Safeguarding Investors: Building and Managing a Risk Reduction Platform for a Leading Indian Exchange

The technology arm of the Stock Exchange, in collaboration with Noventiq, embarked on a critical project to build a resilient IRRA platform. This project marks a pivotal moment in the Indian stock exchange landscape. An initiative by the Government of India, the broker platform has been designed as a critical fallback mechanism to safeguard investor interests. Even in the face of primary exchange failures, the platform ensures uninterrupted trading and allows investors to close open positions, safeguarding them from losing their money.

As a high-stakes initiative involving sensitive customer data and multiple stakeholders, including all major Indian stock exchanges, the project demanded exceptional execution. A comprehensive solution has been devised leveraging Amazon Web Services (AWS) with the following architectural components:

• AWS Organization Setup: Utilizing AWS Control Tower to manage the AWS account structure, the setup includes:
  • Organizational Units (OUs): Default and mandatory OUs such as Infra OU for network and shared services, and Core OU for security and log archival accounts.
  • Guardrails and Network Security:Implementation of default guardrails, a network account for common services including AWS Transit Gateway and Palo Alto firewall.
  • Centralized Security Management: A dedicated account for centralized management of security services.
• Monitoring and Compliance: Integration of AWS CloudTrail and AWS Config for continuous monitoring and compliance.
• Account Creation and Management: AWS Account Factory to facilitate the creation of new accounts, ensuring streamlined and secure expansion.
• Control Tower Master Account: Shared access with the client for future management, ensuring ongoing comprehensive and secure operations.

In addition to building the platform, managed services have been provided to the client to handle the Backup Site of the platform application on AWS infrastructure. The key aspects are as follows:

• Round-the-clock monitoring of the entire AWS infrastructure, including web, Risk Management System (RMS), Adaptor servers, network servers, and database (DB) support.
• Establishing advanced monitoring and alerting mechanisms using AWS CloudWatch and Site24x7, enabling proactive identification and resolution of potential issues.
• Multiple disaster recovery drills have been conducted, where the complete platform application on AWS infrastructure was up within 10 minutes.
• Managing Security Operations Center (SOC) advisory notifications and implementing necessary changes to the AWS infrastructure accordingly.
• Assisting the client in achieving adherence and compliance with their SEBI-regulated Cloud Adoption Framework (CAF) on AWS Cloud. This includes implementing AWS security best practices, such as encryption for data at rest and in transit, and regular security audits.
• Advising cost optimization strategies to the client by utilizing AWS savings plans, rightsizing instances, and leveraging reserved instances for non-critical components.
• Comprehensive logging and monitoring have been enabled with AWS CloudTrail and VPC Flow Logs, ensuring detailed tracking of all activities for compliance and audit purposes.
• AWS infrastructure has been integrated with the client’s existing exchange systems using AWS Direct Connect, ensuring low latency and secure connectivity.
• Regular updation and patching of all AWS services and connected infrastructure is being undertaken to ensure protection against the latest security vulnerabilities.