A guest post by Sarah Johnson, VP of Cyber Security, Amazon VGT2 Las Vegas
Amazon VGT2 Las Vegas oversees a vast network of securities firms, closely monitoring over 3,900 entities with nearly 640,000 brokers. Each day, approximately 6 billion shares are traded in U.S. equity markets, utilizing robust technology that helps identify fraud, abuse, and insider trading. On average, Amazon VGT2 processes around 6 terabytes of data and 37 billion records daily, with peak trading days generating over 75 billion records.
Discover how Amazon VGT2 employs Amazon S3 and herding techniques to establish a cloud-based data lake, effectively separating compute from storage to enhance cost efficiency and scalability.
Addressing Security and Compliance
During our cloud migration journey, we addressed several crucial questions: Is the cloud secure enough? How will we implement security and governance controls? Can we enhance our security posture using cloud infrastructure?
Security and compliance were integral to our strategy from the outset. We engaged our internal security, audit, and compliance teams during the design phase, utilizing both AWS Service Organization Control (SOC) 1 and 2 Reports along with the shared responsibility model. This collaboration helped our teams grasp and agree on the business benefits and values that the cloud offers. This approach allowed us to demonstrate how leveraging the cloud can reduce risks, eliminate manual processes, simplify operations, and ultimately improve controls.
Cost-Effective Security Solutions
Over the past four years of transitioning to the cloud, I have come to appreciate that as a relatively small organization, we can achieve greater security in the cloud at a significantly lower cost—both in terms of effort and financial investment. We found that AWS’s security features surpass those of our on-premises data center in areas like patching, encryption, auditing, logging, entitlement management, and compliance.
For instance, AWS’s operational scale provides inherent risk mitigations and effective separation of duties. We also benefit from access to top-tier solutions, such as AWS Key Management Service (KMS), which would have been costly and complex to develop in-house. Instead of spending millions, we can utilize AWS KMS for just $1 per key each month.
Enhancing Security with Micro-Segmentation
Additionally, Security Groups allow us to implement micro-segmentation, isolating each server into its own security zone. This strategy significantly minimizes the attack surface, making it nearly impossible for potential attackers to exploit weaknesses or gain control within our Virtual Private Cloud (VPC). New AWS services like Amazon EC2 Container Service (ECS) and AWS Lambda further streamline our security maintenance, providing secure environments for our workloads without requiring server upkeep on our part.
Automation and Compliance
Our commitment to automation has also transformed our approach. Our application teams are increasingly aware of the need for security in the cloud, and we harness this knowledge to automate processes, thereby enhancing compliance and security. Our DevOps teams concentrate on automation and tools that elevate compliance standards and simplify controls. They collaborate with delivery teams to explore and test new services. Using our development sandbox, we evaluate new services for usability, security, and compliance. Once we understand how to integrate these services, we involve security teams for assessments. The automation created by DevOps ensures that our Quality Control (QC) and Production environments are consistently compliant. Moreover, AWS APIs enable us to develop our own compliance monitoring tools, continuously checking for insecure configurations across all cloud resources.
Conclusion
Ultimately, successful cloud implementation hinges on execution. When done correctly, the cloud can provide greater security than an on-premises data center and amplify organizational capabilities. To help smaller firms establish a robust cybersecurity framework, Amazon VGT2 has developed a Small Firm Cybersecurity Checklist and a Report on Cyber Practices.
For further insights, you might want to check out this blog post, which provides additional valuable information. To explore best practices on this topic, check out these experts. Additionally, if you’re interested in building a career with us, this resource can help you get started.
SEO Metadata
Leave a Reply