UK financial services companies are among the highest profile targets in Cyber threat landscape. Not only do they generate and store enormous amounts of valuable personal and financial data – which is highly attractive to cybercriminals; they are also heavily regulated by the Financial Conduct Authority (FCA) and are undergoing extreme digital transformation to ready themselves for the digital world.
Yet, as transformation continues, keeping up will only get harder. Cloud adoption is widespread, data volume is growing at unprecedented rates, and skills are scarce – almost 1m cybersecurity jobs are still unfilled globally. To make matters worse, targeted cyber-attacks on UK financial services companies are on the rise. These businesses are left doing more with less, and this is creating more room for human error.
According to a recent survey, nearly half (43%) of UK financial companies suffered a cybersecurity incident caused by employee failure to follow security protocols or data protection policies. We have seen it time and time again. All too often, the poor security and compliance up-keep are causing data mismanagement or, even worse, loss – resulting in data violations, huge fines, and reputation damage.
Take, for example, the unintentional exposing customer data via the Amazon Web Services (AWS) Simple Storage Service (S3) by Capital One. Despite many of the headlines branding Public Cloud “unfit” for UK businesses following this event, it appears that Capital One made the false assumption that using the default settings to encrypt its data would protect it against any type of unauthorised access.
To overcome these issues, UK financial services companies need a partner that can manage their technology change, whilst also providing the knowledge skills needed to ensure continuous security and compliance – even once the business is in the Cloud.
How HeleCloud is helping transform Financial Services companies on AWS?
HeleCloud has strong experience operating within heavily regulated industries where security and compliance are fundamental and data breaches are rife. Within the Financial Services sector, HeleCloud has helped several companies across Europe to transform, innovate, optimise and grow in a secure and cost-effective way based on the AWS platform.
Take for example our work with NEX group. NEX contacted HeleCloud requesting assistance with their platform, NEX Infinity, which processes multi-million transaction volumes daily, globally. HeleCloud was tasked with providing tech expertise within the already existing infrastructure, CI/ CD processes as well as ensuring secure and compliant domains in line with that of the FCA. HeleCloud helped NEX Infinity build an environment on the AWS platform which followed strict Infrastructure as Code and Immutability principles (i.e. no change and configuration management in production or user login is allowed, except for break-glass security and forensic procedures).
Following HeleCloud’s implementation of AWS services, NEX was not only compliant with FCA regulations on security and compliance but are now working with an up to date AWS environment with continuous expertise.
It is important to note here the FCA’s role within the financial services sector. This regulatory body works to enhance the integrity of the financial system in the UK, issuing penalties on those companies that they do not feel are doing this. An increasingly important part of this is data protection - ensuring customers are safe from cyberattacks and that their data is not being misused. With almost €114m having already been handed out to businesses due to data mishandling, ensuring robust security and compliance is not an easy task.
A commodities investment company came to HeleCloud with this very issue. It had a functioning AWS environment but needed help in refining its workings to be more scalable, robust and, of course, secure in line with the FCA’s expectations. HeleCloud were engaged to build out a multi-account, multi-region landing zone, all infrastructure as code, to replace the single account structure currently deployed, in order to provide a highly secure setup. The requirements included a number of bespoke requests from the client that included the build-out of an AMI factory, a load-balanced proxy configuration, log shipping to a separate SOC account, and service control policies to protect all environments from both internal and external threats and incidents. HeleCloud successfully helped to further support and improve this environment using a collection of AWS services including, developer tools, budgets, organisations, resource access manager and service control policies. AWS security compliance and monitoring tools were also used as well as AWS networking, RDS database, EC2, and Lambda Compute, S3 and EBS storage and finally IAM Identity Management. Following the implementation of these services and further HeleCloud support, the success of the project was clear. According to the CTO; “A project that would have taken us six months internally has been delivered in less than 2 months. Thanks to the project team for their stellar work.”
HeleCloud’s expertise in this area was also sought out by a Fintech company that had developed a unique proposition, centered on the provision of fully automated customer registration and onboarding to other companies that must adhere to strict regulatory and security compliance requirements.
In this instance, HeleCloud worked with the Fintech company to design and deploy an AWS environment, comprised of a Landing Zone and set of CI/CD pipelines that provided a converged application and infrastructure deployment capability. The Landing Zone adhered to all the principles and best possible practices of the AWS Well-Architected Framework for Public Cloud deployments, encompassing Security & Compliance, Scalability, Cost and Operational effectiveness. With this, HeleCloud was able to ensure compliance with FCA regulations. The CI/CD pipelines put in place enabled the deployment of the AMI and Container Factory concepts- significantly reducing application deployment times and operational automation. The environment was built to facilitate the Serverless architectural model where possible for optimal cost, scalability and operational efficiency. HeleCloud also deployed a range of AWS services, including; the AWS Developer Tools (CodeCommit, CodeBuild, CodePipeline, ECR), AWS security features as well as compliance and monitoring tools (AWS Config, AWS Inspector, amongst others), whilst also incorporating their networking, serverless, database, compute, storage and IAM features through a number of forms.
Through this work, the Fintech company achieved the fast deployment of a secure AWS environment, with all the required guard-rails that would keep them compliant and operationally efficient with the FCA. Through our AMI and Container Factory implementation, they were able to deploy new functionality and applications a lot faster than otherwise possible. They are now also able to tune its offering based on customer feedback. The solution HeleCloud developed provided the Fintech company with first-class flexibility capabilities that are above those of its competitors.