(929) 590-5818 [email protected]
en
en

AWS Security Audit for a Recruiting Platform

Client:
International technology recruiting platform
Industry:
HR-Tech / Recruiting
Focus:
Security audit of cloud infrastructure based on AWS
Main challenge:
Risk of data leakage from the AWS environment and GDPR compliance requirements
Market:
International
Services provided:
AWS cloud environment security assessment (White-Box)
Key Takeaways
  • Threat detection time reduced to 20 minutes.
  • Full compliance with GDPR requirements ensured.
  • 19 configuration vulnerabilities identified and eliminated.
  • Data of 100,000 platform users protected.
  • Risk of fines of up to €20 million eliminated.
    • 100,000
    users
    19
    vulnerabilities eliminated
    3
    weeks audit duration
    AWS Security Audit for a Recruiting Platform
    Mar 3, 2026
    15 min
    How can you get your AWS infrastructure security in order and minimize data leakage risks in 3 weeks? The answer is in this case study! An international recruiting company turned to Datami for an assessment of its cloud environment security. 19 vulnerabilities were identified, and fixing them eliminated the risk of system compromise.

    The client is an international HR-Tech company operating in the North American and European markets. It develops a programmatic recruiting platform that automates job posting, optimizes advertising campaigns, and provides B2B solutions.

    The platform processes sensitive data, has over 100,000 users, and provides access to more than 100 million candidates. Handling large data volumes under GDPR regulation makes cybersecurity critically important.

    Tasks and challenges
    A recruiting company approached Datami to conduct a scheduled security audit of its AWS cloud environment.
     
    Due to the absence of systematic monitoring, it became necessary to assess risks of personal data leakage affecting 100,000 users and ensure full compliance with international security standards.
    • Conduct a comprehensive security audit of resources in AWS (EC2, RDS, S3, Lambda).
    • Provide a detailed report with risk assessment and recommendations for their remediation.
    • Verify the platform’s cloud environment compliance with GDPR requirements.
    icon
    Infrastructure audit
    Verification of all resources in active regions for compliance with security standards
    icon
    Configuration assessment
    Identification of vulnerabilities in cloud settings to prevent unauthorized access.
    icon
    Optimization plan
    Development of a monitoring strategy and recommendations to prevent supply chain attacks.
    DATAMI METHODOLOGY FOR CLOUD ENVIRONMENT AUDITS

    Our approach

    For this project, we applied a White-Box Cloud Security Assessment format. The combined audit approach integrated in-depth manual checks with automated analysis using CloudTrail, AWS Security Hub, and ScoutSuite tools.

    Our specialists thoroughly examined configurations of EC2 servers, RDS, S3, IAM, Security Groups, and other resources across all active regions, assessing architecture resilience to compromise in accordance with the CIS AWS Foundations Benchmark standard.

    White-box

    White-Box

    A testing method with full access to the system’s internal configuration, enabling a detailed analysis of settings logic and access permissions.
    Key stages of work and solutions

    The Datami team established close communication with the client - critical vulnerabilities were reported immediately, enabling the customer to promptly remediate them even before the audit was completed.

    During the process, we reviewed the security monitoring system, audited resource efficiency, and corrected vulnerable configurations, including confirming the possibility of bypassing Security Groups due to excessive IAM permissions.

    • Preparation
      Collected configurations and logs, verified settings, and agreed on the scope
    • Security audit
      Performed automated and manual checks of the agreed services in the AWS environment
    • Analysis and report
      Prioritized risks, prepared a detailed report with a remediation plan and recommendations
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations

    Results and recommendations

    During the audit, the Datami team identified 19 vulnerabilities (2 critical, 3 high, 8 medium, and 6 low) and provided a detailed remediation plan. Critical vulnerabilities were fixed within 24 hours of detection.

    Key audit findings:

    • excessive access rights due to Wildcard (*) in IAM policies, which could lead to unauthorized access to EC2;
    • vulnerable firewall rules in Security Groups;
    • risk of a supply chain attack due to a contractor with security violations;
    • false AWS CloudWatch alerts that masked real suspicious activity.

    After implementing the recommendations, the infrastructure protection level of the technology platform was significantly improved:

    • excessive IAM permissions and incorrect access rules were eliminated;
    • the cloud infrastructure attack surface was reduced;
    • the average threat detection time was reduced to 20 minutes;
    • the risk of potential fines up to €20 million under GDPR was minimized.

    The client was advised to conduct regular security audits - on schedule or after implementing new functionality.

    Key project results

    The project was completed ahead of schedule - in 80% of the planned timeframe. Existing security processes were improved. The client was satisfied with the final report and did not require additional consultations regarding its content.

    In today’s technological world, confidence in security is the foundation for scaling a business without fear of regulatory fines and reputational losses. This case study demonstrated that even automated cloud infrastructure requires regular expert audits.

    Risk level
    Elevated
    Low
    Compliance
    Risk of violating GDPR requirements
    Compliance with security requirements increased
    Vulnerabilities
    Unevaluated
    19 eliminated (2 critical, 3 high, 8 medium, 6 low)
    IAM access
    Excessive permissions
    Permissions minimized, policies strengthened
    Network rules
    Vulnerable configuration
    Fixed, attack surface reduced
    Monitoring
    Insufficient
    Enhanced threat detection within 20 minutes
    Timeline
    3 weeks
    Completed in 80% of the timeframe
    More success stories with Datami
    Browse other project case studies
    Mobile App Security Outstaff Audit
    Mobile App Security Outstaff Audit
    • Identified dangerous configurations and data leaks
    • Strengthened security before product launch
    Services:
    Nov 20, 2025
    Security Policy Audit for a Fintech Company
    Security Policy Audit for a Fintech Company
    • Seven key cybersecurity policies were reviewed and assessed
    • Regulations aligned with ISO 27001, DORA, GDPR, and NBG
    Services:
    Security policy and compliance audit
    Nov 20, 2025
    Security Testing of the DonorUA Medical Platform
    Security Testing of the DonorUA Medical Platform
    • Provided a security recommendations report.
    • No critical security threats were confirmed.
    Services:
    Web application pentest (Black-box)
    Nov 18, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    What is an Advanced Persistent Threat (APT)? Oleksandr Filipov - Cybersecurity Author
    Oleksandr Filipov - Cybersecurity Author
    What is an Advanced Persistent Threat (APT)?

    Advanced Persistent Threats (APTs) are sophisticated cyberattacks in which an attacker remains unnoticed in the network for an extended period of time. What should you do to avoid becoming a victim of an APT attack?

    Dec 2, 2025 15 min
    Modern Phishing Campaigns Use PDF Files for Attacks Cybersecurity News from Datami
    Cybersecurity News from Datami
    Modern Phishing Campaigns Use PDF Files for Attacks

    Next-generation phishing campaigns disguise themselves as well-known brands and use artificial intelligence to mislead users. In 2025, companies face a wave of sophisticated attacks that are changing cybersecurity rules.

    Nov 24, 2025 3 min
    KillSec Ransomware Attacks Healthcare Cybersecurity News from Datami
    Cybersecurity News from Datami
    KillSec Ransomware Attacks Healthcare

    The hacker group KillSec has recently been actively attacking the IT systems of the healthcare sector in Latin America and other countries — the attackers have already stolen dozens of gigabytes and nearly 95,000 files.

    Nov 18, 2025
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy