• Quick and reliable public cloud deployments using Terraform
  • Enables users to describe public cloud environments in code
OK, the secret is out (our CTO Alex gave a talk about it, you can watch it below). One of the reasons Hentsū can deploy environments so quickly and reliably is because of the tools we’ve selected.  We’ve been using HashiCorp Terraform to describe, deploy and maintain public cloud environments since the company was founded. So we were glad to see Microsoft recently announced a multi-year partnership with HashiCorp to enhance the Terraform Provider for Azure. This is great news for Terraform users, like Hentsū, who have already benefited from using the Infrastructure as Code method of provisioning.

What Exactly is Terraform?

Terraform enables us to describe public cloud environments in code (HashiCorp Language). Terraform can then compare a public cloud account to the code and create a plan of changes to bring the environment up to date. If the plan is acceptable it can then be applied by Terraform to create, update or delete infrastructure resources such as networks, routing tables, firewall rules and virtual machines. It does this rapidly with as much parallelisation as possible leading to a slick, reliable and iterative way of deploying and maintaining public cloud environments. Deploying additional environments (test, staging, production) becomes a copy & paste exercise, or we create reusable modules. Using a code versioning system, like Git, we can version control a public cloud environment and even rollback to a previous version if, for example, a firewall rule change didn’t have the desired result. Changes can be codified on a separate code branch, and a pull request and approval required to promote changes to the master branch. This makes for a robust change management workflow for business-critical production environments. The code commit history provides an audit trail of who changed what, and the commit notes describe why. Terraform requires administrative credentials to make changes to public cloud environments. Storing these securely is a challenge so we prefer to generate short lived credentials that are usable for maximum 1 hour. Also, as part of a release pipeline, a scheduler like Teamcity or Jenkins can apply approved changes on behalf of IT and development teams.

Hentsū and Terraform

Microsoft backing HashiCorp only confirms that using Terraform to provision resources on cloud platforms is becoming the standard way of deploying infrastructure. Hentsū has first-hand experience using the software to deploy infrastructure successfully for its clients.

How Hentsū can Help

Want to discuss using Terraform software to deploy onto the cloud? Contact us at: hello@hentsu.com

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
More questions around cyber security and the safety of the cloud arose this week when it was revealed that the personal information of almost 200 million citizens had been left exposed for anyone to access on the Internet. More than a terabyte worth of personal details such as home addresses, phone numbers, and even voter registration details, collected by the US-based conservative data firm Deep Root, were stored on the Amazon cloud server, and were publicly accessible via a URL.  According to the firm, the data was left exposed after an update to their security system. A simple mistake, easily preventable, and yet it’s evident that the necessary procedures in place to mitigate these breaches in security were lacking.

THE REPERCUSSIONS OF OVERSIGHT

The news of the Deep Root leak made international headlines because of the scale of the leak and the magnitude of the political ramifications, however, they are certainly not the first and only firm to have a lackadaisical attitude towards storing and protecting its data.  Major leaks from big companies or organisations, from Yahoo, to Target, and even the NHS, have all been the centre of media scrutiny in the past, and it seems fresh news of data security breaches are hitting our newsstands almost weekly. According to a recent survey by Thread Stack, 73% of companies (out of the 200 surveyed) have at least one critical security misconfiguration that would leave their environment vulnerable and wide open to the Internet. If that weren't cause enough for concern, firms are also paying the price, quite literally, for their passive approach to security and data-encryption. Some disgruntled clients who have had their sensitive information stolen or exposed are demanding compensation, and are filing class action lawsuits, with the pay-outs sometimes ranging in the millions, leaving smaller firms with no choice but to close down. A hefty price to pay for a mistake so easily avoidable with the right procedures set up by those with the appropriate skills and experience.

CLOUD SECURITY PROCEDURES

Even though sensitive information was left exposed on the web for anyone to access, human error and lack of procedures should not put people off using cloud-based systems and services.  Additionally, on-premise hardware is not any less likely to be subject to security errors and oversights.The reality is, thousands of firms are currently using cloud-based systems, and realistically the numbers are only going to increase. Cloud platforms allow for several benefits, like flexibility in the cost of backup solutions, and the ability to process large amounts of data more cost effectively than traditional physical hardware. They also have the further benefit of exercising more granular control and auditing of the security.

CONSEQUENCES OF INEXPERIENCE

Nonetheless, using the cloud is only profitable if the necessary procedures are set up correctly and with security in mind. A bit like an Ikea flat pack, servers like AWS give you the tools to build an infrastructure, however, assembling it so it lasts long-term, is efficient, and doesn’t crumble under duress, is up to you. If the object you’re building is something small, like a side table, doing it yourself doesn’t seem like that big of a deal. Yet, if we think on a much larger scale, say a wardrobe, suddenly security, longevity and efficiency are at the top of your priorities. The consequences of inexperience are simply not worth the risk, which should be taken seriously. When using a cloud-based platform like AWS, numerous processes should be put in place to limit the chances of a safety breach. Simply relying on AWS or Microsoft to provide the level of security needed to avoid breaches and mistakes from occurring is simply not enough.  Even Ian Massingham, Amazon Web Services' (AWS) chief evangelist for Europe, Middle East and Africa, has stated that AWS are "not the owners or custodians of the data - we just supply the resources" adding. "we don't control how the data is protected, customers do".  Essentially, AWS cannot be held accountable in the event of a leak if the client didn't build the necessary infrastructure and processes to maintain and protect the data stored within its system. It boils down to who is responsible for the security within the cloud (the client) and who is responsible for the security of the cloud (AWS).

HOW HENTSU HELPS

Keeping this in mind, Hentsū helps build secure infrastructure for its clients by storing it behind multiple layers within the AWS platform or any other cloud platform. Each layer securely locked and accessible only through specific security requirements, such as location access, trusted devices passwords, and two-factor authentication. Doing this minimises the chances of simple and avoidable mistakes leaving data vulnerable and exposed on the web. Cloud-based platforms can only run efficiently if the correct infrastructure is built within them. For those firms who do not possess the knowledge and experience to correctly set up secure procedures within a cloud platform, Hentsū can ensure the correct systems are in place to minimise the circumstances in which a breach in security could occur.

YOUR NEXT STEPS

Questions around the protection of data and secure servers will always be relevant. By taking the necessary steps and ensuring secure procedures are in place as a safety net, there should be no reason to fear cloud-based platforms. Most importantly, you need to be confident that your systems were built to run by experts with the experience and knowledge in constructing secure servers and databases. Minimising human error by setting up and establishing proper security procedures goes a long way in ensuring systems run both efficiently and securely.

Contact Us

How secure is your infrastructure? Contact us for a security analysis and strategy: hello@hentsu.com

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY

Hey you; get off of my (public) cloud

It appears the UK regulator might want to rewrite those famous Stones lyrics. It has truly been refreshing to see the Financial Conduct Authority (FCA) adopt such a progressive attitude towards cloud services. Regulatory guidance or consultations typically precipitate a collective sigh from the market. But the FCA’s guidance consultation 15/6 issued last November was instead met with universal approval. Many even claimed it would pave the way for financial services companies to take advantage of cloud computing services. Cloud architectures and delivery models have naturally long been championed by IT professionals. But, with the FCA clarifying that it doesn’t object to the use of a public cloud per se, the floodgates truly have been opened. Of course the guidance comes with a caveat. The regulator insists firms must continue to comply with regulations such as Systems and Controls (SYSC). But, caveats aside, this is pretty progressive. It is also helpful in cementing the regulator’s position as a supporter of innovation. Our industry has often been hamstrung by decades of technical debt and a desire to maintain the status quo. Surely having a regulator take an active stance in promoting and fostering innovation is to be applauded? This follows in the older news of other financial regulators embracing, publicly approving or even themselves using the public cloud, for example Singapore and FINRA. The European Union Agency For Network And Information Security (ENISA) had a good summary in their recent report, covering also the Dutch and Swiss regulators.

FCA Cloud Guidance - the Risks and Considerations

That said, adopting cloud services is not without risk. It is therefore absolutely right that the published guidance documents a detailed list of factors firms should take into account before doing so. It is imperative that any solution is implemented correctly. The guidance offers a comprehensive, but by no means a prescriptive list of all those factors that need to be considered. These include: legal and regulatory, risk management, international standards, provider oversight, access to data and business premises, outsourcing supply chains, change management processes, business continuity and resolution plans, and finally vendor risk. Encouragingly the FCA offers constructive guidance within each of those categories. For example, given that some cloud service providers keep the location of their data centres a guarded secret (for security reasons), the FCA acknowledges that “service providers may, for legitimate security reasons, limit access to some sites – such as data centres.” Even so, not having physical access to a data centre, does not prohibit firms from complying with audit obligations to provide access to certain data sets. We believe the FCA is showing both a pragmatic and progressive approach towards cloud adoption and is in our opinion a new chapter for financial technology. And it is already materialising on the ground with a wave of recent or imminent announcements of big adoptions of public cloud computing from some established names across the spectrum of financial services. To understand more about our managed cloud services visit //hentsuprod.wpengine.com/why-hentsu/ As fans of the Rolling Stones, we just had to include an obligatory picture: A cloud tribute to the Rolling Stones

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
Hentsū, the specialist fund manager cloud services provider, has successfully completed the Cyber Essentials security audit and certification. This is a key part of providing the cloud security that financial services clients require.

Cloud Security

There is an ever increasing need for cyber security, especially for cloud services. AWS treat security as "job zero"and provide a comprehensive cloud security across their infrastructure. Hentsū builds upon this layer with the breadth of AWS tools, partners and our own in-house expertise. We and other AWS clients such as Capital One believe that they are more secure in AWS than own data centres.

Cyber Essentials

Hentsū understands that our customer security starts with our own security. We strive for full transparency and accountability and the Cyber Essentials audit we have just completed is one of the many initiatives towards this goal. Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. The certificate is available online: //www.qgstandards.co.uk/qgce200/

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
Cloud infrastructure is ready for prime time - AWS for hedge funds is rapidly becoming "the new normal" no-brainer, providing an enabling technology platform to address many of the business challenges faced by managers. Running a hedge fund has never been more challenging. To start with, markets have been very unpredictable. Central bank policies across the world have played a key role in driving (or arguably distorting) asset prices, not only in fixed income and currency markets but also other asset classes. The competition has also evolved. The rise of the ETF industry has made it cheaper for investors to track benchmark indices, and even introduce some degree of model-based active management through intelligent beta finds. At the same time, an industry that historically has been unregulated is now coming under the watchful eye of financial watchdogs – triggering a corresponding increase in compliance costs for fund managers and operational burdens spanning a range of activities, from registration through to record keeping and reporting. So with alpha discovery proving more difficult, pressure to justify fees coming from cheaper investment vehicles, and costs on the rise because of new compliance requirements – smarter and more agile use of technology is more critical than ever. Sadly, many fund managers and vendors are still bogged down with legacy systems and solutions that are complex and inefficient to manage. They are under the illusion that owning and operating one’s own server and network infrastructure offers some form of advantage, when the opposite is in fact true. What’s needed is a new approach; an agile way of solving fund manager problems using new technology architectures. That is why we founded Hentsū. Our vision is to deliver hedge fund technologies that are agile, secure, compliant, scalable, resilient and cost effective. Building solutions that maximise the benefit offered by cloud infrastructure providers like AWS, for hedge funds. If those qualities are what you look for in your IT systems, get in touch.

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY