A global financial services firm was facing two critical challenges. First, a portfolio risk management application was working off a local server, which was a single point of failure. Secondly, the permission structure implemented was inadequate given the sensitivity of the data.
In our latest case study we show how the adoption of the Enterprise File Fabric provided secure end user File access to Cloudian Hyperstore ObjectStorage whilst maintaining Data Governance and Data Compliance.
This financial services customer is one of the largest investment and custodial banks in the world with over 75 offices across the globe – from North American to Europe, Asia and beyond.
The bank had two critical issues to address which resulted from an internal bank audit. First, a critical portfolio risk management application was working off a local server, which was a single point of failure. The bank would not tolerate this for this strategic app. Secondly, the permission structure implemented was inadequate given the sensitivity of the data. Teams assigned to accounts had access to data in accounts they were not supposed to be able to view – resulting in what is known as excess privileges.
USE CASE AND SOLUTION
The bank went through an extensive evaluation process and eventually selected Cloudian HyperStore object storage for the data platform and the Enterprise File Fabric for the user access, file services, and security layer. From a data storage perspective, Cloudian provided exceptionally reliable, redundant, and distributed storage. The data is now spread across three separate nodes in three physical data centers. Any node can go down and the bank will not lose data, addressing one of the key requirements from the audit.
The File Fabric deployment encompasses local development and testing environments, with production environments across two data centers and a load balancer to distribute processing and handle system failures.
The File Fabric provides a range of file services for users not available on object storage natively. From an application perspective, the native REST API provided the mechanism to migrate the application from the NAS to the object storage.
The File Fabric application is integrated with the Bank’s Users and Groups which are managed by Active Directory Identity Access Management and requires multi-factor authentication to login. The File Fabric provides a graphical user interface that can be used to assign account teams to the groups inherited from Active Directory.
The File Fabric enables the users / groups to be assigned NTFS-like permissions to buckets and folders (prefixes) on the object storage. As with NTFS, the File Fabric provides both inheritance and the ability to break inheritance on folders (prefixes). This made for the easy assignation/definition of permissions and aids with quick changes as the business evolves. Attempting to Implement typical S3 IAM policies would have been much slower, error-prone, and less adaptable. The Managing Director on the project said his “development and product team were up to speed after just a couple demo/training sessions.”
The transition to the File Fabric was easy for the users on the account teams. The bank uses the File Fabric Cloud Drive, which make data in Cloudian look and behave like a network drive in Windows Explorer. From the user perspective, the MD said: “that was the big win for us. We migrated the data to object storage, and it was completely transparent to our users. It worked just like it did before. To the users, it is just another home drive”.
When asked about his experience with SME professional services and support teams, the MD said: “it is excellent, no questions asked. They are always very responsive. I would be happy to recommend The Enterprise File Fabric to other financial services firms.”
Download the case study here.by