Safeguarding Investors: Building and Managing a Risk Reduction Platform for a Leading Indian Exchange
A leading stock exchange operates one of the world’s largest securities markets in India. The exchange serves millions of investors and provides a platform for thousands of listed companies. Known for its advanced trading technology, it offers a diverse range of financial products and is home to a widely tracked market index. Its technology subsidiary develops cutting-edge solutions for the financial industry, including trading platforms, risk management, and surveillance systems.
The Need for an Investor Risk Reduction Access (IRRA) Platform
As reliance on technology in securities markets grows, instances of system glitches impacting trading members have increased, leading to disruptions in trading services and investor complaints. These disruptions pose significant risks to investors with open positions, particularly during market volatility. To address this issue, the Securities and Exchange Board of India (SEBI) has mandated that stock exchanges provide contingency services to mitigate the impact of such disruptions, maintain enhanced visibility and secure infrastructure, and ensure 24/7 threat monitoring.
AWS Powered Personalized Solution and Managed Services
The technology arm of the Stock Exchange, in collaboration with Noventiq, embarked on a critical project to build a resilient IRRA platform. This project marks a pivotal moment in the Indian stock exchange landscape. An initiative by the Government of India, the broker platform has been designed as a critical fallback mechanism to safeguard investor interests. Even in the face of primary exchange failures, the platform ensures uninterrupted trading and allows investors to close open positions, safeguarding them from losing their money.
As a high-stakes initiative involving sensitive customer data and multiple stakeholders, including all major Indian stock exchanges, the project demanded exceptional execution. A comprehensive solution has been devised leveraging Amazon Web Services (AWS) with the following architectural components:
- AWS Organization Setup: Utilizing AWS Control Tower to manage the AWS account structure, the setup includes:
- Organizational Units (OUs): Default and mandatory OUs such as Infra OU for network and shared services, and Core OU for security and log archival accounts.
- Guardrails and Network Security:Implementation of default guardrails, a network account for common services including AWS Transit Gateway and Palo Alto firewall.
- Centralized Security Management: A dedicated account for centralized management of security services.
- Monitoring and Compliance: Integration of AWS CloudTrail and AWS Config for continuous monitoring and compliance.
- Account Creation and Management: AWS Account Factory to facilitate the creation of new accounts, ensuring streamlined and secure expansion.
- Control Tower Master Account: Shared access with the client for future management, ensuring ongoing comprehensive and secure operations.
In addition to building the platform, managed services have been provided to the client to handle the Backup Site of the platform application on AWS infrastructure. The key aspects are as follows:
- Round-the-clock monitoring of the entire AWS infrastructure, including web, Risk Management System (RMS), Adaptor servers, network servers, and database (DB) support.
- Establishing advanced monitoring and alerting mechanisms using AWS CloudWatch and Site24x7, enabling proactive identification and resolution of potential issues.
- Multiple disaster recovery drills have been conducted, where the complete platform application on AWS infrastructure was up within 10 minutes.
- Managing Security Operations Center (SOC) advisory notifications and implementing necessary changes to the AWS infrastructure accordingly.
- Assisting the client in achieving adherence and compliance with their SEBI-regulated Cloud Adoption Framework (CAF) on AWS Cloud. This includes implementing AWS security best practices, such as encryption for data at rest and in transit, and regular security audits.
- Advising cost optimization strategies to the client by utilizing AWS savings plans, rightsizing instances, and leveraging reserved instances for non-critical components.
- Comprehensive logging and monitoring have been enabled with AWS CloudTrail and VPC Flow Logs, ensuring detailed tracking of all activities for compliance and audit purposes.
- AWS infrastructure has been integrated with the client’s existing exchange systems using AWS Direct Connect, ensuring low latency and secure connectivity.
- Regular updation and patching of all AWS services and connected infrastructure is being undertaken to ensure protection against the latest security vulnerabilities.
Benefits Derived
- Comprehensive Support and Expertise: Round-the-clock support ensures seamless operations and challenges are addressed promptly.
- Optimized Performance and Cost Efficiency: Optimization of the platform for peak performance enhances user experience and operational efficiency. Strategic utilization of AWS cost-saving measures, such as savings plans and reserved instances, leads to cost reductions without compromising performance.
- Enhanced Stability and Reliability: Through continuous monitoring, analysis, and optimization, the platform’s ongoing effectiveness and alignment with evolving business goals is maintained.
- Business Continuity: Regular disaster recovery drills and a dedicated backup site guarantee swift recovery from disruptions, safeguarding critical operations. By adhering to stringent security standards and proactively addressing vulnerabilities, sensitive data is protected, and regulatory compliance is maintained.
Related Success Stories
Blackberrys
Managed Services
IT industry
Managed Services
Digivive
Managed Services