Banking, investment management and FinTech have continually invested in technology upgrades, data analytics and differentiated product offerings in an increasingly competitive and evolving investment landscape. A recent Accenture survey found 90% of banking respondents stating that cloud enables and accelerates innovative adoption. 60% surveyed say cloud-based entrants will challenge traditional businesses shackled by the limitations of their on-premises agility, storage, and computing capabilities.
Western Asset Management (WAM) is currently pushing the envelope with regards to innovation in a highly competitive market. The “active” investment management industry that WAM services involves constantly managed funds and portfolios, time-sensitive transactions and decision-making based upon fast-changing market conditions. And with several options at their disposal, clients expect compressed fees when it comes to managing their money.
By embracing an agile development process and moving DevOps to the cloud, WAM’s application delivery has been transformed for application deployment and product development. In the old days, if the risk management team wanted to develop and test new risk models or algorithms, teams of hardware, networking and IT resources would need to be scheduled. Now in the cloud, instances can be spun up at the push of a button, and sandbox environments for testing purposes can be created and destroyed instantly before pushing to production.
Managing security, risk, and regulatory compliance can be challenging in an agile, dynamic cloud environment. Western Asset Management’s DevOps and security teams embraced the competitive challenges, understanding the need for a well-architected, cloud-native security solution.
We recently sat down with David Pace, who is responsible for Global Information Security at Western Asset Management (WAM), a fixed-income investment firm and an independent affiliate of Legg Mason, managing funds exceeding $420 billion across nine offices worldwide.
The challenges they faced as an organization migrating to the cloud were eliminating risks, detecting when users misconfigured cloud resources, and alerting for threats on a network-level in their public cloud environment.
The initial deployment of RedLock gave WAM immediate insights into their environments, such as identifying administrator accounts without multi-factor authentication (MFA) enabled. The team was able to better approach cloud security in an efficient, scalable manner. Instead of relying on outdated manual methods of getting log data into systems to analyze, they can now rely on the RedLock Cloud 360 platform to identify, prioritize and pinpoint where risks exist and mitigate them as soon as possible.
David and his team discerned three major benefits achieved while evaluating the RedLock Cloud 360 platform:
His team now has visibility into their entire cloud infrastructure, allowing them to see and recognize threats that are targeting their cloud environment from the outside, as well as threats that might be originating from within their cloud environment going out. David now has a 360° view of his environment in one centralized interface where he and his team can run reports or issue and process alerts in real-time to remediate any issues that may arise.
“Our senior IT management really has the confidence now in our cloud team being able to leverage [RedLock for the] compliance, security governance, auditing and network visibility that we get. The ROI has just been immense -- allowing our business to work faster, and more efficiently by leveraging new cloud services -- that in the past we may not have been able to secure properly.”
-David Pace, Global Information Security at WAM
WAM’s future plans with RedLock are primarily focused on expanding the integration across multiple cloud platforms. Initially deployed across Amazon AWS, WAM’s DevOps teams plan to expand across Microsoft Azure and Google Cloud Platform. Having the ability to leverage the RedLock Platform across all three clouds will give David and his team one holistic view as to what’s happening and enable them to accurately assess risk.
For organizations migrating to the cloud or looking to adopt cloud computing technologies, David recommends leveraging a product such as RedLock that provides visibility into their cloud environment for comprehensive user auditing, compliance reporting, and identification of risky behaviors or misconfigurations. Given that, organizations can rest assured that their public cloud environments are secure. With RedLock, users will gain actionable insights along with the confidence that any threats that may present themselves can be pinpointed and remediated quickly.
See the RedLock Cloud 360 platform in Action
Get a demo to see how RedLock can help you with: