In the Cloud, everybody has already heard about the 'Well-Architected Framework'.
It consists in 5-6 pillars / concepts essential to be satisfied to have an optimal Cloud Architecture and this, no matter the services consumed in the Cloud: it can be Database, Storage, etc.. or Network in our case..
If you work for a financial institution, what would be your best 2 picks among the 6 above? Don't get me wrong, they all are important in diverse degrees but 2 stand out...
Before a deep dive on these 2 dimensions, this is taken for granted that 'Compliance' & 'Governance' (of a new product, set of tools, features, etc..) are fulfilled according to financial company requirements.
- Compliance in business - state of meeting rules or standards. This is the process of making sure your company follow all laws, regulations, standards & practices that apply to the organization and its industry.
- Corporate Governance - refers specifically to the set of rules, controls, policies and resolutions put in place to dictate corporate behaviour.
AVIATRIX & Compliance
- PCI /DSS (Payment Card Industry / Data Security Standard) is an information security standard for financial organizations that handle branded credit cards from the major card scheme. Even if Aviatrix is not in-scope for PCI-DSS compliance because it does not process credit card information, nor has access to customer data's; it satisfies completely the PCI-DSS requirements (1, 2, 10 & 11) related to Networking.
- Aviatrix is compliant to FIPS140-2 (Federal Information Processing Standard). FIPS140-2 is a standard which handles cryptographic modules and the one that organizations use to encrypt data@rest & data-inTransit.
IPSEC is a good example with its standards around encryption and Integrity.
AVIATRIX & Governance
When a manufacturer or Editor sells its product to a financial institution for the first time, a preliminary Risk Assessment (RA) is performed to ensure it conforms rules & policies of the financial organization. I personally witnessed a positive outcome to a RA between a financial institution and Aviatrix.
Every organization has its own Risk Assessment template, but 99% is about the same. An IT Vendor RA is a questionnaire that companies use to assess & vet their current & future vendors. It is designed to identify & evaluate the potential risks of working with a vendor.
Now, the pre-requisites having been discussed, let's go back to the initial question. What would be your 2 picks for financial organizations and well architected framework?
1. SECURITY!!
By far, the most important! For record, in the financial corporates, 10-15% of the FTEs focus solely on the Security aspects! They do not want data"s stolen or compromised by any means..
When it comes to Network Security in the Cloud, Aviatrix provides a complete solution to satisfy the most demanding financial institutions. There is no need to have a 3rd party for FQDN filtering + a complicated solution for Segmentation for instance, Aviatrix provides all in the simplest way.
Please see my first blog (Security use Cases) talking about Network Segmentation, NG-FW insertion and FQDN filtering).
But Network Security with AVIATRIX is much more.
THREATIQ with THREATGUARD
Internet access is everywhere in the Cloud. If you want to protect your business from security risks like Data Exfiltration, DDoS or Compromised hosts, then ThreatIQ with ThreatGuard is the perfect tool: it dynamically identifies, alert & remediate potential threats to known malicious destinations without impacting your data plane.
It continuously fingerprints your workloads and network traffic, offering improved accuracy & anomaly detection over time. It highlights any indicator of compromise & quickly locates and remediates anomalous behaviours as a result of Data exfiltration, DDoS or port scanning for example.
Cloud Network Security with Aviatrix: bottom line
2. RELIABILITY
AVIATRIX Multi Cloud Resiliency
Aviatrix and its Transit Layer with Transit Peering between its Highly Available Transit Gateways from different Cloud Service Providers builds a highly resilient & secured (multiple IPSEC tunnels) MultiCloud network infrastructure.
Aviatrix Active Mesh or the concept of using all available links
Every Aviatrix Gateway can be configured in HA (high availability) mode. By default, Active Mesh is enabled on every Transit & Spoke Gateways. This builds again multiple IPSEC Tunnels between Transit & Spoke leveraging ECMP (Equal Cost MultiPath). With most of the scenarios, the convergence time is 'none'.
The second scenario (with primary Spoke GW failure) is the only one where convergence time occurs (~10-15 seconds).
These were simple thoughts from an ex-IT cloud network engineer in the financial industry having had strict requirements when designing IT Network infrastructures but more in-depth to come soon in Tech Talks with my colleagues Paul Carvill (Principal Solutions Architect) and John Gonsalves (Principal Field Evangelist).
Maxime
No comments:
Post a Comment