Case Studies / PE Energy

Securing Mission-Critical ERP Architectures for PE Energy

Client

PE Energy

Industry

Oil and Gas

Location

Port Harcourt, Nigeria

Securing Mission-Critical ERP Architectures for PE Energy
AWS Config AWS WAF AWS IAM AWS CloudTrail Amazon CloudWatch AWS Key Management Service
Cecure Intelligence Limited (CIL) migrated PE Energy's critical Sage X3 ERP server from vulnerable infrastructure to a highly secure, CIL-managed AWS cloud environment. By applying a strict defense-in-depth framework, CIL protected PE Energy's vital financial, supply chain, and SQL database repositories from external cyber threats while ensuring high availability and data privacy

The Challenge

PE Energy relies heavily on its Sage X3 architecture for high-value operations, but the legacy infrastructure suffered from major security gaps. The network lacked an edge defense system, which left backend nodes completely exposed to Distributed Denial of Service (DDoS) attacks, cross-site scripting, and unauthorized database scanning. Furthermore, the IT team lacked automated software updates or configuration tracking, leaving their Windows Server fleet highly vulnerable to unmapped changes, compliance failures, and software defects.

The Solution

1. Micro-Segmented Network & Edge Defense: CIL implemented a multi-AZ Virtual Private Cloud (Sage-x3-vpc) utilising nine subnets to isolate critical resources. AWS Config was enabled for governance, while AWS WAF provides Layer 7 edge defense. Network security is enforced through restrictive Security Groups that isolate backend databases from unvetted external traffic. Additionally, horizontal NAT Gateways allow private nodes to securely retrieve updates without direct internet exposure.

2. Secured Application Delivery and Access Control: CIL eliminated direct internet access to the load balancing tier by deploying an Application Load Balancer (ALB) in a segmented subnet for backend calls. Amazon CloudFront was integrated as the exclusive gateway to mask the ALB endpoint, restrict traffic to specific IP arrays, and absorb volumetric spikes. Additionally, AWS IAM was implemented to enforce strict role-based access and least-privilege permissions across all services.

3. Automated Patching, Monitoring & Incident Remediation: To eliminate manual update burdens and visibility gaps, CIL utilised AWS Systems Manager for automated security patching of Windows Servers. Standard RDP/SSH internet access was replaced with encrypted SSM Session Manager terminals, with all activity logged by AWS CloudTrail for auditing. VPC Flow Logs and Amazon CloudWatch monitor real-time infrastructure behaviours, while AWS Security Hub triggers AWS Lambda to automatically remediate unauthorised configuration drifts.

Exceeding AWS Best Practices

1. Enhanced Cryptographic Protection through AWS KMS: CIL replaced simple script models with a rigorous AWS Backup strategy. Daily storage backups of the EBS volumes containing Sage X3 data are encrypted with unique AWS Key Management Service (KMS) keys and secured within an isolated, policy-restricted backup vault to ensure comprehensive ransomware protection.

2. Proactive Zero-Day Scanning: CIL implemented Amazon Inspector to execute continuous, automated software inventory assessments and host-level vulnerability scans. This integration proactively maps security deviations and minimizes the remediation window for newly discovered software vulnerabilities from days to minutes

The Result

1. 95% Elimination of Public-Facing Attack Vectors: Placing critical Sage X3 ERP nodes within private subnets and routing traffic exclusively through CloudFront edge shielding completely removed direct public internet exposure.

2. 95% Reduction in Security Incident Detection and Triage Time: Unified monitoring via AWS Security Hub and CloudWatch compressed the timeline to identify and isolate configuration drifts from hours down to under 5 minutes.

3. 92% Reduction in Vulnerability Remediation Window: Shifting from manual update cycles to automated AWS Systems Manager patch pipelines accelerated the Mean Time to Remediate (MTTR) critical software defects from 14 days down to under 24 hours.

4. 100% Attainment of Disaster Recovery Objectives: Automated cryptographic storage snapshots successfully guaranteed a strict <4-hour Recovery Time Objective (RTO), completely safeguarding business continuity during potential data failures.

Meet a few of our clients

Cecure Intelligence Limited is trusted by the most innovative and tech-forward companies who focus on customer experience without compromising on business goals.

Vodafone
Vodafone Group
Outscope IT
Outscope IT
GBG PLC
GBG PLC
Bank of Ireland
Bank of Ireland
Vantage Towers
Vantage Towers
Jously
Jously
Leika Microsystems
Leika Microsystems

Want similar results for your business?

Our team is ready to help you achieve your goals. Let's discuss how we can transform your operations.

View More Case Studies

Contact Us

Message Sent!

Thank you for reaching out. We have received your message and will get back to you shortly.

Check your email for a confirmation from us.

Start a project

Project Request Submitted!

Thank you for your interest. Our team will review your project details and reach out to you soon.

Check your email for a confirmation from us.