AWS Partner Network (APN) Blog
Continuous Compliance in the Cloud: Automating File Security for Regulated Industries
By: Tim Wikander, Alliance Manager – OPSWAT
By: CJ Sturgess, Partner Solutions Architect – AWS
 |
| OPSWAT |
 |
Driven by the high value of financial data and personally identifiable information (PII), regulated industries such as banking, financial services, and insurance organizations face a mounting risk of cyber threats. As organizations in these industries continue to modernize and expand their cloud footprints, they often become larger targets for threat actors, despite increased investment in cybersecurity and stronger risk management processes.
In modernizing applications across these regulated industries, the digitization of customer interactions has made file upload capabilities an essential business function. However, this opens a new and expanded attack surface that sophisticated threat actors increasingly target. Financial institutions face particularly acute risks, from ransomware attacks targeting their cloud storage systems to novel, previously undisclosed (zero-day) exploits hidden in seemingly innocent file uploads. As these organizations process thousands of customer-uploaded documents daily, including loan applications, insurance claims, and more, even a single compromised file can lead to breaches, operational disruptions, and compliance violations.
OPSWAT, an Amazon Web Services (AWS) ISV Accelerate Partner, offers a unique solution for these challenges: MetaDefender Storage Security. Through advanced technologies such as Deep Content Disarm and Reconstruction (CDR), multi-scanning, and proactive data loss prevention (DLP), MetaDefender Storage Security safeguards cloud storage systems. By implementing robust file security processes and automation, organizations can maintain continuous compliance while ensuring seamless customer experience in an increasingly complex threat landscape.
The challenge
The acceleration of cloud adoption offers new and unique opportunities for financial institutions to scale their operations and enhance customer experiences. For example, as organizations transition from traditional Amazon Elastic Compute Cloud (Amazon EC2) instances to containerized environments using Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS), they can achieve greater operational efficiency and flexibility in deployment. However, this evolution can introduce complex security considerations, especially around file handling and storage access patterns. This is further compounded by the need to manage sensitive customer data across multiple Availability Zones and Regions while still maintaining compliance with industry regulations. For financial institutions, these may include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA).
These challenges present a unique opportunity for forward-thinking organizations to reimagine their security posture and compliance strategies. By using advanced file security solutions, such as OPSWAT’s MetaDefender Storage Security, financial institutions can turn these challenges into competitive advantages. Implementing automated, policy-driven security checks across diverse cloud storage systems enhances protection against sophisticated attacks and streamlines compliance processes. Organizations that take this approach can confidently innovate and scale their cloud adoption while maintaining crucial security and regulatory requirements typical of the financial services industry.
Introducing MetaDefender Storage Security
To address these evolving security challenges, OPSWAT has introduced MetaDefender Storage Security (MDSS). This solution gives organizations a containerized, cloud-based approach to file security that aligns with their modern infrastructure requirements. Through a centralized management console, security teams can efficiently orchestrate security policies, monitor scanning activities, and maintain compliance across multiple storage locations. That includes locations such as Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS) volumes, or hybrid environments.
OPSWAT’s MetaDefender Storage Security deploys seamlessly through Amazon ECS or Amazon EKS, which means organizations can scale their security measures in parallel with their infrastructure growth. This flexibility extends to deployment strategies, enabling real-time, on-demand, or scheduled scanning across multiple storage repositories. This software as a service (SaaS)-based solution deploys seamlessly and cost-effectively into your existing infrastructure, without extensive setup or storage administration. Further, this solution supports redundant and distributed architectures for continuous protection, minimizing downtime and maximizing service availability. Get up and running in minutes with ready-to-use protection.
Figure 1: Simplified storage security with MetaDefender Storage Security
Implementation and results
A major US banking institution with $31.6 billion in assets and over 1,850 employees successfully implemented this solution with substantial results. They faced a critical challenge: instituting secure file scanning across multiple accounts, Regions, and organizational units (OUs) while actively undergoing an Amazon EC2 to Amazon ECS or Amazon EKS transition. They used OPSWAT’s MetaDefender Storage Security to deploy a scalable solution that protects their extensive Amazon S3 storage infrastructure, overcome technical roadblocks, and meet strict compliance and performance needs. OPSWAT’s tailored configuration produced a successful deployment for the bank. This included supporting secure access to S3 buckets using AWS PrivateLink, consolidating operations under a single account, and deployment using Amazon ECS or Amazon EKS, which resulted in elastic scaling and better resource efficiency.
OPSWAT took a five-step approach to tailoring the configuration and deployment for the institution:
- AWS Identity and Access Management (IAM) role integration with PrivateLink
- Centralized resource management
- Containerized deployment
- Validated quality assurance (QA) environment
- Flexible deployment strategy
The following diagram illustrates this five-step approach.
Figure 2: MetaDefender Storage Security tailored configuration
The results demonstrated immediate and substantial improvements in the bank’s security operations. Transitioning to an Amazon ECS or Amazon EKS deployment model enabled rapid rollout of policy and engine updates, leading to 75% faster security update deployments. Additionally, IAM role-based integration greatly reduced API key exposure risk, while AWS PrivateLink helped the bank achieve secure, high-throughput scanning. Comprehensive testing facilitated the successful deployment of MDSS across multiple Regions and accounts while supporting future scaling without the need to rearchitect security workflows.
To learn more about how OPSWAT solved this customer’s unique challenges, read the full case study at OPSWAT Powers Secure, Scalable S3 Access for a Major US Bank.
Benefits and impact
The implementation of MetaDefender Storage Security delivers several key benefits and measurable impact. For AWS customers, implementing MDSS offers a transformative impact on their cloud security operations and business efficiency. The solution’s automated S3 bucket discovery and continuous monitoring capabilities significantly reduce manual overhead while strengthening security posture through multiple layers of protection against advanced file-borne threats. Organizations can benefit from streamlined compliance processes with automated reporting and detailed audit trails, helping to meet regulatory requirements across their cloud infrastructure. MDSS’s flexible deployment methods support containerized deployment for efficient resource utilization, scalability, and high availability. This comprehensive approach enhances security through advanced features, including Deep CDR, multi-scanning, and proactive DLP, delivering real business benefits such as reduced operational cost, improved productivity, and faster deployment. The solution’s seamless integration with existing AWS services and support for hybrid environments means that organizations can maintain robust security controls while continuing to innovate and scale their cloud operations.
Getting started
Getting started with MetaDefender Storage Security is straightforward through the AWS Marketplace, where customers can quickly procure and deploy the solution. The solution’s flexible deployment strategy supports rapid deployment through Amazon ECS or Amazon EKS, while the intuitive management console simplifies the initial configuration of security policies and storage connections. OPSWAT provides comprehensive documentation and technical support to ensure a successful implementation, whether starting with a proof of concept or planning a production deployment. To begin protecting your cloud storage infrastructure, visit the AWS Marketplace listing for MetaDefender Storage Security, where you can review pricing options and launch the solution with only a few clicks. For organizations requiring additional guidance or custom configurations, OPSWAT’s technical teams are available to help design and implement a security strategy that meets your specific compliance and operational requirements.
Check out more AWS Partners, speak with an AWS Partner specialist, or contact an AWS representative to learn how we can help accelerate your business.
Further reading
- Learn more about OPSWAT’s solutions on AWS
- Get started with AWS
- Explore Amazon S3
- Review Amazon S3 documentation
- Explore AWS container services
- Explore AWS PrivateLink
- Review AWS PrivateLink documentation
OPSWAT – AWS Partner Spotlight
OPSWAT is an AWS Advanced Technology Partner and AWS Competency Partner that provides software solutions to secure and manage IT infrastructure, protecting devices and helping secure digital data flow.