Global investment bank adopts database security and policy-as-code in Azure cloud

The need for a mechanism to enforce security standards
As part of its cloud migration strategy this global investment bank needed to be able to define standard security policies then deploy once on a virtual machine to ease future releases and ensure consistency.
To achieve this, there was a need to:  

• Set baseline security and best practice for Oracle/Postgres databases
• Codify security policies to be applied to the Azure cloud environment
• Add policies to a CI/CD pipeline with accompanying test framework
• Free developers to deploy databases in Azure without needing to re-create security controls each time

Security process engineering
Already a trusted partner of the bank, GFT was engaged to:

• Examine the control environment pipeline and modify to accept policy as code
• Select a specific test framework using typescript for positive and negative policy tests
• Document and agree security standards and baseline with CSO
• Create a policy-as-code library using Terraform to implement the policies
• Perform standard tests via the pipeline to ensure the policies behaved as required

Self-service deployments of databases with enforced controls
GFT has empowered the bank to accelerate its cloud strategy in several ways:

• With a codified policy set the bank can self serve database deployment in Azure
• A thoroughly tested pipeline provides the ability to change security controls or add to them without introducing insecure configurations
• Policy as code assures continuous compliance for databases on the whole platform, with any user changes not meeting the security controls, being rejected