Ruter AS is the public transport authority for the Oslo and Akershus counties in Norway. Formally a limited company – 60% of its shares are owned by the Oslo county municipality and 40% by that of Akershus – it is responsible for the administration, funding, and marketing (but not direct operation) of public transport in the two counties, including bus, Metro, Tram and ferry services. Ruter also has agreements with the Norwegian State Railway, concerning the regulation of fares on local and regional train services within the two counties.
The development of digital services at Ruter involves many actors. At the heart of Ruters digital platform is Ruter’s Core Mobility Platform, a service which is fully managed by Basefarm. The Core Mobility Platform itself consists of a Fleet Logistics service and a Reporting Service built on Amazon EC2 instances where Basefarm operates the key components Kafka, Cassandra, MQ (Message Queue) and several database services on Amazon RDS.
The Solution
By leveraging AWS continued compliance solutions, Basefarm is able to offer compliance monitoring solutions to Ruter.
The solution consists of AWS Security Hub, AWS Inspector, AWS Config, AWS CloudTrail, Amazon CloudWatch and Amazon GuardDuty. The services will identify common security issues and potential threats, while allowing Ruter to maintain their development velocity. Security events are raised as tickets within Basefarm’s ITSM solution, allowing security incidents to be managed using Basefarm’s mature and battle tested incident management processes.
Using AWS Security Hub with the CIS AWS Foundations compliance standard, Basefarm can ensure that all of Ruter’s AWS accounts are maintained at a minimum level of security hygiene, which complies with the Centre for Internet Security’s best practices. If any element of the account configuration is discovered not to meet these standards, then a security incident is automatically raised.
Amazon GuardDuty and AWS Inspector are integrated with AWS Security Hub, which offers a single pane of glass for security insight. Additionally AWS Security Hub will flag non-compliance of rules configured in AWS Config.
AWS Inspector provides the capability to conduct vulnerability and compliance analysis for instances running in Amazon EC2, using one or more of four pre-defined rulesets.
For any given rule in an AWS Inspector ruleset, it is currently not possible to ignore certain controls. This can cause unnecessary alerts, which in turn create tickets and cause unnecessary work. It was a requirement that certain controls be disabled, thus Basefarm created a filter function based on AWS Lambda. The filter is configured using JSON objects in Amazon S3. It is used both to ignore certain controls and to augment any event with additional information about it, such as priority, assignee, event type and additional documentation and references.
Amazon GuardDuty is AWS managed threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads.
GuardDuty uses Machine Learning to analyze events across multiple AWS accounts and data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs.
Amazon CloudWatch Alarms are configured for specific events found in AWS CloudTrail.
One example of configured Amazon CloudWatch Alarm is when the root user is used; as this should never happen without a ticket in Basefarm’s ITSM tool.
The Basefarm ITSM integration also supports receiving alarms defined in Amazon CloudWatch, by using Amazon Simple Notification Service.
About Basefarm
The company provides strategic advice, architecture and implementation together with the management and operation of solutions to several different cloud platforms.
The business was founded in 2000 in the Nordic countries and today there are 550 leading engineers and advisors working in Norway, Sweden, the Netherlands, Germany and Austria.
Basefarm was ranked highest in Whitelane’s IT Outsourcing study Nordics 2018 and was approved by Gartner as cool vendor supplier at the European Cloud Computing Market 2015 for our unique methodology in application operations.
In August 2018, Basefarm was acquired by Orange Group and is now an Orange Business Service subsidiary.