About the Client
Creditsafe’s online platform allows organisations to better understand the financial status of the companies and individuals they do business with. It provides real-time data surrounding factors such as credit score, financial performance, and company ownership.
With an acceleration into Amazon Web Services (AWS) on the cards and more than 100 developers and technical engineers employed worldwide, consistency was a top priority for Creditsafe. We used in-depth knowledge of AWS to help the company consolidate its position.
Challenge: Cloud Adoption at a Global Scale
As a global player in the heavily regulated financial services sector, governance is always high on the agenda for Creditsafe. When the company set out to enhance security controls and embed consistency ahead of the widespread adoption of AWS, we were appointed to help.
The first step was to implement advanced, compliant single sign-on (SSO) user authentication across the international workforce. We developed an approach that made use of Creditsafe’s existing administrative skills to enable quick and seamless implementation.
Following the success of this project, we turned our attention to the next priority: laying strong and secure foundations for future cloud deployments. With developers based in multiple locations around the world, maintaining consistent approaches and deployment mechanisms was a potential challenge. Our task was to ensure Creditsafe’s high standards were upheld in the cloud.
“We needed a cloud partner that fully understood the rigour of financial services regulations and the best way to ensure compliance. [The team] helped us achieve this consistently across all our locations using in-depth knowledge of AWS and best practice principles.”
Brian McGeough
Director of Production, Creditsafe
Solution: Laying Foundations for a Secure Cloud Infrastructure
After automating the SSO rollout and handing it back to Creditsafe for completion, we held a series of workshops with different members of the Creditsafe team. Our aim was to fully understand the company’s needs and challenges so we could put measures in place to build on its current AWS position.
Armed with this knowledge, we worked closely with Creditsafe to develop a series of AWS environment blueprints. They covered the core AWS services required in most of Creditsafe’s developments including:
- Amazon Relational Database Service (RDS)
- Fargate on Amazon Elastic Container Service (ECS)
- AWS Application Load Balancers with Amazon Certificate Manager integration
These blueprints represent a cornerstone for secure and cost-effective cloud adoption across the company. Their default settings reflect the fact that the initial cloud migration activity will focus on non-production environments. However, they have been architected with the ability to incorporate a more feature-rich and robust set-up as Creditsafe progresses to higher-level production environments on AWS.
A demo of the blueprints was attended by a selection of Creditsafe’s developers, enabling them to see what we had architected first-hand and raise any questions.
Outcome: Consistent Best Practice Delivered
Our blueprints enable Creditsafe to avoid a situation where developers in disparate locations use different mechanisms to deploy workloads onto AWS. Without this uniformity, large-scale adoption could have resulted in widespread inconsistency, potentially creating an unsustainable support overhead.
We also ensured resource tagging good practice became the default by instilling the requirements in code. This enhances visibility, clarity and traceability within the cloud-based estate. Any member of the team in any location can easily identify individual resources enabling better management, which will underpin operational maturity going forward. This also helped reduce overhead for the Creditsafe finance team in chasing cost allocations.
Our initial workshops identified that Creditsafe’s longer-term goals included setting up a self-service platform for the 100-strong global team of developers and engineers. With this in mind, we created the blueprints so they can easily be integrated when the time comes. This will enable the team to act with autonomy without compromising important security factors. Building on the team’s current skillset, this capability was achieved using Terraform and AzureDevOps pipelines.
“For the short term we need a fairly rigid, controlled approach to deployments on AWS, but in the longer term we want our developers and engineers to have greater freedom. [The new] framework enables this without introducing unnecessary risk.”
Rhydian Jenkins
Cloud Infrastructure Architect, Creditsafe
This case study is based on work completed by DevOpsGroup before the team joined forces with Sourced Group, an Amdocs company.