February 29, 2016 | REAN Cloud
The biggest blocker to cloud adoption for the financial services industry is the concern for securing critical business applications. Furthermore, even if a company believes the cloud can be used securely, there are concerns in knowing how to move to the cloud. With the AWS Cloud and the AWS ecosystem of technology and consulting partners, organizations can leverage the many security technologies, services, and processes to create a secure, compliant environment to run many financial services applications.
Amazon Web Services supports a Shared Responsibility Model that clearly delineates the security responsibility between Amazon Web Services and the Customer. The AWS website for financial services provide specific examples of how companies such Capital One, FINRA, NASDAQ, and Federal Home Loan Bank of Chicago have leveraged AWS for secure workloads. For instance, Amazon controls the physical security of the data centers and supply chain for the server infrastructure to present a guest operating system to a Customer. Here is just a few of the AWS services that support creating a secure cloud solution:
- NETWORK – Virtual Private Cloud to create your own software-defined network, design your own IP address scheme and connectivity options to create VPN tunnels and private fiber connections.
- ACCESS – Identity Access Management for both people, through groups, users, and roles to give privileged access to your environment and machines through EC2 roles. Allows you to securely manage credentials for machines at scale, so they can access AWS resources without leaving credentials at rest on the server.
- FIREWALL AT A SERVER LEVEL – Security Groups control access to the virtual machines.
- FIREWALL AT A SUBNET LEVEL – Network Access Control lists within a VPC to control access to a group of servers within a subnet.
- ENCRYPTION – Store object files in Amazon S3 and filesystems on Elastic Block Store. Each of these support Amazon Server Side Encryption, and you can also use CloudHSM to manage your own customer keys or use a scalable key service Amazon Key Management Service to encrypt/decrypt data in transit and at rest, without having to manage your own hardware security module.
The features described above are only the beginning of securing workloads on AWS. The customer, potentially with the help of an AWS consulting partner, can architect additional security controls and compliance tools to tailor the workload to meet specific requirements.
Another aspect of security to address is having high resiliency or the ability to recover from a disaster or a cyber attack. The AWS cloud can be an essential part of your business continuity plan. With using infrastructure-as-code as your model to deploy your IT, you can replicate and recover from a disaster in a different AWS region in minutes, while dramatically reducing your recovery time objective and have shorter recovery point objectives.
At REAN Cloud, we work hand-in-hand with all of our clients to develop and build secure cloud workloads, both during the migration process and throughout our relationship. Says Ben Hill, CTO of Ditech, “Their cloud architects construct best-in-class infrastructure and security designs, and can align them to industry standard compliance frameworks.”
This can also be seen in our relationship with a leading mortgage lender, where we worked closely with AWS to architect and build a Loan Information Platform. In it, we created an end-to-end solution that included built-in security features offered by AWS (e.g. EBS and S3 encryption), as well as third party solutions to meet the stringent security needs of the customer’s business partners.
For more information on how you can architect a secure workload on AWS, please contact REAN Cloud or visit our financial services page to see how we have helped other financial services firms move workloads on to the cloud securely.