data is as secure as possible, consider working with an AWS Well-Architected Partner. WOLK can identify any outstanding high-risk items and mitigate them for you.

Once you’ve completed a Well-Architected Review, you can continue to maintain the highest level of security possible by adhering to the seven design principles of the security pillar.