As a company developing in a relatively new industry, the European fintech was able to benefit from the many advantages of establishing their native cloud-based business environment on AWS. This included quick set-up, application development, time to market and lower TCO – all this without the burden of interfacing with legacy systems, datacenters or private clouds. In addition, AWS was responsible for significant parts of the operational and management activities of their environment. But, AWS is not responsible for everything; the fintech learned that it is responsible for its own operating system, software and utilities, and more.
In practical terms, this meant that guaranteeing unfailing access to apps and services as well as responsibility for the security of customer data and the trading platform are in the fintech’s court. Specifically, the fintech must make sure that all the trading, training, services and customer support they provide are available 24x7x365 to their clientele who hold 5 million accounts, are located on three continents, in several different time zones, and communicate in nine languages.
Uninterrupted availability is vital
The business of trading frequently requires split-second decisions and actions and thus there is no room for downtime, lags or “glitches.” Customers need continuous access to relevant business information and the ability to make trades.
Self-analysis on the road to resilience
Just as enterprises use penetration tests to discover weaknesses in the level of their cybersecurity, the always-on, highly-charged nature of the fintech’s business was driving them to proactively discover weak points in the resilience of their AWS environment. Of particular concern were vulnerabilities that could cause unavailability or data loss and services and apps that might not be 100% reliable and could cause disruptions, all of which would prevent customers from 24×7 access to the site and services.
The fintech’s challenges were intensified by the fact that they operate in a highly regulated industry and must comply with regulatory best practices. Their complex AWS environment experienced a large volume of ongoing changes that also needed to comply with the hundreds and even thousands of constantly evolving best practices of their vendors, the industry and the user community.
AvailabilityGuard NXG for AWS delivers for the fintech
After contacting Continuity Software, the decision was made to begin a trial period using AvailabilityGuard NXG for AWS.
How AvailabilityGuard NXG works
AvailabilityGuard NXG for AWS gathers and analyzes the resilience status of AWS environments. The SaaS solution automatically, proactively and continually scans all components of the AWS environment.
Each scan gathers information about AWS configurations, which is compared against a large and growing proprietary knowledgebase containing 300+ (and growing) rules derived from the best practices needed to maintain reliability, protect data, and more, as well as rules regarding compliance with regulations, standards and SLA commitments.
When deviations are discovered between configurations in the environment and best practice rules, the relevant teams are notified. They receive incident tickets along with instructions for repair.
The trial period
AvailabilityGuard NXG for AWS scanned production workloads including components of AWS environments that included 468 EC2 instances, 166 load balancers, and 4 RDS instances.
The solution collects only configuration data (metadata) from AWS via 20 (and growing) AWS native APIs using read-only privileges and employing secure and light-weight data collection. The scans do not and cannot change configurations.
Metadata was collected over a month at the fintech. There was no performance impact and no agent was installed.
AvailabilityGuard NXG for AWS scanned and analyzed configuration data from all the AWS infrastructure layers. The scans detected 276 configuration risks in EC2, CloudFront, S3, ELB, ASG, RDS, and other AWS services.
The fintech discovered that more than 80% of the risks detected could impact continuous availability, security and data protection, the very issues that were of greatest concern to them. See the charts below.