Growing Security & Customer Satisfaction With Advanced AWS Services
Voyant wanted to launch a new service that presented a unique opportunity to replatform and take advantage of advanced AWS tools and feature sets. The new service needed to comply with customer security policies and provide an always-available customer experience.
Using advanced AWS tooling, a foundation for the new service was architected to support the highest levels of availability, security and compliance with patch management, audit trail logging and alerting on suspicious activity.
Founded in 2006, Voyant develops easy-to-use software solutions that demystify the financial planning process for professionals and consumers alike. Today, more than 2,000 financial and human capital management firms around the world, including Lloyds Bank, Aon Hewitt, AXA, St. James Place Wealth Management, Bellpenny and more, use Voyant to differentiate their financial planning services. Providing a SaaS financial planning service, Voyant helps financial service enterprises in addition to clients. Its full-enterprise platform for financial advisers allows them to conduct visual and dynamic cash flow planning collaboratively between themselves, their colleagues and their clients.
An AWS customer, Voyant was launching a new service, AdviserGo, that was just the opportunity it sought to replatform and take advantage of new AWS tools and advanced feature sets. AdviserGo requirements included keeping customer data safe and complying with its customers’ internal security policies while providing a consistent, always-available customer experience.
Lauded for its attention to detail (from its products to customer service,) Voyant boasts industry-leading levels of customer satisfaction. As a result, it was imperative that AdviserGo was both secure and provided the highest levels of customer experience for which the company is known. The Voyant team called in AWS Consulting Partner, NTT DATA, to help it assess and architect the best solution that would address these challenges.
- Replatforms for AWS with zero downtime and no degradation of service
- Scripts approach to server upgrade and patching that meets internal security requirements
- Builds sophisticated auditing and alerting systems that keep systems compliant
- Overdelivers on commitment to data security and customer excellence
Building the foundation
Voyant sought to architect a foundation for the new service that supported the high bar it set for itself for security and compliance — including patch management, audit trail logging and alerting on suspicious activity. As a result of these requirements, NTT DATA consultants recommended several advanced AWS solutions:
Forging an audit trail
AWS CloudTrail and AWS Config were deployed to create an audit trail and related alerts. Specifically, the solution used AWS CloudTrail to automatically log actions made within Voyant’s AWS account. These actions included which user and/or account called AWS, from which IP address the calls were made, and when they were made. Even key access is captured by the Voyant CloudTrail solution, delivering this information to logs stored in AWS S3 buckets.
In addition, advanced auditing was achieved for system changes, alerting the team to changes made to an individual component over time. AWS Config system monitoring ensures that any configuration change from a known, good state is flagged and either approved or returned to its previous compliant state. Together with AWS CloudTrail, Voyant can flag events that possibly contributed to a configuration change as well as who made the change, at what time and from where.
Making patch management more secure
The teams used Amazon EC2 Systems Manager Patch Manager, architected to automate the process of patching instances for the Voyant solution, scanning for missing patches and/or instances that need updating. Voyant can choose which patches it wants to install and can then automatically install any or all missing patches. As Voyant can automate the application of patches — with rules for auto-approving patches, as well as a list of pre-approved patches — systems are patched regularly and on an as-needed basis. To automate the process, the teams used AWS Inspector to trigger alerts on common vulnerabilities and exposures (CVE). These alerts, in turn, triggered a Lambda function and used the EC2 run command to update the element. This solution actively meets a key requirement that Voyant is compliant with its customers’ internal security policy of consistent patch management.
Suspicious activity alerts were achieved by sending CloudTrail logs to CloudWatch logs; in CloudWatch logs, alerts were created for dangerous events. In addition, the teams raised the bar yet again with another sophisticated solution. They enabled Amazon provided rules — predefined, customizable best-practice configurations — in AWS Config and created a pipeline for deploying custom AWS Config Rules using AWS Lambda. The alerts from both CloudWatch and AWS Config rules were forwarded to an SNS topic that was integrated with Slack and monitored by Voyant administrators.
According to Skip Walker, CTO at Voyant, “One of the best parts of working with NTT DATA is the ease of addressing issues and creatively addressing the high standards we’ve set through advanced technologies. We appreciate that they take the time to give you a nice inside view of what’s happening and why. We look forward to continue working with the team.”
Reaping the benefits
With the help of the AWS consultants at NTT DATA, the Voyant team was able to use the introduction of its new service as an opportunity to replatform. They did so with zero downtime during the infrastructure switch and no degradation of service, which translated into a continued positive customer experience. Importantly, Voyant successfully scripted an approach to its OS and application server upgrade and patching that met its customer’s internal security requirements. The firm was also able to take advantage of new AWS services like AWS Config to build sophisticated auditing and alerting systems, helping ensure that its systems remain in a known, good state. And, in the process over-delivering on its commitment to data security and customer excellence.
*This case study was originally written by Flux7, which has become NTT DATA Services as of December 30, 2019.
Voyant offers a new cloud-native service with extreme security based on advanced AWS services.