Case Study: Virtual Private Cloud (VPC) Service Controls Implementation

By intelia | @intelia | Jan 20

intelia was engaged by a leading Retail and Logistics organisation to help them achieve compliance with APRA’s Prudential Standard CPS 234, which focuses on ensuring resilience against information security incidents for APRA-regulated entities. Additionally, we were tasked with enhancing their Data Loss Prevention (DLP) strategy and elevating cloud platform encryption, incorporating Google Cloud’s native solutions with robust security guardrails to ensure compliance and data protection.

This transformation played a key role in helping the client achieve accreditation from the Australian Prudential Regulation Authority (APRA).

The challenge

An independent audit revealed that the customer’s financial services team lacked sufficient security controls to adequately protect sensitive data. The audit highlighted the need for a robust Data Loss Prevention (DLP) solution and enhanced encryption controls to mitigate the risk of malicious electronic attacks. Additionally, the infrastructure needed to be strengthened to ensure resilience against potential information security incidents.

The solution

intelia addressed the customer’s challenge by implementing Virtual Private Cloud (VPC) Service Controls (SC) and enforcing access perimeters based on the client’s requirements. This solution securely managed cross-project access between various GCP services, both within and outside the established perimeter. Additionally, a centralised VPC SC log sink was created to capture detailed logs for auditing purposes, with integration to a monitoring dashboard for real-time reporting and analysis.

The results

intelia’s solution and architectural framework were fully aligned with the customer’s recommendations, ensuring compliance with APRA’s CPS 234 and Office of the Australian Information Commissioner (OAIC) enforceable undertakings in the event of a data breach. The customer now has a reliable and robust solution that protects against data exfiltration attacks, unauthorised network access via stolen credentials, and the public exposure of private data due to misconfigured IAM policies

About the customer

Industry: Retail and Logistics

Primary project location: Australia