The Client

In 2020, Konekti worked with a fast-growing medical technology company with focus in processing and distribution of medical imaging data.  Company’s team of developers created cutting edge platforms that through a decentralized network for health record exchange allowed disparate silos of health information be easily and securely searched and shared.

“Konekti completely understood the unique security needs of the medical technology industry.  Konekti’s consultants left us with an AWS environment that enabled us to expand our businesses to new regions.

CEO, Medical Technology Company

The Brief

Over the years, company’s AWS infrastructure had grown considerably with the rapid growth of the business. Created as part of the initial move to the cloud, company’s different environments (Production/Dev/Q&A) were all housed in a single AWS account and lacked adequate security features and controls. With the sensitivity of health care information in mind, company’s founders asked Konekti to create solutions to address their concerns in the areas of data isolation and protection and readiness for audit. Konekti’s solution based on our popular “AWS Multi-account Accelerator” resonated with the management team as it provided the following immediate improvements to their existing AWS environment: 

  •       Separate accounts as the primary means of data isolation
  •        Secure and centralized login and security controls for all accounts
  •        Airtight dedicated security account used for logging and security alerts  

The Solution

After assessing a variety of architectural approaches, Konekti designed–and successfully implemented a resilient multi-account architecture under the umbrella of AWS Organizations. In addition, the project included the following components:


  • ·       Creation of multiple AWS accounts including a master account and separate function specific accounts (Development/Q&A/Production)
  • ·       Implementation of AWS Organizations service complete with best-practice Service Control Policies (SCP)
  • ·       Use of dedicated security/audit accounts for centralized logging 
  • ·       Configuration of relevant AWS compliance and security tools—Security Hub, GuardDuty, Inspector, IAM Analyzer and Config—for all accounts
  • ·       Centralized Identity management using AWS SSO

The Delivery

The biggest challenge of such projects is to migrate to the new environment with minimal disruptions to the ongoing business activities. Konekti was able to achieve a hitless migration to the new account architecture by creating a thoroughly tested migration plan and careful consideration of application’s needs and architecture.

This project not only delivered a secure and resilient environment for company’s applications, but it also provided the secure foundations for a smooth transition to new market segments that required strict isolation of user data and proper security controls.

How can our migration expertise help you?