Asia Pacific's Leading Cloud Transformation Company!

SingPost e-commerce Security Case Study

About Us

Cloud Adoption & Migration Experts. Talk to us for your AWS, Azure and Google Cloud needs

Latest News

Cloud Computing for Dummies – I

How can we help you?

Our Engineers are AWS and Azure Certified, with years of experience of solving complex cloud challenges.

Project Infomation

For over 150 years, Singapore Post (SingPost) as the Country’s postal service provider, has been delivering trusted and reliable services to homes and businesses in Singapore.
RightCloud is a reputable and experienced Advanced Consulting Partner of Amazon Web Services (“AWS”) and Microsoft Azure, serving notable enterprise cloud customers across APAC. RightCloud has performed a wide range of implementation work for its customers and offers advanced capabilities in managed services.
  • Client: SingPost
  • Date: 2017
  • Skills: Cloud Security, AWS Expertise

The Challenge

SingPost's end-to-end Enterprise eCommerce Solution takes retailers & brands online at Cloud-enabled speed.

SingPost also implements custom solutions as requested by the client. E-commerce hosted Security is a part of the Information Security framework and is specifically applied to the components that affect e-Commerce including Data security and other wider realms of the Information Security framework. E-Commerce security is the protection of eCommerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-Commerce security include Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability.

The Solution

- AWS WAF to protect eCommerce assets from unauthorized access, use, alteration, or destruction. It gave control over which traffic to allow or block to web applications by defining customizable web security rules.
- AWS CloudFront to serve static and dynamic web content and to reduce latency to end user and speeds up distribution.
- Lambda Functions to update IP’s which crossed the threshold limit of the requests which protect eCommerce websites from DDOS attacks.
- Lambda Functions to update CloudFront IP’s on ALB security groups which helps in restricting access from public.
- Security Monkey to perform continues audit on CloudTrail logs and policy changes, in case of any abnormal activity it will trigger an email to DevOps/support team.
- AWS Config rules on all supported services which helps to audit and evaluate configurations and keep a record of all configuration to review changes in account.
Graylog2 setup for centralized logging, monitoring, and SIEM.

Moving forward, as it progresses to the web servers, where the Deep Security Agents are installed. The Deep Security solution provides comprehensive protection, including:

- Deep packet inspection enabling Intrusion detection and prevention (IDS/IPS), web application protection, and application control
- Stateful firewall
- File and system integrity monitoring
Log inspection

How AWS services were used as part of the solution

With the help of AWS WAF we are able to successfully block all common web-based attacks and DDOS attacks.
AWS Lambda
With the help of Custom written Lambda Functions we are managing whitelisting and blocking access to admin E-commerce admin portals.
Amazon VPC
Helps in providing an isolated Network.
Security Groups
Helps in controlling the incoming and outgoing traffic through specific ports.
Provides protection at subnet level i.e. with NACL we are controlling the network traffic for each subnet.
Granular policies are being implemented and keys are rotated on a regular basis.
AWS CloudTrail
Allows the compliance, and operational audit by keeping a track of all the actions performed by a user or role.
Amazon Cloudfront
Helps speed up the distribution of contents as it routes the user request to edge locations.
Wishlist 0
Open Wishlist Page Continue Shopping