Rail Delivery Group
RDG implements new security features for cloud services
The Rail Delivery Group (RDG) brings Britain’s railway operators together into a single organisation with the aim of creating a transportation system that delivers real improvements in customer experience.
With a membership that includes all the passenger and freight rail companies, as well as Network Rail and HS2, RDG drives change across the entire industry. The organisation provides important services that include ticketing, travel information, and refund facilities for passengers and staff on behalf of member companies.
AWS IAM Identity Center
Nasstar hosts several AWS services on behalf of RDG. Historically, each of these services required separate credentials for every user account meaning individuals had to remember multiple account names and passwords, causing both an administrative and security headache for all concerned. Therefore, to improve both productivity and security, RDG asked Nasstar’s Public Cloud Team to introduce secure single sign-on features for all services, alongside multi-factor authentication (MFA). This would enable users to log in to all services using the same account name and password with the added, increased security benefit of MFA.
Previously, creating a new account required Nasstar to share credentials securely with the end user via encrypted spreadsheets and a second contact method, which added time and complexity. Thanks to features like single sign-on and MFA, it’s now much safer for RDG’s workforce to access the organisation’s cloud infrastructure. This relatively small change has had a positive impact and reduced administration time for all.
As an AWS Premier Consulting Partner and Managed Service Provider, customers can access subject matter experts, enhanced technical support, architectural reviews and early insight into the cloud provider roadmap. The continuous innovation workstream of the Nasstar Next generation cloud managed service highlighted this solution would improve both productivity and security for RDG. We plan to implement the solution across all AWS-supported RDG services soon.
Initially, AWS Identity Access Management was the service of choice. However, after further investigation, AWS Identity Center’s improved functionality made it the most beneficial solution.
The AWS Identity Center which went live into production in January 2023, requires all users to add MFA to their account on the first logon, increasing security and making it easier for individual account permissions to be defined and applied. Additionally, common users can only see the accounts they have access to while higher privilege users are provided with a read-only role for general use. These measures reduce the risk of accidental and unintended configuration changes.
After the solution and its benefits were presented to RDG’s Senior Service Delivery Manager, the implementation of AWS Identity Center was approved.
By providing a user-friendly portal for RDG staff and third parties that also gives them console and programmatic access from one central location, many time-consuming user management activities have been eliminated.
The IAM Identity Centre is a fantastic example of RDG and Nasstar working together to find innovative solutions to increase the productivity and security of our AWS platform, and the data and functions it provides to the rail industry. MFA is now the industry standard and to have one sign-on process for all our accounts is a giant leap forward.