Migration and Modernization of a Global Crypto Platform
“Protagona’s holistic approach was key in helping us achieve the levels of automation and observability that we wanted of our platform. Their expertise and commitment to our success are key differentiators and look forward to working together for years to come.” – Stephen Taylor, CIO
Vast Bank, N.A.’s (“Vast Bank”) forward thinking leadership team implemented a plan to become the first nationally chartered US bank to provide a seamlessly integrated Crypto platform for their customers. They would create a mobile app, build their own banking core, and provide world class integrations with Coinbase all in an easy to use platform. As this new capability would stretch Vast Bank beyond the boundaries of their Oklahoma based branches, a proper growth strategy and technology enablement would be paramount to successfully scale.
While Vast Bank’s focus was to disrupt the market by introducing the ability to seamlessly buy, sell, and hold crypto with available funds from their checking account, they needed to introduce modern security, observability, scalability, and reliability into their AWS platform. They had the banking expertise internally, but looked externally to Protagona to help drive their cloud migration and modernization journey. Helping with observing issues before being reported by customers, and meeting industry compliance were two major focuses during the engagement.
As part of the migration and modernization effort, Protagona designed a solution for the platform that incorporated industry leading tooling and enforced best practices to enhance the visibility and security of the platform.
Design and implementation of observability tooling enabled Vast Bank to monitor, alert, and remediate issues faster than ever before. The first step was scoping and establishing a set of tools that would provide the capability to monitor critical processes and send telemetry to aggregation points for centralizing, correlating and exposing observability data across the enterprise. A combination of AWS and open source tooling allowed us to do everything from OS process monitoring, to synthetic transactions, to real time log filtering and shipping.
Next came the management of the data; aggregating, collating, analyzing, and alerting on events from disparate sources. This was accomplished by a combination of collaboration with stakeholders and automation to quickly and reliably collect and ship data to relevant destinations. With this completed, full visibility was instrumented via a combination of real time dashboards, custom alerts integrated with various communication mediums, and periodical reports.
Finally comes the challenge of putting the right information in front of the right people. This is always an interesting challenge; the exercise of balancing the right amount of information to be useful without creating an unhealthy signal-to-noise ratio. Taking an iterative approach, various alerts and dashboards were fine-tuned over time to give operational and management teams the ability to know what they needed to know.
With a major new platform and constantly evolving AWS environment, security became a primary focus for Vast Bank’s leadership.They needed to obtain visibility and be able to capture the state of their workloads so as to satisfy internally mandated best practices as well as prudential regulators. Various AWS tools were instrumented to provide these capabilities, enabling visibility and control of everything from OS patching to monitoring every API action across AWS and applications.
Working in close conjunction with the CISO, Protagona built a comprehensive platform for continuous monitoring of all AWS workloads against multiple security frameworks and regulatory bodies (CIS, OCC, etc.). This enabled us to rapidly detect, prioritize, and remediate any findings across the enterprise, reducing effort during rigorous exam cycles from the OCC.
Additionally, the CI/CD workflow was modernized to adopt a shift-left philosophy, wherein all code deployed to the environment is subjected to linting and scanning against relevant security rules. These scans were run early in the pipeline, before any deployment so that developers could gain rapid feedback and address issues. This is a key capability, reducing the amount of effort required to maintain security posture as well as imbuing a DevSecOps mentality into the development cycle. Enabling the security team to help define the security posture programmatically allowed for stronger asynchronous collaboration security and development teams. To this day, this implementation led to a 60% reduction in remediations across all environments, as well as reducing the need to address identical violations from re-used code modules.
- AWS OpenSearch (log aggregation, search, and visualization)
- CloudWatch Logs, Metrics, Insights, Anomaly Detection, and Canaries
- FluentD (agent-based log shipping)
- AWS SecurityHub
- AWS Inspector
- AWS Guard Duty
As a result of the engagement, Vast Bank was left with a clear sense of the state of their environment and how secure their various workloads are. These changes are felt at all levels; leaders now have data they need to address routine audits, and support personnel now get customized alerting and visualizations into the workloads they are responsible for. This directly led to a reduction in security operational overhead, wherein the average time to gather data went from multiple months to multiple weeks. Tying a modern security framework into the observability capabilities makes time for more innovation and less toil across the enterprise.
Protagona continues to partner with Vast Bank in their ongoing journey as a premier regional bank.