Solution Accelerator

Six Sense Mobility Builds a Secure Multi-Account AWS Foundation for Connected Vehicle Platforms

Customer Overview

Customer: Six Sense Mobility

Industry: Automotive Technology / Connected Mobility

Website: https://www.sixsensemobility.com

Six Sense Mobility develops connected vehicle and telematics solutions that enable organizations to collect, process, and analyze real-time fleet and vehicle data. As the platform expanded, the organization required a secure cloud foundation capable of supporting high-volume telemetry workloads while maintaining strong governance, auditability, and security controls.

Business Challenge

As a rapidly growing connected mobility platform, Six Sense Mobility needed to establish a secure AWS environment capable of supporting continuous telemetry ingestion from distributed vehicle fleets

Key Objectives

  • Building a secure multi-account AWS foundation from the outset.

 

  • Segregating production, security, and logging workloads to improve governance.

 

  • Protecting application credentials and sensitive system configurations.

 

  • Establishing centralized logging and audit capabilities across the environment.

 

  • Supporting scalable ingestion and processing of real-time telemetry data.

 

  • To address these requirements, Six Sense Mobility partnered with DevSecCops.ai to design and implement a security-first AWS landing zone aligned with AWS best practices.

Solution Overview

DevSecCops.ai designed and deployed a multi-account AWS environment using Infrastructure as Code (IaC) with Terraform, enabling standardized security controls and repeatable deployments across the organization.

Solution Components

  • Amazon API Gateway for secure ingestion of telemetry data.

 

  • AWS WAF to help protect public-facing APIs from common web threats.

 

  • Amazon Kinesis for scalable real-time data streaming and processing.

 

  • AWS Lambda for serverless telemetry processing workflows.

 

  • Amazon DynamoDB for highly available storage of telemetry data.

 

  • AWS Organizations for centralized governance and account management.

 

  • AWS CloudTrail and Amazon CloudWatch for logging, monitoring, and operational visibility.

 

The architecture was designed to isolate critical workloads and reduce direct exposure of backend systems to the public internet

Security Enhancements Implemented

Multi-Account Governance Framework

DevSecCops.ai implemented a multi-account landing zone using AWS Organizations. Dedicated Organizational Units (OUs) were established to separate production workloads, security services, and centralized logging functions.

Service Control Policies (SCPs) were applied to enforce governance standards and help prevent unauthorized modification of foundational security controls.

Centralized Secrets and Encryption Management

Application credentials, telemetry ingestion secrets, and service configuration parameters were secured using AWS Secrets Manager and AWS Key Management Service (AWS KMS).

Customer Managed Keys (CMKs) were used to control encryption and access to sensitive information, while application workloads were granted access through tightly scoped IAM roles following least-privilege principles.

Monitoring, Logging, and Operational Visibility

Custom Amazon CloudWatch dashboards were developed to provide visibility into telemetry processing performance, ingestion latency, and platform health.

Automated alarms were configured to identify operational anomalies and authentication-related events, enabling engineering teams to respond quickly to potential issues.

Going Beyond AWS Best Practices

To further strengthen network security, Six Sense Mobility implemented AWS Network Firewall to inspect and control outbound traffic flows.

This approach enabled the organization to restrict outbound communications to approved external destinations, improving visibility and reducing risk across the environment.

AWS Services Used

  • AWS Organizations

 

  • AWS Identity and Access Management (IAM)

 

  • AWS Secrets Manager

 

  • AWS Key Management Service (AWS KMS)

 

  • AWS WAF

 

  • Amazon API Gateway

 

  • Amazon Kinesis

 

  • AWS Lambda

 

  • Amazon DynamoDB

 

  • Amazon CloudWatch

 

  • AWS CloudTrail

 

  • AWS Network Firewall

Business Outcomes

Following implementation, Six Sense Mobility established a secure and scalable AWS foundation designed to support future growth and operational maturity

Key Outcomes

  • Deployment of a multi-account AWS landing zone with centralized governance controls.

 

  • Separation of production, security, and logging workloads through AWS Organizations.

 

  • Centralized management and protection of application secrets and encryption keys.

 

  • Improved operational visibility through consolidated monitoring and audit logging.

 

  • Enhanced audit readiness through organization-wide logging and activity tracking.

 

  • A scalable architecture capable of supporting continuous telemetry ingestion and processing.

Conclusion

By implementing a multi-account AWS landing zone and integrating security controls throughout the platform, Six Sense Mobility established a strong foundation for secure growth. The solution improved governance, auditability, and operational visibility while providing the scalability required for real-time connected vehicle and telematics workloads.

Sixsense architecture diagram