AllCloud’s Multi-Layered approach

May 29, 2023

AllCloud’s Multi-Layered approach

Security is a critical aspect when building and running a business in a flexible and secure cloud computing environment. However, both the provider and client share equal responsibility for security and compliance.

As a Technology provider, AllCloud takes complete responsibility for establishing a secure and efficient environment through various means, including AWS services and third-party tools. While Amazon Web Services (AWS) provides various security features such as IAM roles, security groups, and network access control lists, these features typically require manual reviews, leaving room for errors that could potentially result in losses.

At the initial stage, we prioritize IAM roles and security groups as our primary security measures. IAM roles enable us to assign specific permissions to trusted identities, ensuring that only authorized actions are carried out within AWS. At the organizational level, IAM roles and users allow us to restrict access to specific resources based on departmental needs, clients, and necessary resources. Meanwhile, security groups function as firewalls to regulate incoming and outgoing traffic at the instance level and enhance security.

Additionally, Network Access Control Lists at the VPC level govern the ingress and egress traffic for one or more subnets within the VPC, analogous to security groups, and can be an optional security layer at the subnet level.

One of the main challenges may arise when attempting to implement security measures in a multi-tenancy environment. With different tools and services used to manage various platforms, it can become difficult to integrate and maintain the infrastructure efficiently. To address this issue without hindering the current environment, we use Terraform and Octopus Deploy to automate the process of managing and building the infrastructure. Terraform runs daily to ensure the default infrastructure is reverted, while Octopus Deploy offers excellent assistance in deploying Terraform templates.

The integration of Terraform with Octopus Deploy Features creates a collaborative environment that helps us plan, create, update, and maintain the organization's infrastructure. Octopus Deploy streamlines the process of deploying applications across numerous servers and is compatible with a range of platforms, programming languages, and operating systems. It also can manage multi-tenant environments. However, when combined with Terraform, it becomes a highly efficient tool for managing and constructing infrastructure. The use of version control, which is stored in Git and deployed through Octopus Deploy, allows for easy tracking of any changes in the infrastructure, and we can revert to previous states if necessary. By using Octopus Deploy run books, we can run remote inline commands and automate routine maintenance while creating or destroying resources.

Despite the convenience of utilizing AWS credentials to configure tools like, Terraforms, Octopus Deploy, or Vault, security remains a top priority. To minimize the potential for compromised credentials, we implement a periodic key rotation policy, which is closely monitored by AWS Security Guard. However, Vault serves the specific purpose of granting user login and access permissions to databases and services like S3, resulting in improved security measures and a comprehensive audit trail.

In addition to these measures, we also use Amazon Web Services (AWS) Control Tower and AWS Identity Access Center to set up a secure and reliable multi-tenancy environment. It allows us to deploy policies to individual accounts and organizational units, while its integration with lifecycle events ensures that deployments stay coordinated.

In conclusion, Ashish Khadloya explains that, although AWS offers multiple security features, we take additional measures to mitigate risks that may arise from human reviews. We achieve greater reliability and robustness for our users by utilizing a combination of Terraform, Octopus Deploy, Vault, and AWS Control Tower. This approach allows us to provide our clients with a secure and efficient cloud computing environment while reducing the potential for security breaches.

Episode 09
How an Automated Loan Management System Can Maximize your Efficiency

Episode 09
Overcoming Loan Servicing Challenges with Unified Lending Technology

Unified lending technology presents a transformative solution for overcoming the challenges associated with loan servicing. By enabling seamless integration, data centralization, and automated payment processing, lenders can streamline operations, improve efficiency, and enhance customer satisfaction.