AWS Case Study: Balancing Robustness & Security in Financial Services

By Flux7 Labs
April 12, 2017

Companies call Flux7 with a variety of business needs and balancing agility and security is chief among them. This is really no surprise as we often work with organizations that must simultaneously meet regulatory and risk management goals while successfully launching new services to market. Today’s story of a digital financial services provider whose clientele consists of many of the largest U.S. banks is a prime example.

The company had embarked upon a new product with a large revenue opportunity. With demand growing quickly and the service evolving rapidly, the company needed to make sure that the new product was highly available, while ensuring data security.  

Already working in AWS, the firm called the AWS experts here at Flux7, to help expand upon its infrastructure to address its product challenges. Specifically, the product is being offered in the form of panels to this firm’s customers, with a small number of standard panels that its customers can choose from. Panels are delivered either as files in S3 buckets or as a RedShift cluster account for them to be able to query the data using Tableau on their desktop.

With growing demand, it was important that the system supporting the panels had high availability and a failover plan in order to consistently deliver panels promised on-demand. To answer these concerns, Flux7 consultants recommended a series of changes to how the company operated. The two teams:

  1. Created a disaster recovery plan with the use of multiple Availability Zones (AZ) to ensure that the service could still be accessible and available should a downtime event occur.  

  2. Introduced Infrastructure as Code to the environment with automation driven by a trio of technologies: CloudFormation, the AWS CLI, and Jenkins.

  3. Took automation to the next level by setting up ‘easy buttons’ for starting and stopping environments, giving the team greater control and agility. And, it established AWS Lambda for S3 Polling, allowing batch and real-time enrichment to behave similarly for the financial services organization.  

  4. Implemented autoscaling lifecycle events for autoscaling groups, which allowed the firm to create hooks for additional robustness in the system.

Servicing financial institutions, this organization already had a diligent security team who was creating AWS policies to ensure its systems met regulatory standards and the strict security policies of its customers. To increase security further, Flux7 instituted several changes that immediately tightened security controls at this firm:

  • Strengthened this firm’s passwords, instituted multifactor authentication, and restricted access by IP.
  • Built a secure VPC-based environment as code, with servers accessed via a Bastion.
  • Separated production to a new AWS account, reducing accidental exposure to production data — and the potential to inadvertently delete it.
  • Reduced IAM permissions.

These changes helped ensure that this financial services company could meet its security goals of having no personally identifiable information visible to any of its customers, that no customer could infer information about other customers, and that the company’s data was safe from modification or being stolen.

In the end, this group was able to achieve its goals by implementing infrastructure as code, tightening several security standards, and implementing a DR plan. The company’s new product is now highly available, scalable, and developers are able to easily add new features and functionality, growing the product to meet customer demand. Simultaneously, the security team is confident that the company’s IP is safe and the CFO is greatly satisfied at the cost optimization achieved.

For additional details on the solution architecture to balance security and solution robustness, you can read the full case study here. Interested in boosting your website performance, security and elasticity with AWS? Read more AWS case studies here or subscribe to our blog for ongoing tips, use cases, and analysis.

Find out more about how we help balance security and speed to market.