Customer Stories / Financial Services
Deutsche Börse Manages Assets Across Cloud Providers and Maintains Compliance Using AWS Config
With its storage and network infrastructure distributed across multiple cloud providers and on-premises data centers, the international exchange organization Deutsche Börse Group needed a solution that would give it a clear view of its cloud resources across multiple environments to help it meet security compliance requirements.
Near real time
information delivery, compared to 1 day later
Single view of assets
across cloud providers
Simplified asset monitoring
to maintain security compliance
day-to-day operations for staff
After using Amazon Web Services (AWS) for analytics and other workloads since 2016, the company turned to AWS to improve its asset management system. Now, Deutsche Börse inspects and audits assets using AWS Config, which lets users assess, audit, and evaluate the configurations of their AWS resources. By doing so, Deutsche Börse can continuously monitor and record the inventory configuration changes of its AWS resources and its assets on other cloud providers. As a result, the company has simplified asset monitoring and improved its ability to maintain security compliance. It has also streamlined day-to-day monitoring operations for its teams, improving productivity and performance.
Opportunity | Simplifying Cloud Asset Management on AWS
Deutsche Börse runs and operates financial trading markets in Germany and other parts of Europe, as well as in Asia and North America. The company is a market infrastructure provider, with nearly 4,000 of its more than 10,000 employees involved in information technology. Previously, it ran all its data centers on premises and monitored long-running assets, such as servers with a lifespan of several years, using an on-premises solution. However, as the company began building out its cloud infrastructure across several cloud providers, its existing asset management system could no longer support its needs for security compliance monitoring.
“We are a regulated business,” says Christian Tueffers, senior cloud architect at Deutsche Börse. “We need to know what our assets are, how they are configured, and whether they are compliant with security rules and guidelines.” As such, the company needed a solution that would pull data from its cloud environments into a consolidated asset management system that would provide a convenient view of its entire asset catalog.
In early 2021, Deutsche Börse began developing this new solution on AWS. The company chose AWS Config because the service automatically supports AWS resources while also letting Deutsche Börse register custom resource types. This feature helps the company view and track all its assets across multiple cloud providers in one place. “The underlying data model of AWS Config is solid and very powerful,” says Tueffers. “We can onboard custom resources and use the built-in timeline function to track changes.” AWS Config has become the primary tool for monitoring its virtual machines, serverless functions, managed databases, object storage, and networking components from AWS and other cloud providers.
We have the ability to identify whether the resources are compliant with these baselines, and that is something regulators like to see.”
Senior Cloud Architect, Deutsche Börse Group
Solution | Meeting Security Compliance with Better Visibility into Multiple Clouds
Using AWS Config, Deutsche Börse can continuously monitor and audit the compliance of all its resources. While the service gathers data directly for the company’s AWS resources, it also stores data from other cloud providers. To gather that data, Deutsche Börse uses Amazon Simple Queue Service (Amazon SQS), a fully managed message queuing service for microservices, distributed systems, and serverless applications. Then, the company uses AWS Lambda, which lets users cost effectively run event-based code for virtually any type of application or backend service, to process the data and push it to AWS Config.
With these services, Deutsche Börse has a near-real-time view of its resources, whereas its previous system didn’t share information until the following day. “AWS Config is the beating heart of this project,” says Moritz Sundarp, cloud platform engineer at Deutsche Börse. Amazon API Gateway—a fully managed service that makes it simple for developers to create, publish, maintain, monitor, and secure APIs at any scale—and Lambda functions pull data from AWS Config to the company’s asset management user interface. “For the first time, the product teams can see all the assets across multiple cloud and on-premises environments in one view,” says Tueffers. “Before that, they had to go into different cloud service providers or even into different AWS accounts.” This consolidated view has made day-to-day operations—such as finding assets and asset owners more quickly—simpler for Deutsche Börse’s operational teams and has improved their productivity.
Using AWS Config also helps Deutsche Börse store the configuration history of its resources, which lets the company review its security compliance with ease. Additionally, the advanced query feature in AWS Config lets the company check the state of all resources on the service through a single endpoint. For example, Deutsche Börse uses AWS Config to ensure that mandatory tags are applied to cloud services. These tags are required for billing purposes but also to maintain, for regulatory purposes, clear asset ownership. The service facilitates Deutsche Börse’s continuous evaluation of the compliance of those resources. “We can also display that compliance information in the user interface so that users can see which of their resources comply with which rules,” says Sundarp.
Outcome | Fine-Tuning Security Compliance Using AWS Config
Deutsche Börse plans to use AWS Config rules to define specific security baselines and continue fine-tuning the compliance requirements of individual assets, further simplifying its security compliance monitoring. “We have the ability to identify whether the resources are compliant with these baselines,” says Tueffers. “And that is something regulators like to see.”
Having developed a new asset management solution and improved its ability to maintain security compliance, Deutsche Börse is confident in its future on AWS. “We take pride in being a front-runner in adopting the cloud and AWS,” says Tueffers. “AWS is very stable and delivers high performance. There are always challenges out there with compliance, but on the cloud, we can overcome them.”
About Deutsche Börse Group
As an international exchange organization and innovative market infrastructure provider, Deutsche Börse Group ensures markets characterized by integrity, transparency and stability. With its wide range of products, services and technologies, the Group organizes safe and efficient markets for sustainable economies. Its business areas extend along the entire value chain in exchange trading, including the admission, trading and clearing, and custody of securities and other financial instruments, the dissemination of market data, as well as the management of collateral and liquidity. As a technology company, the Group develops state-of-the-art IT solutions and offers IT systems all over the world. With more than 10,000 employees, the Group has its headquarters in the financial center of Frankfurt/Rhine-Main, as well as a strong global presence in locations such as Luxembourg, Prague, London, New York, Chicago, Hong Kong, Singapore, Beijing, Tokyo and Sydney.
AWS Services Used
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers.
Learn more »
Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
Learn more »
Amazon API Gateway
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
Learn more »
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.