Chris ScheelsJuly 23, 2019
FINRA Achieves DevOps Agility Securing Their AWS Environments
FINRA, a not-for-profit organization authorized by Congress to protect America’s investors, speeds up DevOps though a unified and frictionless strategy.
At Amazon Web Services' (AWS) first conference dedicated to security (AWS re:inforce), we co-presented a session with Financial Industry Regulatory Authority (FINRA) on how they were able to automate and secure their AWS environment while maintaining agility. Historically, agility and security are inversely proportional: if you increase security, you decrease agility. Further, if you want to increase agility you have to decrease security — unless you get creative, which is exactly what FINRA did. They took the leading Software-Defined Perimeter (SDP) product, AppGate SDP, and made it even better by building Gatekeeper. Gatekeeper is a custom workflow app FINRA wrote to tightly control temporary access to critical resources using AppGate SDP. To top it off, they made Gatekeeper open source to benefit other financial institutions or any enterprise that heavily relies on development in the cloud!
It is interesting how FINRA has been able to fully adopt the public cloud while financial and banking organizations lag behind, both being lukewarm, at best, on their cloud migration. In late 2018 Accenture released a research report that illustrates the reluctance organizations may have. According to the report, 43% of banking executives mentioned that they do not have a cloud strategy or have only started implementing basic cloud practices.
Banks and financial services have good reason to be cautious since there are lots of security challenges presented by the public cloud. FINRA’s CIO Steve Randich informs us there is a right and a wrong way to move to the public cloud. In a recent interview at the AWS Summit in New York, Randich states that sloppy cloud migration can cause your organization to be less secure and that there are specific principles that should be followed.
FINRA discussed different aspects of their holistic security strategy and how they implemented a Software-Defined Perimeter to augment network layer security controls. Learn how one of the largest financial regulators utilizes AppGate SDP to secure their public cloud while increasing agility by watching the video below.