A regional bank in the Midwest hired SPR Consulting to help build their SharePoint farm on premises. During that process, they also asked SPR to help them reprovision a mirrored test version of the farm in the cloud. Being a bank, security was a prime concern. SPR Consulting and the bank developed extra steps to be sure this testing environment would be as secure as Ft. Knox.
SPR Consulting, an expert in Microsoft technology, is at the forefront of implementing the latest Azure technologies to help clients around the world use the cloud to solve storage and processing problems. The advantages are many but, in particular:
Banks have been slower to join in the cloud movement due to the public perception that customer information might not be safe. SPR found an innovative way to secure their data in the testing environment. Azure storage is not natively encrypted when it’s at rest; but SPR decided that data that is always encrypted, whether at rest or in use, could provide the extra level of security that the bank felt it needed.
Encrypting the OS disk is more complicated and required a few technologies that were only in preview, so SPR began by custom-building the encryption solution. Midway through the project, new Microsoft Azure solutions became available that simplified and standardized the process: Azure Disk Encryption and Azure Key Vault. After reviewing both options with the client, and confirming that SPR was going in the right direction, SPR switched over to the new technology mid-project to complete the build. Azure Key Vault with the premium option stores encryption keys using FIPS 140-2 Level 2 validated HSM modules.
First, SPR wrote Azure resource manager (ARM) templates in JSON that are designed to automatically configure and deploy all of the virtual machines and supporting technology – storage account, network adapters, availability groups, and the virtual machines themselves. SPR then worked with the bank to deploy Azure Key vault and Azure Disk encryption to encrypt the data at rest. Finally, Azure automation powered the solution on and off in the cloud environment, and created nightly disk-based backups.
The bank has been pleased with SPR Consulting’s 100% Microsoft cloud solution. It has helped them see the value of seamlessly provisioning a great deal of resources safely in the cloud, using Azure’s infrastructure-as-a-service. It’s just another example of what SPR’s Microsoft Gold partnership in the cloud can help our clients achieve.