Traditional IT is being put under increasing pressure by the business to do more with less, simultaneously driving innovation, growing customer satisfaction, and maintaining system security and compliance—all while increasing scalability, reliability, and uptime. In no other business are these pressures being felt more than in financial services where customer expectations for availability and the security of their data remain extremely high. Recently, a large privately-held regional bank reached out to our cloud migration consultants to ask for help with their cloud adoption. Specifically, they sought help creating a secure cloud foundation for a new customer-facing application.
A central part of the bank’s consumer and commercial digital banking initiative, the new application was designed to take advantage of cloud computing strengths to provide a highly available digital banking experience to customers. However, to meet compliance and security objectives, the new app needed to be quickly deployed to a solid AWS cloud foundation that incorporated operations best practices. In addition, the foundation needed to help the bank meet its security requirements.
Landing Zones AWS
A key goal of the project was to create a solution that would stand the test of time, meeting the bank’s short and long-term cloud needs. Already operating in the cloud, the firm realized it needed a secure cloud foundation that would allow it to achieve three key goals:
- Meet security and compliance objectives
- Effectively start greenfield projects in the cloud and
- Efficiently migrate existing applications to AWS
To meet these objectives, the AWS consulting services team recommended the use of a landing zone.
Our approach was to design a landing zone with a collection of application-agnostic components that provide a secure, manageable foundation for landing applications in AWS. The concept of a landing zone is critical for creating a secure and manageable environment in which applications will operate. For additional reading on How to Get Started with AWS and landing zones, download our paper today.
As part of the solution, we delivered:
- Built-in security based on AWS architecture best practices, including an account factory that will allow the bank’s team to create multiple AWS accounts for the highest level of resource and security isolation. In addition to account provisioning and hardening, the landing zone features a Center for Internet Security (CIS) rules dashboard and configurations, helping the team to implement security configuration best practices as recommended by CIS for hardening AWS accounts along with continuous monitoring capabilities for these security configurations. With security built into the foundational landing zone solution, the bank now has consistent, repeatable security that provides system confidence.
- Customization to fit the customer’s unique environment. The solution also offers flexibility for continuous iteration and documentation of the platform through code, thereby providing consistent management. Specifically, the solution provides the financial services provider with Transit VPC which allows it to connect multiple and geographically dispersed Virtual Private Cloud (VPC)s and remote networks. VPCs themselves are created with a VPC factory that automates the creation and launch of VPCs into a virtual network. And, an AMI factory allows the firm to create, verify and distribute Golden Amazon Machine Image (AMI)s that provide standardized machine images to business groups that meet the bank’s specific security and compliance requirements.
- Customer technical training for each component of the landing zone solution architecture to ensure that the bank’s team can effectively operate and extend the architecture moving forward. The bank created a team with representatives from across each department. We then trained this team with hands-on knowledge of cloud tools that enabled the customer to train others within the organization, thereby establishing a train-the-trainer program that enables DevOps culture to effectively spread throughout the bank.
The new landing zone provides this regional banking leader with an enterprise-grade foundation for its new customer-facing application. With CIS dashboards and CIS hardened AMIs, the solution enables the customer to focus its efforts on accelerating the delivery of new digital banking applications while ensuring security is built-in from the beginning.
Just as importantly, multiple teams at the customer site are working seamlessly together, having begun the process of embedding a culture of DevOps across functions within the organization. Automation of technology and the flow of ideas across the company for enhanced productivity and business outcomes has just begun.
Post Date: 02/08/2019