FS Investments: Implementing a Robust AWS Security and Network Protection Solution
Financial ServicesBusiness Impacts
50% reduction in the account creation time
Achieved compartmentalized migration of development environments
13 production accounts with live workloads and zero downtime for development environments migration
Preventive measures to mitigate threat actors in future
Customer Key Facts
- Country : United States
- Industry : Financial Services
Problem Context
FS Investments is a leading asset management company that transforms their customer’s investment portfolios by bringing access to alternative sources of income and growth. They have been on AWS for several years, however, to streamline the process of account creation as well as optimize their networking architecture to support a multi-environment multi-account approach, they felt the need to move to a futureproof solution. There was an opportunity to leverage industry best practices for guardrails and cloud administration. Additionally, setting up networking and security resources for new accounts resulted in manual overheads. Thus, the client sought assistance with the migration of AWS Control Tower within its AWS environment along with advisory guidance on adherence to best practices in managing an optimized AWS environment.
Challenges
- Increased risk of compliance and security breach due to recent issues with environmental security
- Manual overheads due to setting up networking and security resources for new customers
- Security risk in data accessibility as all workloads connected to main network architecture
Technologies Used
AWS Organizations
AWS Control Tower
Amazon GuardDuty
AWS CloudFormation
Amazon CloudWatch
AWS CloudTrail
AWS Config
AWS Security Hub
Amazon Virtual Private Cloud
AWS IAM Identity Center
AWS Directory Service
AWS Transit Gateway
Amazon Route 53
AWS Lambda
Amazon SNS
Platform modernization to enable infrastructure security and environment re-distribution based on workloads
Solution
Quantiphi setup a Control Tower enabled AWS Organization and deployed guardrails using service control policies and rules to prevent drift from compliance best practices. Our experts migrated the legacy accounts to the new modernized infrastructure and ensured zero downtime for production-level workloads.
Additionally, Quantiphi deployed the network architecture with segregated workload with connections to the existing on-premise firewall
Results
- Migrated 13 accounts to a new optimized environment
- Enabled security best practices by leveraging service control policies and AWS Configuration
- Streamlined creation and deletion of accounts/environments with reduced manual overhead
- Enabled cloud migration, AWS control tower, well-architected, service control policies, guardrails, secure environment accelerator, account factory, sandbox
