Contexte
Several years ago, a renowned investment bank made the strategic decision to initiate a major digital transformation by leveraging a public cloud.
.
Making Azure resources available to project teams.
The goal is to provide project teams with direct access to Azure functionalities, without the need to develop custom portals or overload Azure APIs. The objective is to ensure a fully native cloud usage, leveraging fully the services and tools offered by Azure. This would simplify resource management and ensure seamless integration with existing services. By providing direct access to Azure functionalities, we eliminate unnecessary complexity and promote optimal cloud usage.
Implementing stringent security rules.
Given the sensitivity of data and applications, it is essential to define and implement strict security controls to ensure protection of the infrastructure. Additionally, effective remediation mechanisms should be in place to quickly address any security rule violations. These controls should enable the detection of anomalies or breaches, limit potential risks, and quickly restore compliance. The goal is to create a secure and resilient environment where data is protected from unauthorized access and information leaks.
Réalisation
Complete guidance in the architecture and implementation of setting up Microsoft's public cloud Azure.
In the context of establishing an Azure infrastructure for the bank, several technical achievements were made to ensure the security, availability, and compliance of resources.
Firstly, architectural technical documents were created to deploy an Azure infrastructure based on the Hub & Spoke model. This model ensures centralized resource management while strengthening security. The team also implemented rigorous security practices, such as preventing data leakage, encrypting communications, and limiting unauthorized access to sensitive resources.
Concurrently, alerts were configured to monitor resource usage, and remediations were put in place to manage resources non-compliant with security rules. A fully managed Hub & Spoke architecture by Terraform was deployed for automated and consistent infrastructure management.
The project also encompassed the establishment of strict security rules to secure user access to Azure, utilizing RBAC (Role-Based Access Control) to authorize resource access and Azure Policies to enforce secure resource configurations. Monitoring tools like Metric Alerts and Activity Logs Alerts were integrated to detect abnormal behaviors and trigger automatic actions as needed. Resources challenging to manage via Azure Policies were parameterized using automated scripts (Runbooks and Functions).
The project also focused on securing inter-application communications with peering rules, firewalls, and routing tables. Finally, secret management was centralized through KeyVault, and the automatic rotation of API certificates was implemented to enhance security.
All these processes were integrated into a security release automation pipeline with Jenkins, enabling continuous and secure updates of infrastructure components. To ensure connectivity with the bank's private cloud, a secure communication setup was achieved through ExpressRoute implementation.
Résultats
Full control and secure utilization of Microsoft Azure cloud for all project teams.
All project teams now have their applications and data in Azure. They are fully independent, and all actions are controlled, monitored, and automatically remediated in accordance with the company's security policies.
Architecture Documents
Establishing Technical Architecture Documents for the Azure Hub & Spoke Infrastructure.
Security controls integrated in Azure
Using Azure Policies, Azure Runbooks and Functions, as well as Azure Alerts, allows complete control over public cloud usage by teams, without the need to use or maintain external tools.
Our offers
With
evryg
transform your projects, products and teams into profitability levers
.
Managed services support
Our developers are also consultants: they translate your business challenges into technical solutions and implement them. 60% of them have more than 10 years of experience.
Our managed services offers
Data, AI & GenAI
We maximize the business impact of your projects while setting up a software and lean framework to accelerate your delivery.
Our Data & AI offers
Product and IT strategy
We help you align your efforts with your financial objectives. Our credo? A solution is perfect when there's nothing left to remove.
Our offers in strategy consulting
Lean Management and IT
We accompany the implementation of an organization that aims to maximize customer satisfaction by reducing deadlines and continuously improving quality.
Our offers in organization consulting
Lean, IT & Data Audit
We analyze your key projects, processes and their implementations to define together actions that can improve deadlines, quality and profitability.
Our audit offers