UK Online Pharmacy Healthcare / Online Pharmacy / E-Commerce

Eliminating SPOFs + Cyber Essentials Certification | Case Study | Logicata

Logicata removed single points of failure across a UK online pharmacy's AWS estate, enabling Cyber Essentials certification and commercial readiness.

Cyber Essentials Certification
SPOFs eliminated Resilience

Executive Summary

A regulated UK online pharmacy had stalled on Cyber Essentials certification because kernel-level patches could not be applied. Rebooting the cache server took the site offline. Rebooting the NFS server lost shared data. A previous patching exercise had cleared the easy 75% of critical CVEs, but the remaining hardening required eliminating two single points of failure first. Logicata migrated NFS storage to Amazon EFS, added cache server redundancy behind an ALB, and enrolled all servers into AWS Systems Manager Patch Manager for automated monthly patching. Cyber Essentials was unblocked.

Customer Overview

Sector: Healthcare / Online Pharmacy / E-Commerce

Location: United Kingdom

The customer operates a regulated e-commerce platform serving consumers across the UK. The platform handles sensitive personal data including identity documents and medical information, so both security compliance and operational resilience are non-negotiable. Cyber Essentials certification is the kind of evidence customers, regulators, and partners increasingly expect to see.

The Challenge

A previous patching exercise had cleared around 75% of the critical CVEs. The remaining 25% lived in kernel-level patches, and those could not be applied because rebooting key servers caused immediate downtime:

  • Single NFS server. A single EC2 instance carried a significant volume of shared application data. No redundancy. Rebooting it took the site down.
  • Single cache server. Could not be rebooted without taking the entire site offline.
  • No patching schedule. The customer had failed Cyber Essentials because there was no demonstrable, ongoing patch management process.
  • Accumulating CVEs. New vulnerabilities kept arriving with no mechanism to apply fixes safely.

The certification gap was not about willingness, it was about the architecture making safe patching impossible.

The Solution

Logicata delivered three pragmatic hardening workstreams.

1. NFS to Amazon EFS migration

Migrated a large volume of shared storage from a single EC2-based NFS server to Amazon EFS (multi-AZ managed service). Cron-based rsync kept EFS synchronised during the migration window. Production cutover completed in under 30 minutes during an early-morning maintenance slot. The NFS server can now be decommissioned. No server to patch, no single point of failure.

2. Cache server redundancy

Built a second cache server via Ansible. Stripped unnecessary packages to reduce attack surface. Both servers now sit behind an Application Load Balancer with health-check-based routing. Patching is now possible because there is always at least one available.

3. Automated patching

Enrolled servers into AWS Systems Manager Patch Manager on a monthly automated cycle. Cache servers are patched on staggered two-week schedules so the ALB always has a healthy target while one is rebooting. Maintenance windows are explicit. The patching cadence is now demonstrable evidence for Cyber Essentials, not aspirational.

Results

  • NFS single point of failure eliminated. Shared data migrated to Amazon EFS with zero data loss.
  • Cache server SPoF eliminated. Two servers behind an ALB with health-check failover.
  • All servers enrolled in automated monthly patching via Systems Manager.
  • Cyber Essentials certification unblocked. A demonstrable, ongoing patching cadence is now in place.
  • Attack surface reduced. Unnecessary packages removed from cache servers.
  • Kernel patches now applicable. Servers can be rebooted without service interruption.
  • Under 30 minutes production cutover during an early-morning maintenance window.

AWS Services Used

  • Amazon EFS
  • Elastic Load Balancing (ALB)
  • AWS Systems Manager (Patch Manager, Maintenance Windows)
  • Amazon EC2
  • Amazon VPC (Security Groups)
  • Amazon CloudWatch

About Logicata

Logicata is an AWS Advanced Partner holding the AWS Cloud Operations Management Competency, validated through an independent third-party audit. Logicata helps organisations build and operate secure, well-governed cloud platforms on AWS, enabling customers to reduce operational risk, meet assurance expectations, and scale with confidence.

See how we can help your business

Every engagement starts with understanding where you are today. Book a free AWS consultation.

Book a free AWS consultation
Up to 80% Infrastructure costs cut
300% Traffic spike handled
4.9/5 Client CSAT
24/7 UK & US support
AWS Advanced Partner. View our credentials BSI ISO 27001 Certified PCI DSS Compliant BCS Services Company of the Year Finalist 2023 UK Business Tech Awards Finalist 2023

Trusted by

Virgin Experience DaysStream (formerly Wagestream)CharangaChemist 4 UAtriumMohidThe eArIPOSGVectorTracxTMSWild DogLinxSideLightPupil TrackingVitaccessLucky Day CompetitionsFlorida RealtorsFHCNEMSQBenchVirgin Experience DaysStream (formerly Wagestream)CharangaChemist 4 UAtriumMohidThe eArIPOSGVectorTracxTMSWild DogLinxSideLightPupil TrackingVitaccessLucky Day CompetitionsFlorida RealtorsFHCNEMSQBench