Client Profile
Customer Name: Financial Services
Customer Since: 2008
Sector: Financial Sector
Introduction
A leading provider of insurance partnered with Version 1 to reduce costs and enhance the security of their crucial core business operational workloads. The workloads are used to record customer data, customer policies and related documentation. Over time, the workload had a rising cost of ownership, numerous outages and was becoming a security risk for the Customer.
Challenge
After an initial discovery, audit, and assessment phase, the Version 1 team recommended that the customer move their workloads from an on-premise environment to AWS. The workload integrated with external systems and transformation required that the integration remain uninterrupted. The long-term customer technology strategy was to move to the cloud, accelerate their delivery and take advantage of newer, cutting-edge services provided by the Cloud on AWS.
Why Version 1?
Version 1 has a strong history of collaboration with Customers in the Financial Services Sector. We are experts in Cloud and AWS and have a large team of consultants who have experience in a variety of technology domains. Having won AWS Migration Partner of the Year, we have a strong endorsement and credibility to transform complex workloads to cloud platforms.
Solution
Version 1 leveraged our AWS Landing Zone Service Offering which provided a secure, scalable, and highly available solution for the target workloads. A key feature of our Landing Zone Service Offering is the self-service functionality, such as the Account Vending capability, allowing application teams to procure accounts on-demand. The Landing Zone solution enables application scalability, modularity, and security guardrails out of the box, helping to accelerate migrations securely. AWS VPC networking was configured to provide separation of UAT and Production environments via Transit Gateways and IPSEC VPN Connectivity was implemented to create private communications channels.
The AWS Landing Zone solution included configuration for establishing and implementing customised account security for the Customer. Additional security included the implementation of AWS WAF (Web Application Firewall). The WAF protected the application workloads against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives control over how traffic reaches the application by enabling Version 1 to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific defined traffic patterns. The Managed Rules for WAF address issues like the OWASP Top 10 security risks. These rules are regularly updated as new issues emerge.
The database was Oracle on IaaS which required significant operational support. The IaaS database was transformed to make use of AWS RDS. RDS simplifies the set-up, operation and scaling of Oracle Databases in the cloud. We configured RDS backups to meet Customer RTO/RPOs. All data at rest within the database and the application workloads was encrypted. High availability was provided and RDS was deployed in a multi-AZ configuration to prevent interruptions should outages occur in an Availability Zone.
To archive data, we opted for AWS S3 Glacier. Glacier is a secure, durable, and extremely low-cost Amazon S3 cloud storage class for data archiving and long-term backup. It is designed to deliver 99.999999999% durability and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements. Using Glacier also allowed us to minimise data retention costs for the Customer.
Right-sizing applications and workload instances allowed our customer to ensure that there was no wastage when it came to instance resources and costs. We were able to reduce resource costs by not only right sizing but deploying reserved EC2 instances which are low-cost, long term cost solutions.
For operational monitoring, CloudWatch Unified Agent was installed on application servers to provide enhanced monitoring. RDS logs were shipped to CloudWatch Log Groups. All logging has encryption enabled to enhance security. Data was visualised on centralised operational dashboards.
The workload was replatformed, upgraded and successfully live within 6 months of Version 1 taking over the transformation with no interruption to core business activities. Our Version 1 Aspire (Managed Services) capability ensure the seamless running of the workloads, providing 24×7 operational support.
Real Differences, Delivered
- Core business workloads transformed to use AWS within 6 months
- 100% data integrity
- Fully automated, secure Landing Zone deployed with data encryption in transit and at rest
- Reduction in total cost of ownership, enhanced cost controls with low-cost archival of data and right-sizing of resources
- Resolution of capacity constraints to allow for elastic demand expansion
- High availability solution with use of multi-AZs and self-healing deployments
- Providing agility to use the latest cloud-native and open-source technologies with an “automaton mindset”
- Reduced operational overhead with reduced in-house management
- Full disaster recovery and backup plan and automation implemented
- 24×7 Version 1 Managed Service operational support
About Version 1
Version 1 proves that technology can make a real difference to our customers’ businesses. We are trusted by global brands to deliver technology services and solutions which drive customer success. Our team of difference-makers work tirelessly to provide independent advice and deliver impactful changes to help our customers navigate the rapidly changing Digital-First world we live in. Our greatest strength is balance in our efforts to achieve Customer Success, Empowered People and a Strong Customer, underpinned by a commitment to our values. We believe this is what makes Version 1 different and more importantly, our customers agree.