Modernizing and Securing GasNet’s Hybrid Infrastructure with AWS

Trustsoft helped GasNet secure its hybrid infrastructure using AWS native services, including centralized IAM, log monitoring, and encrypted communications, enabling scale and compliance for critical national operations.

GasNet is a leading infrastructure provider responsible for distributing natural gas across the Czech Republic. As a critical national utility, it must operate under strict regulatory, security, and reliability requirements. The organization faced the complex task of modernizing its IT infrastructure to meet increasing operational demands while maintaining service continuity and robust cybersecurity.

Operating a hybrid environment of on-premises systems and AWS cloud services, GasNet encountered major challenges including secure network segmentation, centralized identity and access management, compliance-grade logging, and encrypted data communications. Any gaps in these areas could compromise operational continuity, breach regulatory standards, and increase exposure to security incidents.

Trustsoft, leveraging AWS security best practices, designed and implemented a secure, scalable, and resilient cloud architecture for GasNet that addressed its unique requirements as a national utility provider.

Key AWS Services and Implementations:

• Secure Data Management:
  • AWS Secrets Manager for securely storing and rotating credentials.
  • AWS Key Management Service (KMS) for encryption key lifecycle control.
  • AWS Certificate Manager (ACM) to automate and manage TLS/SSL certificates.
• Monitoring and Incident Remediation:
  • Amazon CloudWatch and AWS Config for continuous monitoring and performance insights.
  • AWS CloudTrail for API auditing and governance.
  • Automated remediation was enabled for predefined security deviations.
• Identity and Access Control:
  • IAM Identity Center (AWS SSO) integrated with Microsoft Entra ID (formerly Azure AD) provided federated identity management and RBAC across multiple AWS accounts.
• Performance and Availability:
  • Amazon EC2 with Enhanced Networking provided flexible compute resources.
  • Elastic Load Balancing ensured fault-tolerant service delivery.
  • A multi-AZ deployment in the eu-west-1 region included active-passive firewall failover and redundant VPN tunnels using BGP routing for connectivity.
• Networking:
  • A hybrid architecture connected via AWS Direct Connect, Amazon VPC, and Transit Gateway.
  • Redundant 1G links ensured resilience and scalability between on-prem and cloud.

This infrastructure was fortified with layered security controls and designed for failover, network redundancy, and compliance audit readiness.

• Firewall Protection:
  • F5/Fortinet Firewalls provided granular packet inspection and segmented traffic control at the perimeter.
• Endpoint Security:
  • Microsoft Defender was used for comprehensive EDR and FIM coverage across Windows and Linux hosts.
• Vulnerability Management:
  • Daily scans using Nessus enabled continuous vulnerability assessment and intrusion detection.
• Monitoring and Alerting:
  • Zabbix was deployed to monitor critical infrastructure KPIs and integrated with OpsGenie for real-time alerting.
• Security Information and Event Management (SIEM):
  • A third-party SIEM solution aggregated logs across environments, enabling real-time threat detection and alerting.

The project delivered significant security and operational benefits for GasNet:

• 100% of users migrated to a secure, centralized IAM Identity Center, improving access management.
• 60% faster incident resolution achieved through integrated monitoring and SIEM tools.
• Zero security incidents reported in the first 12 months post-deployment.
• Achieved full compliance with national security regulations for critical utilities.
• Improved network visibility and user activity tracking, enhancing proactive threat response capabilities.

The solution empowered GasNet to scale its digital operations, enforce consistent security policies, and maintain high availability for its mission-critical services.

Trustsoft conducted a thorough analysis of the Total Cost of Ownership (TCO) for CLIENT before the migration project. This included a Right Sizing Analysis to identify the most suitable resources and AWS services for the monitoring and cost of operations. We also compared the costs between the existing setup and potential modernization on AWS. TrustSoft provided a plan with a cost estimate, detailing the expenses for AWS services and offering advice on the operational approach. The TCO analysis underscored the financial advantages of moving to open source solutions, along with potential improvements in business agility and innovation. To align with the client's needs, TrustSoft held meetings and workshops, using the AWS pricing calculator to produce accurate cost estimates.

• Early collaboration between identity and cloud teams is essential when implementing federated identity management to avoid misconfigurations and delays.
• Integrating third-party tools with AWS native services strengthens security posture but requires precise architectural coordination.
• Centralized monitoring across accounts significantly boosts visibility and accelerates compliance audits.
• Managing hybrid environments necessitates clear routing, failover planning, and consistent logging to avoid data blind spots and downtime.