10 June, 2025
Spotlight Retail Group, one of Australia’s most recognisable retail chains, operates a vast network of retail stores across Australia, New Zealand, and parts of Asia. With brands including Spotlight, Anaconda, and Harris Scarfe, the group manages an extensive e-commerce presence alongside its brick-and-mortar operations. Managing such a diverse and expansive environment requires a robust and secure cloud infrastructure, making AWS a critical component of their IT strategy.
The organisation faced difficulties in maintaining a consistent security posture across its AWS environment. With numerous accounts and regions, there was a lack of centralised visibility into resource configurations, making it challenging to ensure compliance with internal security policies and other regulations. The absence of a unified view hindered the ability to promptly detect and remediate misconfigurations, increasing the risk of security vulnerabilities. As a result, the team found it difficult to detect and remediate misconfigurations promptly.
To address these challenges, we implemented AWS Config across all AWS accounts within Spotlight Retail Group’s environment, providing a scalable solution for monitoring and managing resource configurations. Our approach leveraged AWS CloudFormation for the deployment and management of AWS Config rules, ensuring consistency and repeatability. By defining these rules as infrastructure-as-code (IaC), any changes could be systematically tracked and updated, maintaining version control and reducing the risk of misconfigurations.
We established a set of AWS Config rules tailored to Spotlight’s security and compliance requirements, covering key areas such as encryption, access control, network security, and logging. These rules were designed to automatically evaluate resource configurations against desired baselines, enabling continuous monitoring of compliance.
Additionally, we configured AWS Config Aggregators, centralising the collection of compliance data across all accounts into a single management account. This setup was further enhanced by integrating AWS Security Hub, allowing the consolidated compliance results to be visualized in a unified dashboard. Security Hub provided a streamlined view of all non-compliant resources and security findings, enabling the security team to quickly identify and prioritise remediation actions.
The implementation of AWS Config provided Spotlight Retail Group with a unified view of its AWS resources across all accounts and regions. This centralized visibility allowed the security team to efficiently monitor and manage compliance, ensuring adherence to internal policies and external regulations.
The deployment of AWS Config rules via CloudFormation delivered consistent and repeatable configurations, reducing manual errors and simplifying the management of security baselines. As a result, Spotlight achieved continuous compliance monitoring, with any deviation from approved configurations automatically flagged for review.
By aggregating AWS Config results into a central Security Hub dashboard, the team gained actionable insights into their security posture. This approach not only enhanced visibility but also enabled proactive identification and remediation of security issues, significantly strengthening the group’s overall security posture.
Implementing AWS Config provided the organisation with the tools necessary to maintain a robust security posture across its complex AWS environment. The centralised visibility and continuous compliance monitoring facilitated by AWS Config not only enhanced security but also improved operational efficiency, positioning the organisation to better manage its cloud infrastructure proactively.
By implementing AWS Config including its integration into AWS Security Hub, Spotlight Retail Group has been able to level up its approach to cloud security. The solution provided real-time visibility, continuous compliance monitoring, and proactive security management, ensuring that their AWS environment remains secure and well-governed. This implementation has allowed Spotlight to operate and scale its cloud infrastructure without compromising on security.
If you would like to speak to someone about similar challenges in your team or organisation, reach out below to schedule a time.