Emerging Fintech Strengthens Cloud Security Posture
01. First of a kind Fintech company in India
02. Securing Transactions & Reducing Risk
As a business that mainly offers loans to SMBs, data security, compliance and reliability are highly critical to the growing fintech startup.
From user data to e-KYC information, when AWS and Umbrella conducted an assessment of the finance based company’s cloud security posture, we identified areas for improvement.
The fintech startup is developing rapidly and increasing the delivery of new services. This acceleration is accompanied by the increasing risk of a surface attack on their systems. They had to quickly ensure ongoing compliance in their AWS infrastructure and needed a solution that enabled real-time visibility on the risks, continuous compliance status reports, and tools for rapid remediation.
The assessment also helped the tech company identify their critical needs based on which they decided on a major security shift. The company required quick and effective remediation as it bears the key responsibility of ensuring protection from data theft; secure transactions; and regulatory compliance.
03. Assessment and Risk Remediation
Umbrella helped assess the Fintech’s security posture, identified existing gaps, and provided solutions for risk remediation, strengthening security and ensuring compliance:
Our approach to fortify cloud security for this client cascaded as follows:
- Conducted a complete assessment of their AWS account in accordance with the security pillar of the AWS Well-Architected Framework.
- Delivered a comprehensive report with remediation priorities and next steps based on the assessment
- Some of the impactful actions derived from the assessment and report involved:
- Identifying security loopholes in the architecture and suggesting changes.
- Comprehensive review of security policies and configurations.
- Determining the right security and monitoring tools.
- Enabling a solid security incident response plan.
- Rebuilt their existing AWS environments in accordance with AWS best practices and CIS compliance standards
- Integrated various AWS security services such as security hub, guard duty, IAM access analyzer, and more with the client’s security account.
- Trained and educated the customer to maintain security posture.
- Helped identify automation opportunities and ensure continuous compliance.
Our team collaborated with the customer to help them understand issues and remediation, including security measures applicable to their third party services.
04. Improved Cloud Security
With Umbrella’s comprehensive assessment, steps taken to assess security gaps and remediation measures, the growing fintech business considerably strengthened their security stance.
They were able to easily determine identity and access risks and mitigate them quickly. The finance-based organization gained clear visibility into their permissions, policies, groups, and identities across their AWS accounts. Integration of the appropriate AWS security tools enabled robust frameworks that facilitated remedies for exposed risks.
Continuous monitoring of identities and data has enforced access provisioning and mapping. Our security solutions have helped them detect and address compliance gaps with agility and keep track of misconfigurations. Their CIS benchmark rating improved from 30% to 90% with automated monitoring and policy enforcement. Their strengthened security framework enabled high availability, reduced risk and increased visibility of vulnerabilities.