How we helped MN to turn their datacentre environment into a state-of-the-art hybrid cloud environment
Bypassing bureaucracy through automated compliance.
Managing over 130 billion Euros in pension assets for more than two million people in the Metal & Technology and Maritime sector, MN is one of the top 3 pension administration funds in the Netherlands.
Aware of its huge responsibility, MN strives to deliver the best pension for its customers. Part of their formula for success is to drive innovation by having a flexible, efficient, secure and agile IT infrastructure. A hybrid cloud environment would be perfect for this goal. However, hybrid environments pose a specific challenge for IT and management teams that MN was not ready for. And then there were the strict compliance rules and regulations for to the Financial Services industry MN has to obey. Requirements that were demanded included region isolation, round the clock audit tracks and secure, fast, reliable and highly available communications between on-premise and the cloud environment.
Most of these requirements were met by deploying Oblivion Cloud Control’s CloudFoundation framework, a blueprint for an AWS cloud infrastructure landing zone, to architect the solution. We designed and implemented a mature AWS multi-account structure that serves as a highly resilient base, which in turn enables a higher security level and seamless manageability based on the Well Architected Framework.
We built a highly automated environment using AWS CloudFormation and AWS CodeCommit, minimizing the risk of human error, reducing the time spent on administrating the platform and allowing a fast Disaster Recovery and a low Recovery Time Objective.
Cloud security principles were designed based on AWS best practices and the CIS Framework. This resulted in a comprehensive security structure that leverages native AWS Services to support them.
To streamline access control, we integrated existing SAML based identity services so MN could use their known systems to authenticate and securely access AWS services, allowing a seamless transition.
The MN infrastructure is fully hosted in a single AWS Region and our engineers implemented logical controls so that only this specific region can be used. This eliminates the risk of data leaving the EU, thus complying with the General Data Privacy Regulation (GDPR) and other regulations.
To ensure that a complete audit trail is available for future audits, we made use of services like Amazon CloudTrail, VPC flow logs, AWS GuardDuty and AWS Config.
Finally, to guarantee the speed, low latency, availability and reliability required, we helped MN to right-size their resources and set up two AWS Direct Connect connections between the on-premise and AWS environments without transferring data over the public internet.
MN now has a state-of-the-art AWS environment with a special focus on financial regulations. It includes an advanced security and compliance framework, automatically checking and enforcing security and compliance governance. It automatically alerts the appropriate stakeholders when abnormal activities or events take place. All events are recorded and securely stored to provide a complete audit trail.
This platform can support any and all workload and any applications. From experimental stacks up to business-critical applications, everything is benchmarked and constantly assessed on security and compliance against all known regulations. This allows MN to experiment more and allows faster deployment of innovative solutions that support and propel a business that is partially responsible for the future of over two million people.