Problem Statement
Context
DLT Apps was established with the aim of incubating multiple financial products. One of our first flagship products is a fund administration platform that would host confidential user data of our clients on the cloud. This would be the first major cloud-based deployment of confidential data at such a scale for our client, their own cloud solution was delayed by a few years. We needed to build a secure, reliable cloud foundation at pace. It was also important to ensure the platform was extensible and scalable to support additional product propositions in the future.
Challenges
- Building a cloud foundation that would meet our client’s security, and governance requirements, along with balancing the implementation and run costs of a startup.
- The need to set up the platform rapidly to meet the growing demands of the engineering and product teams, as well as client expectations.
- The platform had to support multiple technologies (java, go, python) and micro-services based architectures. Engineers needed sufficient tooling to enable them to safely build and progress their changes across multiple environments.
- Once live, we needed our support teams and reliability engineers to maintain the solution and identify and resolve incidents quickly.
Solution
We outlined four areas of focus during the strategy phase
Secure, Scalable, Reliable Foundation
The DLT Apps team worked with our client to zero in on AWS as the cloud platform. We rapidly produced designs that met the Cloud controls (along the lines of the CCM cloud matrix) starting with network, identity & access, data security, and governance controls. The core production-grade network and infrastructure were designed and built within 6 months and were made ready for consumption for user testing.
The team further continued to enhance the operations/run capabilities with logging and monitoring, security incident management, incident management, endpoint protection & disaster recovery/business continuity management.
Services Hosting Platform
The solution was comprised of AWS Elastic Kubernetes services as the primary application hosting platform, Aurora for data, network services such as VPC, WAF, Transit gateway, Client & S2S VPN, network firewall, and security services such as Security Hub, Config, GuardDuty, KMS, CloudHSM. In addition, the platform also included many other services that DLT Apps hosted such as Kafka, Zeebe.
DevOps Tooling
A fully automated approach and integrated tooling using Git, Docker, Jenkins and Spinnaker was setup to allow teams to provision environments on demand and safely deploy their changes across environments. The process provides end-to-end traceability from the code change through to the deployed versions in production.
Operations
Elastic was chosen as the centralised monitoring solution and integrated across the entire platform providing a singular view of all infrastructure, platform and application logs and metrics. This was integrating with our alerting and incident response solution.
Technologies
Impact
- Multiple live services – The cloud platform now hosts multiple beta testing and production environments for our clients with full controls. The platform has been vulnerability assessed and penetration tested by third parties with minimal minor findings.
- Successful third-party review – A well-architected review from AWS was also conducted with two minor findings. It has also been through the client’s third-party assurance process and satisfies 127+ controls required from third-party SaaS solutions.
- Zero data loss and a 30-minute recovery time – The platform has successfully completed a business continuity test with zero data loss and an RTO of 30 minutes.
More Case Studies
EaaS Cloud Native Development Accelerator
Simplifying Cloud Security and Compliance Assets
Implementing an Effective Composable Architecture for a Retail Lender
Leverage our extensive Cloud Services
expertise to achieve strategic business outcomes