Implementing AWS security solution for RBL Bank

About the customer 

RBL Bank, formerly known as Ratnakar Bank, is an Indian private sector bank headquartered in Mumbai and founded in 1943. It offers services across six verticals: corporate and institutional banking, commercial banking, branch and business banking, retail assets, development banking and financial inclusion, treasury and financial market operations  

Customer challenge 

  1. Higher Costs: Building and maintaining an on-premises data centre can be significantly more expensive due to hardware, power, cooling, and facility expenses.
  2. Limited Scalability:   Expanding on-premises infrastructure can be slow and costly, making it less suitable for businesses with fluctuating or rapidly growing workloads.
  3. Resource Management:   Responsibility for security updates, patch management, and hardware maintenance falls entirely on your team.
  4. Disaster Recovery: Creating a robust disaster recovery plan on-premises can be complex and costly.

Our solution 

  1. Identity and Access Management (IAM):  

   – We have implemented strict access controls and role-based access to AWS resources using IAM. 

   – We have enabled Multi-Factor Authentication (MFA) for all users by integrating AWS SSO with Azure AD.  

  1. Virtual Private Cloud (VPC):  

   – AWS resources are being isolated into VPCs with private and public subnets. 

   – We have used Network ACLs, Security Groups and Network Firewall to control traffic.  

  1. Data Encryption:  

   – We have enabled encryption at rest using AWS Key Management Service (KMS) for all sensitive data. 

   – We have implemented encryption in transit using SSL/TLS for data in transit.  

  1. Monitoring and Logging:  

   – We have set up AWS CloudTrail for logging API calls and AWS Config for resource configuration tracking. 

   – We are using Amazon CloudWatch for real-time monitoring and have set up alarms for suspicious activities.  

  1. Firewall Protection:  

   – We are using AWS Web Application Firewall (WAF) and Akamai for application layer protection.   

  1. Backup and Disaster Recovery:  

   – Regularly back up data is taken to Amazon S3 using third party backup tool Rubrik.  

   – We have set up disaster recovery solutions using Nutanix.  

  1. Security Patching and Updates: 

   – We have respective OS (Windows, Linux) patching teams who manage and keep all software and operating systems up to date with the latest security patches.   

  1. Compliance and Governance: 

    – We have ensured that all compliance with industry-specific regulations (e.g., PCI DSS, GDPR) is being followed. 

    – We have implemented AWS Config Rules to enforce compliance policies              

Third party applications or solutions used 

We have third-party security solutions Prisma Cloud and Security Information and Event Management (SIEM) tools for enhanced security monitoring. 

For Penetration Testing and Vulnerability Scanning: Infosec team regularly performs penetration testing and vulnerability scanning to identify    and mitigate weaknesses by using Tenable SC.   

 AWS services used  

 We have used many AWS services like:  

  • Amazon VPC 
  • Amazon EC2 
  • AWS Security groups 
  • AWS NACL 
  • AWS Route tables 
  • AWS CloudWatch logs.

Results and benefits 

  1. Various AWS services has been used to secure the workload and applications on the cloud considering below security pillars: 

Identity and access management  

Data protection  

Detection and response      

Compliance.  

Network and application protection 

  1. 2. Resource Management: By moving on cloud, customer now can implement role-based access controls, ensuring that users have the appropriate permissions, reducing the risk of unauthorized access. There is also data encryption and protection, automated security patching, network security, security automation for auto-scaling, etc.
  2. 3. Disaster Recovery: By setting up DR helped the customer for data integrity, protecting against cyber threats, secure backup & storage, etc.
  3. 4. Risk of unrestricted internet access to EC2 instances was resolved as now we can control the traffic on network firewall by creating domain based allow/block rule, IP based allow/block rule.
  4. Higher Costs: By moving on to AWS cloud, client has saved approx. 40%-50% of the on-prem billing.  

About ACC  

ACC is an AWS Advance Partner with AWS Mobility Competency. Awarded The Best BFSI industry Consulting Partner for the year 2019, ACC has had several successful cloud migration and application development projects to its credit. Our business offerings include Digitalisation, Cloud Services, Product Engineering, Big Data & Analytics and Cloud Security. ACC has developed several products to its credit. These include Ottohm – Enterprise Video and OTT Platform, Atlas API – API Management and Development Platform, Atlas CLM – Cloud Life Cycle Management, Atlas HCM – HR Digital Onboarding and Employee Management, Atlas ITSM – Vendor Onboarding and Service Management and Smart Contracts – Contract Automation and Management.