Content management error: Header Banners should not be placed in the Navigation placeholder!

Case Study

Jury Management Service for Court Services Victoria

James Bromberger Posted 23 January 2020

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

In 2019, Modis assumed support and maintenance responsibility for the Jury Management System (JMS) for the state of Victoria, Australia, running within the Amazon Web Services Cloud in Sydney, Australia.

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

The Challenge

This system is a web-based application providing a broad range of services for jurors navigating their way through the Victorian justice system. This is a fully managed Software-as-a-Service (SaaS) platform that the state and the public interact via.

Modis was asked to undertake a review of the application and its infrastructure and identified a number of areas that could be refreshed and strengthened in order to meet the challenges of growing the product into other jurisdictions.

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

The Solution

As part of an overall monitoring strategy, logging was enabled for CloudFront. This allowed the team to analyse the traffic coming into JMS to see if the encryption protocols and ciphers could be strengthened. It was found that less than 1% of clients were using TLSv1.1 and below, protocols known to have been compromised in the past. This allowed JMS to move to the more secure TLSv1.2 as a minimum, mitigating the range of possible attack vectors. A review of IAM users and groups identified unused user accounts (which were removed) and roles providing with overly permissive access. Permissions were refined to enforce the principal of least privilege.  Furthermore, management access is now federated using AWS SSO with least privilege strictly implemented with role based access.

Security group rules for all managed services and EC2 instances were reviewed and unnecessary ports and protocols were removed. Again, this removed vectors that possible attackers might be able to exploit. Continuing the strategy of defence in depth, all aspects of S3 usage were reviewed. Versioning and encryption were enabled on all S3 Buckets, Public Access is being disabled at the Account level and a policy implemented to enforce secure access over TLS. This configuration was built into the associated CloudFormation templates. VPC Endpoints were created for S3 so that this traffic did not have to traverse the public Internet.

The JMS Account makes use of built-in security features available on the AWS Platform; Security Hub for compliance with security best practices, Guard Duty for real time threat monitoring and Cloud Watch to alert support staff on any security related action identified in Guard Duty or CloudTrail which can be promptly investigated. 

JMS uses the Amazon web Services managed services CodeCommit, CodeBuild, and CodeDeploy to create a Blue/Green deployment pipeline to promote build artefacts from the development environment, through staging, and into production. Over time, a number of expedient, emergency changes had created a bottleneck in this pipeline so that deployments had to be performed manually; the Modis team analysed the pipeline and discovered a subtle misconfiguration within CodeDeploy. This misconfiguration was corrected via CloudFormation, ensuring the change was captured correctly and so that any future drift could be seen readily. The end-to-end deployment pipeline was again optimal.

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

Outcomes and Results

With these changes in place, the JMS application is now more secure and the infrastructure more robust, making it better able to meet the challenges of moving into other jurisdictions. This ongoing maintenance and modernisation brings continuous improvement, helping ensure that Jurors make it on time to the correct courts, and helping the Justice system operates for citizens.

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

Content management error: Generic Content Banners should not be placed in the Navigation placeholder!

Start a Conversation

Find out how Modis can provide you with innovative AWS cloud based solutions and servicesModis has been an AWS Advanced Tier Partner since 2014. Modis' AWS Cloud Consulting services encompasses fundamentals of cyber security, fault tolerant digital system architecture, modernisation, traditional virtual machine or through to modern Serverless approaches, commercial off-the-shelf software operation to bespoke software development, delivered with high throughput, repeatable DevOps approaches to operations. With over half a decade of running critical authoritative government data sets that affects the lives of millions of citizens and the economies of the state, Modis has one of the most mature, experienced and recognised consulting service providers in the world. More importantly, we like to work very closely with our customers, not providing something to purchase, but taking a deep understanding of their business, and providing the recommendations and implementations to ensure a modern, efficient, reliable and secure environment for digital business systems.Contact us

We are global leaders

Modis Australia | Animated map showing global locations
We operate around the world. Would you like to find out more about your local office?Find out about Modis