How XGen maintains their AWS cloud security posture with AWS Well-Architected Framework and Ibexlabs
XGen.Ai is a comprehensive traffic and product analytics suite, personalization platform, and A/B testing solution that automates the experience optimization process at the unique customer level in real-time. Their proprietary artificial intelligence platform drives autonomous, curated product recommendations and merchandising – delivering a truly tailored digital shopping experience that is as dynamic and unique as the individual customer.
XGen.Ai recognizes that security is a moving target and they need to be constantly vigilant for any gaps in their security posture.
This risk mitigation includes checking for security best practices as part of the AWS Well-Architected Framework which includes use of multi-factor authentication, privilege management, Amazon S3 access control, and IAM access keys management.
This is a regular check to ensure their objects are not vulnerable to data theft and and their resources are immune to attacks.
XGen.Ai sought an independent outside review to make sure they weren’t “marketing their own homework”.
“Our AWS platform is complex and, like anyone else’s, is always changing. As part of our risk management process, we value getting outside help to check our situation and fix what we need. It’s like servicing your car: if you don’t keep up your servicing plan, then you’ll break down one day.”
XGen.Ai looked for an AWS partner with security and AWS Well-Architected expertise who could independently assess their current state, give them a detailed review including a list of recommended remediations, and then help them implement those recommendations.
Ibexlabs conducted a comprehensive review of XGen.Ai infrastructure based on AWS Well-Architected principles with a specific focus on the Security Pillar.
The types of security checks and remediations included:
AWS Identity and Access Management
AWS IAM requires constant tuning to secure all AWS resources, with a special focus on privilege management so that staff joiners, movers, and leavers don’t retain unnecessary permissions.
Amazon S3 has a complex and powerful set of permissions that require regular revision to ensure no data is exposed inadvertently and that all the advanced features of versioning and used to enhance availability.
“We know that AWS IAM and Amazon S3 configurations are not set-and-forget. Getting an independent review of our configurations is essential to be honest and transparent about how our security posture needs to change as our business changes.”
The main result for XGen.Ai was keeping their AWS security posture in line with their business. The recognize the need for regular independent checks to not just bring in the latest AWS Well-Architected Framework pillars like Security, but also to collaborate on implementing remediations without disrupting the business.
“It’s been like taking our car to the garage and getting it serviced and certified. It gives us peace of mind that we’re doing our best for XGen.Ai and our customers in terms of cloud security posture.”