Delivering on a Cloud-First Vision
At REI, the technology organization comprises approximately 400 people across security, application, core infrastructure and DevOps. Previously, the organization lacked a solid investigation workflow that included its AWS deployment, so teams underwent a time-consuming process — up to a week — to log into multiple accounts used by various departments, export data into files, and aggregate and analyze spreadsheets with many tools and no formal process. What’s more, REI lacked a secure ingress path for migrating applications to AWS, and the company needed to solve this security challenge.
Furthermore, REI is undergoing an organizational transformation by implementing a DevSecOps practice across the enterprise that centralizes and standardizes the security solutions across all REI accounts and VPCs. This allows REI developers to not focus on foundational security within AWS and instead focus on shipping business capabilities.
REI underwent a proof of concept (POC), centralizing log management and edge protection services from across the digital community and security teams. “We quickly demonstrated the standalone capabilities of Splunk, AWS Shield, and Amazon GuardDuty, but also the benefit of using Amazon GuardDuty in conjunction with Splunk for fast, insightful security intelligence,” says David Bell, who manages infrastructure and cloud services at REI.