The Development and Implementation of a Robust Secure Infrastructure in the Azure Cloud
Zafin needed to quickly develop a cloud infrastructure to comply with privacy and security mandates in Canada.
ClearScale designed an infrastructure solution with Microsoft Azure consisting of several features, such as Azure Monitor, Blob, and BitLocker.
Zafin has a fully functional, secure, and compliant cloud environment that requires minimal training for in-house engineers.
Zafin is a banking software enterprise platform company that provides relationship-based pricing to banks and financial institutions. The company is headquartered in Canada, with offices in USA, UK, Germany, Dubai, Malaysia, South Africa, and India.
Zafin helps banks incentivize desirable client behavior by offering the right product to the right client at the right time through the right channel at the right price. Their award-winning platform has helped banks of all sizes deepen client relationships, improve operational efficiency, and enhance revenue.
In the world of finance, much like in the world of healthcare or online commerce, there exists numerous rules and regulations that companies must adhere to in order to protect the personal information of their customers in the most secure manner. From country to country, these rules that govern business operations can vary wildly and can have ramifications to operations.
For one of our return clients Zafin, these privacy and security mandates impacted their Canadian operations. With a Canadian financial regulatory requirement to maintain the security of customer transactional and personal data within the borders of Canada, Zafin recognized the need to work with ClearScale to quickly develop an infrastructure in a cloud whose footprint was within the country. Further, the client needed to have an environment that was always available and could meet the compliance standards such as PCI DSS, SOC3, PIDEPA and Privacy Shield.
The ClearScale Solution
ClearScale determined that in order to meet the mandate of having an infrastructure within the Canadian region, only one cloud service could provide that guarantee: Microsoft Azure. Using the Azure Blob service, unstructured data could be stored as object data and used from any location within the Canadian region. Protected by an intrusion detection system called OSSEC and using BitLocker feature of Windows and DM-Crypt feature of Linux to provide encryption of data files at rest gave the infrastructure a level of protection that would allow it to adhere to the necessary compliance standards. Coupled with Azure Key Vault, Zafin would be able to manage the disk-encryption keys further solidifying a regimented data encryption schema for all data at rest.
Zafin’s platform enabled banks and financial institutions to put digital experiences in the hands of customers. As such, this is a system that is open to the public. To ensure data encryption in transit, ClearScale used TLS v1.1 and v1.2 for all payment transactional information over public channels, as well as TLS/SSL used between devices and the cloud. The application to be housed on the infrastructure ClearScale was building would also be protected by a Web Application Firewall (WAF) to protect the endpoints that are exposed to external entities. Implementing an adaptive and always up to date WAF will guard against Distributed Denial of Service (DDOS) attacks and mitigate data loss by outside influences. This will reduce the overall risk, all while ensuring that Zafin’s infrastructure will remain compliant.
From an infrastructure perspective, ClearScale wanted to make managing and deploying infrastructure depending on client needs as smooth and easy as possible. These days, enterprises have multiple options to automate these tasks with tools like: Chef, Puppet, Ansible, and Terraform. ClearScale helped consult on the option most suited to the nature of business that Zafin is in, and orchestrated automation that deployed infrastructure as code, developed execution plans, and managed deployments with minimal or no failures by performing resource mapping prior to deployment. But automating this entire process, human error can be eliminated thus allowing for clean infrastructure deployments every time.
Finally, to provide end-to-end monitoring of events and activities, ClearScale implemented Azure Monitor to provide metrics, alerting and logging of all areas of every Azure instance. It also provides the ability for the logs to be sent to Log Analytics to provide deeper understanding to clients on issues that are discovered. Utilizing this logging approach means that the client will not experience issues with trying to determine areas of concern or failure in the future.
By having ClearScale design, build and deploy the infrastructure solution to the Azure Cloud, Zafin was able to focus their limited engineering resources on the development of the applications that would reside in the environment ClearScale had created. This allowed them to quickly work in parallel with ClearScale resources in the creation of an end-to-end, highly secure, highly redundant product for their financial customers. ClearScale took the worry of creating a cloud deployment out of Zafin’s mind and delivered a fully functional environment that the client could maintain going forward with minimal training required.
ClearScale believes in setting clients up for success by performing an in-depth evaluation of the client’s needs, rapid development after a design is finalized, and complete hand-off of the solution including appropriate training. Giving our clients the tools they need for success means they are able to make fundamental business and operations decisions using the information available at their fingertips.