Indonesian Health & Beauty Group Secures Cloud with IAM and Ransomware Protection

About the Customer

An Indonesian health & beauty group partnered with ICS Compute to strengthen cloud security by centralizing IAM and deploying automated ransomware protection. Using IAM Identity Center, GuardDuty, Lambda, and CrowdStrike Falcon, they cut response time by 30% and secured both S3 and EC2.

Customer Challenge

The customer stored large volumes of critical data on Amazon S3 and operated business

applications on Amazon EC2. However, they faced increasing exposure to ransomware attacks and IAM challenges, which posed significant risks such as:

1. Manual detection of threats leading to slow response times (hours or even days).
   

2. Limited native protection for S3 objects and EC2 workloads, insufficient against

   advanced ransomware threats.
   

3. Lack of centralized identity and role management across multiple accounts, leading to over-privileged access and potential compliance gaps.
   

4. Potential for operational disruption and data loss, which could impact customer trust and regulatory compliance.

Partner Solution

PT Innovation Cloud Services (ICS Compute) deployed a ransomware protection and identity modernization strategy leveraging AWS-native services and best-of-breed third-party security tooling:

1. Amazon GuardDuty Malware Protection + AWS Lambda for S3
   

   • GuardDuty continuously scans objects stored in Amazon S3 for ransomware and malware indicators.
     

   • When a threat is detected, Amazon EventBridge triggers AWS Lambda to automatically move infected files to a quarantined “clean” bucket, reducing manual intervention.
     

2. CrowdStrike Falcon Complete for EC2
   

   • Provides 24/7 monitoring of EC2 workloads.
     

   • Detects ransomware behaviors such as mass file encryption or unusual access patterns.
     

   • Applies preventive policy rules to block attacks before data is compromised.
     

3. AWS IAM Identity Center (SSO)
   

   • Centralized identity and access management for both employees and external vendors.
     

   • Role-based permission sets aligned to least-privilege principles.
     

   • Automated provisioning and de-provisioning enabled just-in-time access, eliminating standing accounts and reducing risk exposure.
     

4. Automation & Orchestration
   

   • AWS Lambda and EventBridge deliver real-time response workflows.
     

   • Ensures threats are isolated immediately, minimizing downtime and risk of lateral spread.
     

Results and Benefits

The solution significantly enhanced the customer’s security posture, delivering both operational and quantitative benefits:

1. Automated ransomware detection and response across both S3 and EC2.
   

2. 30% reduction in administrative effort and incident response time, freeing IT staff to focus on higher-value activities.
   

3. Real-time alerts and remediation compared to prior manual processes.
   

4. Stronger 24/7 protection against ransomware with proactive isolation and safe recovery options.
   

5. Centralized identity management with least-privilege access, improving compliance

   readiness.
   

6. Improved confidence in cloud security, supporting the customer’s continued digital innovation.

About the Partner

PT. Innovation Cloud Services (ICS Compute) is Indonesia’s first AWS Advanced Consulting Partner, specializing in secure cloud adoption, modernization, and managed services.

Recognized with AWS Competencies in Migration & Modernization, DevOps, Resilience, and Generative AI, ICS Compute helps enterprises transform operations with scalable, secure, and compliant AWS solutions.