Bauer Media – Secure AWS Cloud Migration and Transformation

Case Study

SHARE

Background

Bauer Media Group is a global media giant with over 600 magazines, 400+ digital products, and 50 radio and TV stations,

They sought a secure and scalable AWS environment to migrate over 200 applications from their on-premise data centres in the UK, Germany, and Poland.

This case study highlights Epitechnic’s approach to enhancing their AWS Landing Zone, implementing secure networking solutions, and establishing a unified operational model for Bauer Media’s decentralised teams.

Bauer Media Group logo

bauermedia.co.uk

Problem Statement

Bauer Media needed to migrate a large portfolio of applications to AWS while maintaining strict security, compliance, and performance standards. They required:

  • Centralised firewall management across multiple regions
  • Seamless network connectivity between data centres and AWS environments
  • Secure egress and ingress traffic control for multi-region applications
  • A unified operational framework for disperate IT teams

Proposed solution and architecture

Epitechnic implemented the following technical solutions:

  1. Centralised Networking Architecture:
    • AWS Transit Gateway was utilised to connect multiple Spoke VPCs, centralising network communication across Bauer’s environments in London and Frankfurt.
    • Inspection VPC housed AWS Network Firewall to enforce security policies for inbound and outbound traffic.
  2. High Availability and Resiliency:
    • Direct Connect and VPN failover ensured reliable connectivity between on-premise data centres and AWS regions.
    • The use of redundant subnets (AZ1 and AZ2) across critical VPCs (Ingress, Egress, and Inspection) provided failover support.
  3. Traffic Routing:
    • Spoke VPCs for application workloads routed traffic through the Inspection VPC to the Transit Gateway, ensuring all traffic passed through centralised firewalls.
    • NAT Gateways in the Egress VPC handled outbound traffic, while the Ingress VPC managed secure inbound traffic through Application Load Balancers (ALBs).
  4. Security Enforcement:
    • AWS Network Firewall policies were configured for domain filtering, intrusion detection, and deep packet inspection.
    • Segmented network systems (Spoke VPCs) isolated workloads to prevent lateral movement in case of a breach.
  5. Automation and Compliance:
    • Infrastructure as Code (IaC) was used to deploy networking components, ensuring consistent configuration and compliance with security regulations.

Outcomes and success metrics

  1. Successful Application Migration: Over 200 applications migrated securely to AWS without major incidents.
  2. Enhanced Security:
    • Centralised firewall management reduced security risks.
    • 24/7 monitoring and automated alerts ensured quick identification and resolution of threats.
  3. Improved Network Performance: Direct Connect and optimised routing improved latency and reliability across multi-region applications.
  4. Unified Operational Framework: The Cloud Centre of Excellence (CCoE) standardised practices across Bauer’s decentralised teams.
  5. Cost Optimisation:
    • Total Cost of Ownership (TCO) analysis validated centralised network firewall architecture as more cost-efficient.
    • Reduced the number of firewall instances and optimised resource allocation.

Lessons learned

  1. Centralising firewall management simplifies operations and ensures consistent security enforcement.
  2. Early engagement with Bauer’s network and security teams accelerated implementation and reduced delays.
  3. Adopting Infrastructure as Code enhanced scalability and disaster recovery preparedness.

More case studies