FreeTV Ensures Security by Leveraging AWS and Automat-it

FreeTV is a Multi-channel TV Operator that offers more than 50 linear channels with a huge VOD library. The platform allows access to channels, catchups, movies, and series anytime, anywhere.

FreeTV is a new initiative in the Israeli media market aimed to reach audiences through emerging media platforms with ground-breaking content.

FreeTV involves dozens of different technologies and applications required to be securely connected to the AWS Cloud. Automat-it’s role, as the DevOps partner with a focus on security, was to apply security best practices for the multi-account AWS environment. This includes everything from centralized authentication and authorization to DDoS protection, and more.

The new FreeTV infrastructure needed to meet a number of requirements:

1. Elasticity to adjust to the growing number of users.
2. Flexibility to spawn the development and staging environments to make development comfortable.
3. Compliance with several international security standards.
4. Quick time to market.
5. Ensuring optimal traffic routing across EMEA with fast video streaming delivery.
6. On-premises connectivity to use existing content.
7. Cost efficiency

During the build phase, Automat-it’s team deployed its solution of Automat-it AWS Landing Zone.  Automat-it’s AWS Landing Zone provides you with a pre-configured solution, reducing time to implementation from weeks to just days. To ensure compliance with AWS Cloud Governance best practices, the AWS Control Tower was used to manage all of the AWS Accounts used in FreeTV AWS Organizations and Amazon Macie to discover sensitive business data. The application configurations are stored in the Parameter Store, a capability of  AWS Systems Manager (AWS SSM). AWS Directory Service is used for SSO purposes.

A centralized Terraform git-based repository is used to store all Infrastructure as Code and act as a centralized infrastructure management mechanism. The git flow is integrated with the customer’s ITSM processes.

The solution utilizes several Amazon Aurora MySQL-Compatible Edition and Amazon Aurora PostgreSQL-Compatible Edition regional clusters for the persistent storage needs, and numerous Amazon ElastiCache (Redis OSS) for the caching needs.

It relies on Amazon CloudFront to ensure smooth content delivery for FreeTV users across AWS presence locations. Amazon Elastic File System (Amazon EFS) is used to share the data to be processed by multiple Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Container Service (Amazon ECS) workloads. Application Load Balancing ensures the availability and performance of the workloads.

Automat-it’s Cloud FinOps Team is constantly providing the customer team with recommendations on cost planning as savings using both homegrown Albatross FinOps Suite and industry-standard tools like Anodot. Automat-it’s team evaluates the risks and provides the mitigation strategy using Automat-it’s Risk Management framework.

To enable FreeTV development teams to spawn short-lived Dev and UAT environments, Automat-it team has provided the customer with a homegrown Terraform framework that implements a boilerplate-type of environments that can be created and destroyed in a matter of minutes.

To ensure proper monitoring of all assets, Automat-it team has set up several Amazon CloudWatch dashboards with over 400 Alarms on metrics that cover both the infrastructure services and the applications together with 2 Amazon OpenSearch Service Domains for logs processing and integrated those with Slack and PagerDuty notifications. Amazon CloudWatch Synthetics is used for synthetic monitoring and AWS CloudTrail is used for user activity and AWS API usage across the entire Organization.

Automat-it’s 24/7 NOC team provides incident management services. The security, NOC, and DevOps teams continuously monitor the infrastructure, applications, and compliance with 5 security standards below via the AWS Security Hub in combination with Amazon GuardDuty, Amazon CloudWatch, and Crowdstrike Cloud Security Posture Management. Using the Automat-it out of the box infrastructure allowed Free TV to quickly reach its security and compliance goals.

1. PCI DSS v3.2.1
2. CIS AWS Foundations Benchmark v1.2.0
3. AWS Foundational Security Best Practices v1.0.0
4. CIS AWS Foundations Benchmark v1.4.0
5. NIST Special Publication 800-53 Revision 5

On top of the project described above, Automat-it is now monitoring ongoing the services usage by the FinOps team. Performance is reviewed as well as cost optimization using FinOps best practices leveraging the high growth forecast. This includes, among other things, private pricing agreement for specific services and the entire spend, saving plans, reserved instances, unutilized resources detection, and storage strategy.

Benefits and outcomes

1. A scalable, highly available, secured, stable, and monitored multi-account environment
2. Five security standards are continuously monitored by more than 400 security checks
3. 24/7 monitoring of alarms and a secured centralized log archive
4. Ongoing management of cloud cost and performance