Hero FinCorp is a non-banking financial corporation engaged in consumer finance and commercial lending. Consumer finance includes Hero MotorCorp two wheelers and commercial lending caters to corporates with a wide portfolio of financing products including working capital loans and machine loans amongst others.
Hero FinCorp is using FinnOne, a leading loan lifecycle management software for its lending business encompassing initial contact with customer, loan servicing and delinquency management.
Hero FinCorp business is experiencing massive expansion and therefore wanted to deploy FinnOne in a robust and highly scalable environment and achieve security at scale.
Speaking about the business requirement, Shiv Ram Head – IT Infrastructure of Hero FinCorp says, “As a provider of financial services and custodian of sensitive customer information, continuous compliance and enforcing stringent governance are business critical for us as a company.”
Umbrella hardened AWS instances to create golden AMI and used native AWS services including Cloud Formation, AWS Confg, CloudWatch, Cloudtrail and Lambda to automate launch, monitor environment and remediate. Third-party tools such as CloudHealth helps governance with continuous adherence to CIS standards and AWS best practices.
Umbrella team of security experts hardened OS aligned with Hero FinCorps requirements to create a golden AMI. This included disabling password-based access to enable access via SSH only; configuring SSH idle session timeout; disabling default user to enable custom user ids; disabling unwanted services such as FTP; and setting up a banner with HeroFin security policies.
Next Umbrella engineers created templates for deployment in CloudFormation where resources were defined including AMI, configuration details for instances and database, security settings; policies for back-up, log management, tagging, etc. AWS Config was also configured to assess configuration details on a continuous basis, highlight deviations and trigger action.
CloudHealth was configured which picks up data from CloudWatch, CloudTrail and AWS Config to monitor the environment and make regular recommendations to ensure AWS best practices such as IAM based access; default closing of ports; tagging all resources and CIS best practices such as OS hardened golden AMI are used.
In case of deviation, AWS Lambda is alerted via notification to take corrective action. For example if an instance is launched without golden AMI, Config picks up the data and sends SNS to AWS Lambda and alerts to respective executives in charge of those services.
Lambda destroys the instance as auto-remediation and sends notification of the action taken.
For further investigation Umbrella can access logs from Cloudtrail for root cause analysis and preventive action.
CloudHealth dashboards presents all events on non-compliance and actions taken on a regular basis making data for audit reports readily available.
“Thanks to a highly sophisticated monitoring environment which maps adherence with AWS best practices and CIS benchmarks and takes remedial measures, HeroFin operations are always compliant and technology has enabled to meet a critical business objectives,” says Shiv Ram Head – IT Infrastructure of Hero FinCorp.