Enter Centric: The Long Legacy of Legacy System Security Challenges
The client we worked with is a leading energy management and smart-grid solutions company. While not a traditional investor-owned electric utility, the company had legacy computer system challenges that made it harder for them to protect their systems from espionage attempts, ransomware, data breaches, and more in today’s always-evolving threat environment.
For example, the business relied on an internally developed platform for conducting business with their partners — the companies that use their services. While they had streamlined their employee authentication using Google OAuth Single Sign-On (SSO), migrating partner access from their custom-built legacy authentication system still posed significant security risks.
These legacy systems had limited control over their passwords, and password policies weren’t enforced. Additionally, the existing system was burdened with ongoing tech-debt management and code maintenance. The client needed a secure and scalable solution for partner authentication, password management, and migration of existing accounts to secure their infrastructure. After evaluating several options, the client selected AWS Cognito as its solution.
Why AWS Cognito?
AWS Cognito is an identity and access management (CIAM) system that integrates seamlessly with the client’s existing tech stack. To help them, we worked with our Charlotte and India practices to deploy multiple AWS Cognito technology components, including:
- Node.js: A cross-platform, open-source environment where developers can build and run server-side applications using JavaScript.
- React.js: An open-source JavaScript library used for building applications.
- MongoDB: A database known for its scalability, flexibility and ability to handle semi-structured data.
- AWS Atlas: A managed and scalable solution for hosting MongoDB databases.
- AWS Elastic Beanstalk: An orchestration service that simplifies the process of deploying and managing web applications.
- AWS CodeCommit: A managed source control library that supports Git repositories and provides features for collaboration among development teams.
- AWS Pipeline CI/CD: A continuous integration/continuous delivery pipeline that automates the build, test and deployment stages of software development.
Once we implemented AWS Cognito with the client’s existing AWS Cloud platform, it provided secure authentication, implemented strong password requirements, enabled multi-factor authentication (MFA), and empowered users with self-service password management capabilities.
The tool allowed for a seamless migration of existing user accounts, which avoided any disruptions or loss of data. Finally, AWS Cognito’s advanced features made it possible for them to build a robust, scalable and user-centric user management solution.
What AWS Cognito Delivered
Since harnessing the power of AWS Cognito, our client has modernized their user-management approach, ensuring a secure and seamless experience for their employees and partners. As a result, they can now take advantage of secure authentication when accessing their internal systems, which addresses the client’s security challenges, mitigates potential security risks, and streamlines user management processes.
The transition to AWS Cognito also allowed our client to upgrade enforcement of their password policies, while self-service password management makes it easier for employees to change passwords securely. Meanwhile, code maintenance is easier for them, which allows them to keep their systems up-to-date and secure with less effort.
Conclusion
The constantly evolving threats all companies face today make it a challenge for legacy systems to stay current, but the security challenges legacy systems pose are even more important to address in critical sectors like energy and utilities.
Fortunately, modern tools like AWS Cognito make it easier to transition legacy security systems to more flexible solutions. Failing to do so not only risks falling out of compliance with regulatory requirements but your utility’s ability to serve its customers.
