CloudCheckr is the Engine Driving Cloud Governance at Siemens
Case Study Security April 12, 2019

CloudCheckr is the Engine Driving Cloud Governance at Siemens

Railigent® monitors the physical infrastructure required to keep rail transportation reliable and safe, but turned to CloudCheckr to ensure the cloud infrastructure it relies on is just as secure.

 

Siemens’ Railigent Application Suite helps rail transportation companies optimize their infrastructure and assets through proactive monitoring and data analysis that reduces maintenance costs and unplanned downtime as well as increases rail transportation’s overall competitiveness. While a security breach at Railigent wouldn’t cause a crash, it would increase clients’ maintenance costs and cause delays or reduced train availability. From the beginning, it was clear that Siemens would need a way to monitor the digital infrastructure and assets in the AWS-based Railigent ecosystem, both to ensure comprehensive cloud infrastructure security as well as to control IT costs. CloudCheckr has streamlined Railigent’s security protocols, ensuring developers can easily identify the most urgent security issues, and reduced cloud costs by up to 20%.

 

Building an Internet of Trains

Siemens Mobility enables rail operators and maintenance providers worldwide to make infrastructure intelligent, increase value sustainably over the entire lifecycle and guarantee availability by using Railigent®: the rail solution for the reliable handling of big data and cloud security. By combining comprehensive domain knowledge, best-in-class data analytics and both clients’ and partner’s expertise, Railigent® enables comprehensive asset management, optimized maintenance, and safe operations.

The AWS-based application suite is used by rail companies around the world to monitor and optimize their physical assets and infrastructure. The physical assets being monitored—trains, tracks and signals, for example—are configured to send reports via a secure channel to a cloud-based data lake that operates on top of AWS. End users log in to the Railigent interface and use the information gathered from the sensors and analyzed by Railigent to lower maintenance costs, decrease unplanned downtime, and increase overall efficiency.

 

“We did not want to implement a [security] solution completely on our own, because this is not our business focus. We could create a team of developers to create such a solution, but it would cost a lot of money, and it’s not our core competence.”

 

Even before Railigent was launched, it was clear that Siemens would need to find a way to automate cloud security monitoring above and beyond what is available out-of-the-box with AWS. Individual developers cannot change the production AWS account. Therefore, the Continuous Integration / Continuous Deployment (CICD) pipeline is essential for catching security risks in real time, like changes in security groups or S3 buckets that have been made public. This is crucial as developers are working in the development AWS account.

“We did not want to implement a solution completely on our own, because this is not our business focus,” Friedrich Glöckner, Systems Architect at Siemens Mobility Services, explains. “We could do that. We could create a team of developers to create such a solution, but it would cost a lot of money, and it’s not our core competence.”

Indeed, Siemens Mobility needed an outside solution that worked out-of-the-box and provided enough granular reporting and alerting to let the team continuously check for best practice and corporate policy compliance as well as react to security-related events. CloudCheckr goes even further, with Self-Healing Automation, to correct misconfigurations and vulnerabilities, automatically, upon detection, without requiring human intervention. This allows Siemens’ personnel to completely focus on their customer business.

 

Keeping Costs on Track

Although security was Glöckner’s primary concern, it was not the only thing Railigent needed to monitor. Controlling cloud spend was also important, as well as gaining visibility into how much individual teams were spending on AWS cloud services. Everything needed to work seamlessly across Railigent’s four AWS accounts—sandbox, dev, test and production—as well as be compatible with the company-wide IT rules and guidelines.

 

“The cool thing is it gives you a checklist, and this is combined with reporting functionality, and you can prioritize security problems and say yes, we definitely need to work on this problem first.”

 

Siemens Mobility Services started a Proof of Concept trial with CloudCheckr in December 2016, and started using CloudCheckr in production in mid-2017.

“As soon as it’s set up, you have immediately all the CloudCheckr security recommendations,” Glöckner explains. “The cool thing is it gives you a checklist, and this is combined with reporting functionality, and you can prioritize security problems and say yes, we definitely need to work on this problem first. This is exactly what we did, and that helped us to improve the overall security of our ecosystem.”

Not only did cloud infrastructure security improve immediately, but so did cost monitoring. One of the first cost-related recommendations CloudCheckr provided, Glöckner remembers, was that Railigent did not need the more expensive RDS Microsoft SQL Server Standard Edition. Railigent could save 30-40% in RDS costs by switching to the RDS Microsoft SQL Server Web Edition.

“That is what we did, and we saved the costs,” he says.

Siemens has strict corporate guidelines about how each developer and team should tag cloud resources, but AWS billing reports only allow sorting by one tag dimension—not enough granularity for actionable business insights. With CloudCheckr, Siemens gets reports that break down costs based on as many tags as necessary. This makes it possible to track costs by team and project and to manage internal budget allocation in a way that would not be possible otherwise.

 

Glöckner estimates that Railigent continues to save up to 20% in total cloud costs because of CloudCheckr’s recommendations.

 

Moving Forward with CloudCheckr

Now that Railigent has been up and running on CloudCheckr for over a year, more than 100 Siemens employees use CloudCheckr on a regular basis. They primarily check for security vulnerabilities, unexpected costs, and to follow up on both cloud security and cloud cost optimization recommendations.

From a cost perspective, team members can look at an instance report and sort by potential cost savings, allowing them to focus on resizing instances where the potential savings are a dollar per hour rather than two cents per hour. Glöckner estimates that Railigent continues to save up to 20% in total cloud costs because of CloudCheckr’s recommendations.

It’s harder to put a value on security improvements, but Glöckner is emphatic that Siemens now has better control over all four AWS accounts from the day CloudCheckr was implemented. The prioritized security checklists CloudCheckr provides makes it easy to ensure that Railigent is following best practices. The alerting features mean that security vulnerabilities are brought to the team’s attention immediately—and never lead to security breaches.

 

Next steps

Curious how CloudCheckr can help you increase security while reducing cloud costs? Learn how unified secure configuration, activity monitoring, and regulatory compliance for the public cloud works with a live 30-minute demo or by trying cloud management by CloudCheckr free for 14-days.

TRY CLOUDCHECKR FREE FOR 14 DAYS!
Learn how CloudCheckr can help you optimize and automate your cloud.
WANT TO SEE CLOUDCHECKR IN ACTION?