Cloud platform development

Rapid deployment of new projects and services

Security best practice assured

Wyzwanie

The need for a mechanism to enforce security standards
As part of its cloud migration strategy this global investment bank needed to be able to define standard security policies then deploy once on a virtual machine to ease future releases and ensure consistency.
To achieve this, there was a need to:  

  • Set baseline security and best practice for Oracle/Postgres databases
  • Codify security policies to be applied to the Azure cloud environment
  • Add policies to a CI/CD pipeline with accompanying test framework
  • Free developers to deploy databases in Azure without needing to re-create security controls each time

Zaangażowanie

Security process engineering
Already a trusted partner of the bank, GFT was engaged to:

  • Examine the control environment pipeline and modify to accept policy as code
  • Select a specific test framework using typescript for positive and negative policy tests
  • Document and agree security standards and baseline with CSO
  • Create a policy-as-code library using Terraform to implement the policies
  • Perform standard tests via the pipeline to ensure the policies behaved as required

Korzyść

Self-service deployments of databases with enforced controls
GFT has empowered the bank to accelerate its cloud strategy in several ways:

  • With a codified policy set the bank can self serve database deployment in Azure
  • A thoroughly tested pipeline provides the ability to change security controls or add to them without introducing insecure configurations
  • Policy as code assures continuous compliance for databases on the whole platform, with any user changes not meeting the security controls, being rejected
Default C2A Content App pages

Aby dowiedzieć się jak Twoja firma może skorzystać z naszych metod działania, skontaktuj się z nami

Carlos Mattos

Director of Technology & Architecture