Security

Our team are experts in designing, reviewing and tuning security at different layers of the technology stack.

Cloud service provider security

Security and transparency of operation is critical in all IT workloads, on cloud or off. With AWS, much of this is wrapped up in an API activity log service, AWS CloudTrail. Modis likes sending this log stream directly to separate, dedicated security logging accounts, were general administration staff can’t access logs. We’re also keen on using automated security log event identification and alerting in near real-time.

For secure interactive (AWS Web Console) access, we use physical Multi-Factor Authentication (MFA) tokens based upon Time-based One Time Passwords (TOTP) for all master (root) account credentials, with federation of identity back to your corporate directory (such as Active Directory by way of SAML federation) which may also implement an MFA policy.

Understanding these dependencies, and working to ensure that the customer's security posture is maximised without unduly inflicting delay and complication on staff is important; and we'll work with our customers and their existing IT security teams to help them understand any risks and benefits.

 

Application level security

We’re fanatical about encryption, algorithms, ciphers, signatures, and validation. Modis’ cloud approach is to use only encrypted protocols for all data transfers, both in transit to/from the cloud, as well as intra-cloud. We love disabling old crypto protocols, using only the latest and strongest ciphers, ephemeral keys for forward secrecy protection, and strong chains of trust.

We also love helping our customers understand how this looks over time. With Modis, you can be as secure as your bank, if not more so.

 

Security services

Modis is keen to assist customers however they need, and here are some examples of what we've done previously:

Security Reviews: Development Practices

Inspect, review and recommend changes for developers and release managers around Continuous Integration and Continuous Delivery, Development, API usage, API design, credential handling. Authenticating using two-way x509 certificate verification, and more.

Security Reviews: Operations

Observe and inspect operational processes and procedures, recommending changes to improve security, logging, visibility, governance, and timeliness to mitigate potential future security considerations. Tuning and automating TLS Certificate issuance and renewal, TLS option configuration, etc.

Application Architecture

Design and architect security frameworks around applications, including using single sign on technologies such as LDAP, SAML and other techniques, AWS IAM Roles and Policies, public/private asymmetric keys and key management, AWS Key Management Service, and more.

Cloud Governance Services

We can also engage to put cloud governance teams into your organisations, providing best practice and assistance to your existing development and line-of-business service teams. This service continually appraises, researches and improves your security posture over time, which is often overlooked in a project completion and migration to support approach to IT projects.

 

Security staff capability

Modis maintains a number of staff holding the coveted AWS Security Specially Certification. This challenging certification is critical recognition by Amazon Web Services of Modis’ technical staff in the capability they bring to bear for our customers in the security space. Our team also hold many other industry and 3rd-party vendor security-releated certifications, professional memberships and more. Our security staff are well versed with decades of experience in security.

Find out how Modis can provide you with innovative AWS cloud based solutions and servicesModis has been an AWS Advanced Tier Partner since 2014. Modis' AWS Cloud Consulting services encompasses fundamentals of cyber security, fault tolerant digital system architecture, modernisation, traditional virtual machine or through to modern Serverless approaches, commercial off-the-shelf software operation to bespoke software development, delivered with high throughput, repeatable DevOps approaches to operations. With over half a decade of running critical authoritative government data sets that affects the lives of millions of citizens and the economies of the state, Modis has one of the most mature, experienced and recognised consulting service providers in the world. More importantly, we like to work very closely with our customers, not providing something to purchase, but taking a deep understanding of their business, and providing the recommendations and implementations to ensure a modern, efficient, reliable and secure environment for digital business systems.Contact us
Modis Australia | Animated map showing global locations
We operate around the world. Would you like to find out more about your local office?Find out about Modis