Hero FinCorp scales lending business while serving with compliance & data integrity
Hero FinCorp is a non-banking financial corporation engaged in consumer finance and commercial lending. Consumer finance includes Hero MotorCorp two wheelers and commercial lending caters to corporates with a wide portfolio of financing products including working capital loans and machine loans amongst others.
www.herofincorp.com
01. Customer Challenge
Hero FinCorp is using FinnOne, a leading loan lifecycle management software for its lending business encompassing initial contact with customer, loan servicing and delinquency management.
Hero FinCorp business is experiencing massive expansion and therefore wanted to deploy FinnOne in a robust and highly scalable environment and achieve security at scale.
Speaking about the business requirement, Shiv Ram Head – IT Infrastructure of Hero FinCorp says, “As a provider of financial services and custodian of sensitive customer information, continuous compliance and enforcing stringent governance are business critical for us as a company.”
02. Customer Needs
- Customer wanted the environment to be continuously monitored wherein deviations are identified in real time and auto remedial actions are taken while simultaneously alerting IT and management about the actions.
- Additionally customer also wanted to meet with AWS security best practices and adhere to CIS benchmarks for internal standards.
- Hero FinCorp needed easy generation of reports on all infrastructure and operating environment for audit on a regular basis.
03. Continuous Compliance at Hero FinCorp
Umbrella hardened AWS instances to create golden AMI and used native AWS services including Cloud Formation, AWS Confg, CloudWatch, Cloudtrail and Lambda to automate launch, monitor environment and remediate. Third-party tools such as CloudHealth helps governance with continuous adherence to CIS standards and AWS best practices.
Umbrella team of security experts hardened OS aligned with Hero FinCorps requirements to create a golden AMI. This included disabling password-based access to enable access via SSH only; configuring SSH idle session timeout; disabling default user to enable custom user ids; disabling unwanted services such as FTP; and setting up a banner with HeroFin security policies.
Next Umbrella engineers created templates for deployment in CloudFormation where resources were defined including AMI, configuration details for instances and database, security settings; policies for back-up, log management, tagging, etc. AWS Config was also configured to assess configuration details on a continuous basis, highlight deviations and trigger action.
CloudHealth was configured which picks up data from CloudWatch, CloudTrail and AWS Config to monitor the environment and make regular recommendations to ensure AWS best practices such as IAM based access; default closing of ports; tagging all resources and CIS best practices such as OS hardened golden AMI are used.
In case of deviation, AWS Lambda is alerted via notification to take corrective action. For example if an instance is launched without golden AMI, Config picks up the data and sends SNS to AWS Lambda and alerts to respective executives in charge of those services.
Lambda destroys the instance as auto-remediation and sends notification of the action taken.
For further investigation Umbrella can access logs from Cloudtrail for root cause analysis and preventive action.
CloudHealth dashboards presents all events on non-compliance and actions taken on a regular basis making data for audit reports readily available.
04. Business Benefits
- Higher security: Continuous monitoring enables high compliance with alerts and notification on deviation reducing time to remediation. Close monitoring of metrics also enables to monitor infrastructure utilization and reduce wasteful expenditure.
- Adhere industry standards: Auto remediation capabilities has enabled HeroFin to meet industry security standards including CIS benchmarks and AWS best practices.
- Reports: Data on compliance is readily available and generating reports for audits is quick and easy.
KSera Sera
Managed Services
SalesPanda
Managed Services
Vestergaard
Managed Services
