Swiss Post Innovates on Secure Foundation with AWS
Trust is a keyword for the Swiss Post brand, and reliable security was a key reason for choosing AWS.”
Enterprise Cloud Architect, Swiss Post
Swiss Post is a 170-year-old, highly trusted national institution. Over 60,000 staff deliver seven million letters and up to more than a million parcels daily.
But while Swiss Post identified changing customer demands, such as fulfilling international ecommerce, it was burdened by legacy IT. Scaling for growth and additional demands was difficult. And innovation, while central to its future, couldn’t be at the expense of the reliability customers expect. Security had to be the rock upon which everything would be built.
Selling the Vision
Swiss Post enterprise cloud architect Christoph Siegrist had a vision. His team would modernize the company’s entire technology stack to make it agile, scalable, and more responsive to customer needs—all while prioritizing security and guaranteeing service quality.
For this he had to ensure that the organization understood his vision and trusted the reliability of these new services, especially in regards of security and quality requirements. This keeping in mind that Swiss Post was awarded “Best Postal Service in the World” for several years in a row by the Universal Postal Union. “The trust level for our organization is very high. We would lose that trust if, early on, we deployed insecure applications. If that happened, our cloud strategy would be impaired,” says Siegrist.
In 2018, Swiss Post launched an ambitious plan to modernize its applications and chose AWS as its preferred cloud provider at the core of its cloud-native strategy.
Starting with Secure Cloud Foundations
“Trust is a keyword for the Swiss Post brand, and reliable security was a key reason for choosing AWS,” says Siegrist. So that project teams could focus on delivering business value, Swiss Post decided to ensure that every team had an AWS account baselined and compliant to Swiss Post security controls from day one.
Each account is built on what Swiss Post solution architect Michael Ullrich refers to as the “Swiss Post AWS Foundation,” which adheres to Post’s security standards and is based on the CIS Controls Cloud Companion Guide, the CIS AWS Foundations Benchmark standard, as well as the AWS Foundational Security Best Practices standard. Today each team can start building applications with confidence, knowing that their accounts are already secured.
There is also automated software delivery, through a continuous integration and continuous delivery (CI/CD) pipeline, using infrastructure as code (IaC), as well as centralized cloud networking, managing connections to on-premises connections.
For monitoring, the Swiss Post security operations team uses AWS Security Hub and Amazon GuardDuty, in conjunction with the existing on-premises Splunk environment, to get an aggregated view of the whole dynamic account landscape. “Our security operations team can fine-tune event sensors, which are distributed throughout the account landscape, via a single configuration repository, and get instant alerts about severe security events. AWS ticks all the boxes,” says Ullrich.
Cloud-Native Vision, Building on the Foundations
For decades, OLIS (a key Post logistics application) has been at the heart of Swiss Post operations. A 20-year-old on-premise application, OLIS had served admirably in the past, but was running on outdated database technologies and legacy application architectures.
As demand grew, so did the pressure on OLIS, and the risk of system failures. It was also difficult for Swiss Post project teams to deliver new features. A major change was needed.
Siegrist’s vision, and the business case he took to the Swiss Post board, had a clear direction: Swiss Post re-architected its on-premises workloads and containerized them using Amazon Elastic Container Service for Kubernetes (Amazon EKS). For the backend database, the team relies on Amazon Aurora, which is built for the cloud, but also its serverless version alongside the NoSQL databases available in AWS. They can now innovate without being held back by infrastructure. “Today we have a very strong cloud-native approach at Swiss Post. We don’t do lift-and-shifts. We take new workloads, or workloads coming to the end of their functional lifecycle, and re-engineer them and bring them into our cloud platform,” says Siegrist.
From Proof of Concept to Cloud-Native
For one project, solution architect Simon Messerli had an important service in his sights. His New Eco System (NES) team was gradually replacing OLIS and some of its environment systems, and would start with a small proof of concept (PoC), while thinking big for the future. The PoC was Swiss Post Dynamic Returns Platform (DRP). DRP is an advanced application that manages the incoming returns from ecommerce companies and starts the duty drawback process. Based on what each retailer specifies, Swiss Post can check the incoming parcels and process the returns. Simultaneously, the customs taxes are reduced for the customer by the value of the returned items.
Within three months, the project team was able to move DRP from PoC to production-ready using the CI/CD pipeline and the security baseline provided by the “Swiss Post AWS Foundation”. The pipeline was building, testing and deploying code and the DevOps team was comfortable in the new environment.
Today, the company uses over 80 AWS services to modernize 30 IT applications and support its transformation plan. In addition, the team has demonstrated its success to the board. “Using AWS, we can now continuously integrate and deliver code changes and constantly add new features. We also automated our application management, leading to significant operational cost savings,” says Siegrist.
Bonus Benefits in HR
Swiss Post also found an unexpected upside. Ditching dated development processes and traditional waterfall delivery in favor of AWS made it an employer of choice. The chance to work with the whole range of AWS services on innovative, Agile-driven projects now attracts the best IT candidates to Swiss Post. Through events such as Digital Switzerland or Women in Tech, it has developed a reputation as the destination for ambitious technology talent.
Siegrist’s team is growing and he is upbeat about the future. The transformation journey has been long, and there is a great deal more to deliver. But the team is proud of its progress, and of bringing the Swiss Post board, and the wider organization, on the same journey. With cloud-native applications in production and more in the pipeline, Siegrist’s team is delivering on the vision articulated in the business case. Working with AWS, the future offers better services for Swiss Post customers, and a motivated development team with the tools to deliver them. “We all have the same aim. Everyone knows the future is the cloud,” says Siegrist.
About Swiss Post
The 170-year-old Swiss Post is the national postal service of Switzerland. Over 60,000 staff deliver seven million letters and half a million parcels daily. The organization is one of Switzerland’s biggest employers.
Benefits of AWS
- More agile development teams
- Improved service availability
- Better service performance
- Lower time to market
- Greater scalability and elasticity
AWS Services Used
AWS Security Hub
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
Amazon Elastic Kubernetes Service
Amazon Elastic Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and scale Kubernetes applications in the AWS cloud or on-premises.
Companies of all sizes across all industries are transforming their businesses every day using AWS. Learn more about AWS compute for any workload and start your own AWS Cloud journey today.