Cecure Intelligence Limited
Case Study SFTP
case study

CIL helps an Irish bank to develop a file transfer solution with AWS

About the customer

This Irish bank is a commercial bank that plays a large role in the Irish banking industry. It is one of the largest financial services groups in Ireland and provides a wide range of banking and financial services. The bank is becoming leaner and more agile with the use of Cloud services, in particular AWS.

The challenge

To allow the transfer of files out of the bank and to be made available for a third party customer to pull. They had the requirement to make a daily file available for a third party customer to download and process. Due to the limited capabilities of the system generating the file, the solution had to use SFTP. Moreover, the same file transfer functionality was required by multiple customers within the bank, therefore requiring the solution to be multi-tenanted.

The Solution

Our engineers decided to keep the solution as simple and lean as possible, using as many AWS managed services as possible to keep the management overhead low, while still being able to accommodate multiple customers. The AWS File Transfer service was an obvious choice to provide the file transfer functionality.

A private SFTP server was provisioned for file transfers between the bank and AWS, making use of security groups to whitelist the on-premise IPs and utilizing the existing VPN/Direct Connect. The SFTP server was spread across multiple availability zones for high availability. A separate public SFTP server was provisioned to allow third party customers to connect from the Internet and pull the files. A CNAME record was created for each server to shield other connecting systems from any changes made on AWS.

A custom host key was used for each of the public and private SFTP servers so that in the case the servers had to be recreated, the connecting systems would not receive any warnings. Both SFTP servers use the same S3 bucket as storage which also is encrypted with a KNS key which is managed internally within the bank from a central process.The SFTP users on each of the servers use the logical directory functionality and have separate roles and policies ensuring that they can only see/have access to specific folders within the S3 bucket, which appears as root when interacting with the servers. This allows for the solution to be multi-tenanted, assigning access to a different folder to each tenant.

All of the infrastructure was created using CloudFormation templates meaning components of the solution could be easily/repeatedly deployed. Consideration was also given to the security of the data and the separation of confidential data with non-confidential data. It was mandated that all data be encrypted before being pushed to AWS meaning that any highly confidential data would be safe when at rest. Lambda and SNS was used to check that a file had been successfully uploaded to the SFTP server and to send email alerts if there is no file.

How we used AWS as part of the Solution

The solution uses several AWS services including AWS File Transfer Family service for SFTP servers in conjunction with S3. Cloudwatch rules are used to trigger a lambda via a cron job, and the lambda checks for new files and SNS to send email alerts if there are no new files. IAM is used to create roles for the SFTP users, and KMS keys are used to encrypt the S3 bucket. The solution is also deployed via automation using a combination of CodeCommit, CodeBuild and CodePipeline. Careful consideration was given to the use of WAF and API gateway to add an extra layer of security to the Public SFTP server, however was ultimately not used since the files are already encrypted using PGP.

The result

Our knowledge of AWS services allowed CIL to architect a solution that honors the Well-Architected Framework while still meeting the bank's custom requirements. Moreover, the solution has the ability to onboard more customers with ease. The solution was delivered on time and the bank now has a way to safely transfer files in and out of the bank to specified third party customers.

Next Steps

To learn more about how AWS and CIL can help your business,

visit https://cecureintel.com

Meet a few of our clients

Cecure Intelligence Limited is trusted by the most innovative and tech-forward companies who focus on customer experience without compromising on business goals.

Vodafone
Vodafone Group
Outscope IT
Outscope IT
GBG PLC
GBG PLC
Bank of Ireland
Bank of Ireland
Vantage Towers
Vantage Towers
Jously
Jously
Leika Microsystems
Leika Microsystems

Contact Us

Message Sent!

Thank you for reaching out. We have received your message and will get back to you shortly.

Check your email for a confirmation from us.

Start a project

Project Request Submitted!

Thank you for your interest. Our team will review your project details and reach out to you soon.

Check your email for a confirmation from us.

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy .

Cookie Settings

We use cookies to improve your experience on our website. Some cookies are essential for the website to function, while others help us understand how you interact with our site. You can choose which cookies to accept below.