And AWS?
Part of the problem is that Travelex's developers or their DevOps team seem to have been scope-locked onto using AWS for hosting, while apparently not ensuring a security group protocol and not having a clear backup policy; something unthinkable in this day and age. A relatively simple audit of their digital estate would have revealed this and (heavens forbid!) someone might have recommended that since Travelex were very much Microsoft orientated that they move to Azure hosting, which would at least have ensured automated backups of sites, databases and the API.
Not only that, but also someone would have been able to quickly work out that Travelex was using a framework that was effectively discontinued in 2012 (.NET 4.0.30319) and that it might be time to upgrade to something a bit more current.
Oh and we have a name to blame for this fiasco.
an AWS security architect worked with us closely, shared industry knowledge, and ultimately helped us
Remind me not to employ AWS security architects in the future. :)
Biting the hand that feeds IT
