Voyant Grows Data Security and Customer Satisfaction with Advanced AWS services

Profile

Founded in 2006, Voyant develops easy-to-use software solutions that demystify the financial planning process for professionals and consumers alike. Today, more than 2000 financial and human capital management firms around the world, including Lloyds Bank, Aon Hewitt, AXA, St. James Place Wealth Management, Bellpenny and more, use Voyant to differentiate their financial planning services. Providing a SaaS financial planning service, Voyant helps financial service enterprises as well as their clients. Its full enterprise platform for financial advisers allows them to conduct visual and dynamic cash flow planning collaboratively between themselves, their colleagues, and their clients.

Challenge

While Voyant was an AWS customer, it was launching a new service called AdviserGo that was just the opportunity it sought to re-platform and take advantage of new AWS tools and advanced feature sets. Voyant requirements for its new AdviserGo service were that it needed to keep customer data safe and be in compliance with its customers’ internal security policies, while providing consistent, always-available customer experience.

Lauded for its attention to detail (from its products to customer service,) Voyant boasts industry leading levels of customer satisfaction. As a result, it was imperative that AdviserGo was both secure and provided the highest levels of customer experience for which the company is known. The Voyant team called in AWS Premier Consulting Partner, Flux7, to help it assess and architect the best solution that would address these challenges.

Solution

Voyant sought to architect a foundation for the new service that supported the high bar it set for itself with regard to security and compliance–including patch management, audit trail logging, and alerting on suspicious activity. As a result of these requirements, Flux7 consultants recommended several advanced AWS solutions.

Auditing
AWS CloudTrail and AWS Config were deployed to create an audit trail, and alerts on the audit trail. Specifically, the solution used AWS CloudTrail to automatically log actions made within Voyant’s AWS account. These actions included which user and/or account called AWS, from which IP address the calls were made, and when they were made. Even key access is captured by the Voyant CloudTrail solution, delivering this information to logs stored in AWS S3 buckets.

In addition, advanced auditing was achieved with AWS Config which audited for system changes, alerting the team to changes made to an individual component over time. AWS Config system monitoring ensures that any configuration change from a known, good state is flagged and either approved or returned to its previous, compliant state. Together with AWS CloudTrail, Voyant can flag events that possibly contributed to a configuration change as well as who made the change, at what time and from where.

Patch Management
The Flux7 and Voyant teams used Amazon EC2 Systems Manager Patch Manager for server patch management. This patch manager is architected to automate the process of patching instances for the Voyant solution, scanning for missing patches and/or instances that need updating. Voyant can choose which patches it wants to install and can then automatically install any or all missing patches. As Voyant can automate the application of patches — with rules for auto-approving patches, as well as a list of pre-approved patches — systems are patched regularly and on an as-needed basis as well. To automate the process, the teams used AWS Inspector to trigger alerts on common vulnerabilities and exposures (CVE). These alerts in turn triggered a Lambda function and used the EC2 run command to update the element. This solution actively meets a key requirement that Voyant be in compliance with its customers’ internal security policy of consistent patch management.

Alerting
Alerting on suspicious activity was achieved by sending CloudTrail logs to CloudWatch logs; in CloudWatch logs, the Flux7 and Voyant teams created alerts for dangerous events. In addition, the teams raised the bar yet again with another sophisticated solution. They enabled Amazon provided rules — predefined, customizable best practice configurations — in AWS Config rules and created a pipeline for deploying custom AWS Config Rules using AWS Lambda. The alerts from both CloudWatch and AWS Config rules were forwarded to an SNS topic that was integrated with Slack and monitored by Voyant administrators.

During the course of the engagement, Flux7 consultants mentored the Voyant team on the new AWS services and features, ensuring that they were able to effectively manage and extend the replatformed solution. With extensive knowledge transfer, Flux7’s Engage service provides hands on coaching, helping improve success rates with new technology and processes to ensure ongoing success.

According to Skip Walker, CTO at Voyant, “One of the best parts of working with Flux7 is the ease of addressing issues and creatively addressing the high standards we’ve set through advanced technologies. We appreciate that Flux7 takes the time to give you a nice inside view of what’s happening and why. We look forward to continue working with the Flux7 team.”

Benefits

With the help of the AWS experts at Flux7, the Voyant team was able to use the introduction of its new service as an opportunity to replatform. They did so with zero downtime during the infrastructure switch and no degradation of service, which translated into a continued positive customer experience. Importantly, Voyant successfully scripted an approach to its OS and application server upgrade and patching that met its customer’s internal security requirements. The firm was also able to take advantage of new AWS services like AWS Config to build sophisticated auditing and alerting systems, helping ensure that its systems remain in a known, good state. And, in the process over delivering on its commitment to data security and customer excellence.

Business Needs

  • Replatform to take advantage of new AWS services
  • Enhance and extend security
  • Increase customer satisfaction

Solution

  • AWS CloudTrail and AWS Config for auditing
  • Amazon EC2 Systems Manager Patch Manager
  • AWS CloudWatch and AWS Config for alerting