Automate security prevention and detection as part of Vertical Relevance's Financial Services Framework (FSF)
Within the financial services industry, one of the most common focuses is ensuring the security of workloads and infrastructure. A security misstep can lead to regulatory fines and a loss of customer trust. To manage risk, security teams often need to review every infrastructure stack – this is time intensive and can slow down innovation. By leveraging policy-as-code, companies can automate governance and security policies to reduce risk while allowing developers to innovate.
Vertical Relevance's solution, Control Broker, empowers developers to get quick and frequent feedback on whether their infrastructure as code (IaC) is compliant with firm-mandated security requirements. Control Broker allows organizations to build customized rules and store them in a centralized directory, which means every part of the business can be subject to the same compliance requirements. Control Broker, a serverless application can be called from any stage of the software development lifecycle (SDLC) from the developer's IDE to the CI/CD build, test, deployment stages, and even integrate with continuous detective solutions through a simple API call.
Availability
United States, Canada
Benefits
Centralized library of controls
Build a repository of controls that can be centrally updated and distributed
Automated security review
Automate security policies provides immediate feedback on compliance without manual review
Accelerate path to production
Leverage a fast path to deployment while ensuring products' compliance via Control Broker
Security control as a service
Reap benefits with an iterative approach for teams with thousands of security controls
-
How it works
-
Key activities
-
Customer contribution
-
About this consultant
-
Architecture diagram
-
How it works
-
When engaging with customers, Vertical Relevance analyzes existing controls currently in place, identify gaps that need to be filled with new controls, and then builds out the infrastructure to support the evaluation using Vertical Relevance's Control Broker.
Control Broker provides a foundation for a customer's security evaluation capabilities. At its core, the Control Broker is built to be a serverless application which is a single endpoint that various consumers (CI/CD pipelines, and AWS config rules) can send their resource configuration to and receive a response of compliant or non-compliant.
The Control Broker and its components:
1. Policy library: centralized library of security and compliance controls defined as policy as code.
2. Evaluation engine: leverages controls defined in the policy library to evaluate the compliance of provided resource configuration and return COMPLIANT or NON-COMPLIANT.
3. Consumer: a tool or service that makes requests to the Control Broker to determine the compliance of a set of resources (CI/CD pipelines, AWS config, and developer workstations).
When the Control Broker and its components are implemented, the customer will be able to handle preventative and detective controls and keep their environment safe and secure.
-
Key activities
-
Perform due diligence
Understand current security review processes and discover security controls
Define controlsDefine the discovered controls in a ticketing system as discrete rules that can be implemented in code
Implement control brokerDeploy and configure the Control Broker into the security account designated for centralized control storage
Deploy controls with policy as codeAutomate each control in a Policy as Code tool chosen by VR and the customer
Automate functional testsTest controls against customer workloads known to be valid (passing current security review)
Implement Control Broker consumersImplement Control Broker consumers to interface with deployment pipelines and artifact repositories
Empowers continuous adoptionTrain security teams to enforce security and compliance controls across organizations
-
Customer contribution
-
Key personnel
Provide access to key personnel across the organization for discovery and due diligence activities
Developer access
Grant read-only permissions for development team members to AWS accounts and code repositories
Documentation and artifacts
Share relevant information including internal processes, security policies, and compliance requirements
Infrastructure as code
Provide examples of infrastructure known to be not valid and not valid under the current security review processes
-
About this consultant
-
Vertical Relevance is a consulting firm focused on financial services, including wealth management, asset management, banking, and insurance, helping with the design and delivery of effective transformation programs across people, process, and systems. With 10+ years of AWS and 20+ years of financial services experience, they understand business needs and build solutions to meet sales, marketing, and compliance goals.
-
Architecture diagram
Ready to get started?
Related Resources
AWS Marketplace Details
Vertical’s AWS validated qualifications, customer references, and office locations.
Blog Post
This post presents different security tools as individual baselines that address different types of vulnerabilities across the AWS cloud environment.
Blog Post
This post outlines how to operationalize PaC with a serverless evaluation engine as part of the broader Control Broker solution.
Browse our portfolio of Consulting Offers to get AWS verified help with solution deployment.
Browse our library of AWS self-deploy solutions to common architectural problems.
Engage with AWS Partners for secure, innovative, and cost-effective custom solutions that leverage the power and scalability of AWS services to meet your needs.