The Development and Implementation of a Robust Secure Infrastructure in the Azure Cloud

Executive Summary

Zafin is a banking software enterprise platform company that provides relationship-based pricing to banks and financial institutions. The company is headquartered in Canada, with offices in USA, UK, Germany, Dubai, Malaysia, South Africa, and India.

Zafin helps banks incentivize desirable client behavior by offering the right product to the right client at the right time through the right channel at the right price. Their award-winning platform has helped banks of all sizes deepen client relationships, improve operational efficiency, and enhance revenue.

The Challenge

In the world of finance, much like in the world of healthcare or online commerce, there exists numerous rules and regulations that companies must adhere to in order to protect the personal information of their customers in the most secure manner. From country to country, these rules that govern business operations can vary wildly and can have ramifications to operations.

For one of our return clients Zafin, these privacy and security mandates impacted their Canadian operations. With a Canadian financial regulatory requirement to maintain the security of customer transactional and personal data within the borders of Canada, Zafin recognized the need to work with ClearScale to quickly develop an infrastructure in a cloud whose footprint was within the country. Further, the client needed to have an environment that was always available and could meet the compliance standards such as PCI DSS, SOC3, PIDEPA and Privacy Shield.

The ClearScale Solution

ClearScale determined that in order to meet the mandate of having an infrastructure within the Canadian region, only one cloud service could provide that guarantee: Microsoft Azure. Using the Azure Blob service, unstructured data could be stored as object data and used from any location within the Canadian region. Protected by an intrusion detection system called OSSEC and using BitLocker feature of Windows and DM-Crypt feature of Linux to provide encryption of data files at rest gave the infrastructure a level of protection that would allow it to adhere to the necessary compliance standards. Coupled with Azure Key Vault, Zafin would be able to manage the disk-encryption keys further solidifying a regimented data encryption schema for all data at rest.

Zafin’s platform enabled banks and financial institutions to put digital experiences in the hands of customers. As such, this is a system that is open to the public. To ensure data encryption in transit, ClearScale used TLS v1.1 and v1.2 for all payment transactional information over public channels, as well as TLS/SSL used between devices and the cloud. The application to be housed on the infrastructure ClearScale was building would also be protected by a Web Application Firewall (WAF) to protect the endpoints that are exposed to external entities. Implementing an adaptive and always up to date WAF will guard against Distributed Denial of Service (DDOS) attacks and mitigate data loss by outside influences. This will reduce the overall risk, all while ensuring that Zafin’s infrastructure will remain compliant.

From an infrastructure perspective, ClearScale wanted to make managing and deploying infrastructure depending on client needs as smooth and easy as possible. These days, enterprises have multiple options to automate these tasks with tools like: Chef, Puppet, Ansible, and Terraform. ClearScale helped consult on the option most suited to the nature of business that Zafin is in, and orchestrated automation that deployed infrastructure as code, developed execution plans, and managed deployments with minimal or no failures by performing resource mapping prior to deployment. But automating this entire process, human error can be eliminated thus allowing for clean infrastructure deployments every time.

Zafin’s frontend is also cutting edge, creating beautiful, high performance, responsive user experiences that allows frictionless onboarding for users. To accomplish this the app is structured as a Single Page Application (SPA) with heavy use of Javascript and associated technologies. The infrastructure stack that enables such applications at scale has to be equally innovative. ClearScale recommended a container application platform built on Docker containers and the Openshift cluster manager. Strategically crafted Continuous Integration and Continuous Development (CI/CD) allows Zafin to use the likes of secure, private GitLab or BitBucket repositories to check in new source code. ClearScale have automated monitoring and refreshing of the code base when reviewing changes made before building a Docker image and sending a request deploy it to the previously defined Azure VMs.

Finally, to provide end-to-end monitoring of events and activities, ClearScale implemented Azure Monitor to provide metrics, alerting and logging of all areas of every Azure instance. It also provides the ability for the logs to be sent to Log Analytics to provide deeper understanding to clients on issues that are discovered. Utilizing this logging approach means that the client will not experience issues with trying to determine areas of concern or failure in the future.

The Benefits

By having ClearScale design, build and deploy the infrastructure solution to the Azure Cloud, Zafin was able to focus their limited engineering resources on the development of the applications that would reside in the environment ClearScale had created. This allowed them to quickly work in parallel with ClearScale resources in the creation of an end-to-end, highly secure, highly redundant product for their financial customers. ClearScale took the worry of creating a cloud deployment out of Zafin’s mind and delivered a fully functional environment that the client could maintain going forward with minimal training required.

ClearScale believes in setting clients up for success by performing an in-depth evaluation of the client’s needs, rapid development after a design is finalized, and complete hand-off of the solution including appropriate training. Giving our clients the tools they need for success means they are able to make fundamental business and operations decisions using the information available at their fingertips.