ENGIE Helps Secure 51 Business Entities Using AWS WAF and AWS Firewall Manager

ENGIE is an energy group working to accelerate the transition toward a carbon-neutral world by offering low-carbon energy and services. The group has 450 business entities across 70 countries, each managing its own projects and information technology (IT) assets. When ENGIE began migrating to AWS in 2016, the group provided guidelines for the migration, but each entity ultimately developed its own cloud strategy. 

Once on AWS, the team in charge of the project, ENGIE IT by Engie Group Security, wanted an intuitive solution to enforce a company-wide security policy while giving individual teams the flexibility to add security rules as required. The solution would need to cover 2,200 workloads across 51 ENGIE entities. “Our greatest challenge at the group level is to find the correct tool to cover the most assets,” says Samy Khomsi, network security engineer at ENGIE. 

ENGIE IT by Engie Group Security was already on AWS, so it could implement AWS WAF without difficulty. “Using AWS WAF helps us quickly propose a set of rules and share them with different entities in our organization,” says Khomsi. “AWS WAF is really simple to use, so it doesn’t take long to start implementing helpful measures.”

In 2020, ENGIE IT by Engie Group Security set up an initial set of AWS WAF security rules. With a panel of developers from various entities, it tested and refined the rules, using advice from AWS Support throughout the implementation. The goal was to find a set of rules covering the most use cases with the least number of false positives. 

Once ENGIE IT by Engie Group Security met its goal and finalized its set of rules, it deployed those rules to other entities using AWS Firewall Manager, a security management service that lets security administrators centrally configure and manage firewall rules and security policies across multiple accounts. Each ENGIE entity could then customize its security rules based on the specific use cases of its applications and any specific regional security requirements. 

Now using AWS WAF and AWS Firewall Manager, ENGIE IT by Engie Group Security spends less time maintaining security for other entities, and its developers can focus on their main activities. “It helps everyone contribute to the group and publish more services while still staying secure,” says Joël Kisala Kinavuidi, network security engineer at ENGIE.

Through 2021, ENGIE will work to make sure that its web security covers the Open Web Application Security Project Top 10. ENGIE IT by Engie Group Security also keeps an eye on web security by collecting near-real-time log streams from AWS WAF using Amazon Data Firehose, which reliably loads streaming data into data lakes, data stores, and analytics services. “Now that we have a base security covered by AWS WAF, the next step is to have visibility,” says Khomsi. “It’s great to have this kind of flexibility. In a big, decentralized organization, our use of AWS WAF and AWS Firewall Manager helps greatly.”