Secure Landing Zone Design For Global Insurance Company

Case Study

landing-zone-in-cloud

The Client

The company is a joint venture between India’s premier housing finance institution and the primary insurance entity of Germany. The client offers a complete range of general insurance products ranging from motor, health, travel, home and personal accident in the retail space and customized products like property, marine and liability insurance in the corporate space.

Project Objective – Secure Landing Zone

The client required an environment that can meet the global security and auditing requirements, which would support highly scalable workloads, and can be tailored to support continuously evolving business needs. The need was for an environment/landing zone that lays out the account structure, security rules, default network settings, and other foundational services.

Niveus recommended deploying workloads to Google Cloud Platform (GCP) – known for security and storage. Niveus set up a secure landing zone design on GCP to help them with an environment with a standardized set of secure cloud infrastructure best practices, guidelines, policies, and centrally managed services.

secure-landing-zone

Business Solution

  • Separate VPCs are created based on the segregation of routing, scaling, and security
  • Traffic to private Prod Applications is routed once it is authenticated by the IAP/ VPN in the Management VPC
  • Separate subnets are created in Delhi Region for DR and Multi-Regional data retention and are private by default
  • The cloud operation suite and other shared services are deployed in the management VPC
cloud-landing-zone

Implementation

  • Responsibility based subnets and firewalls, Application-based segmentation with IAM and Firewall proxy are enabled for Micro-segmentation for each application
  • SIEM is integrated with on Premises over the Management VPC and Unified Threat Management (UTM) is also enabled with Cloud IDS with NGFW 
  • Integration of Palo Alto’s intelligent and proactive ML-Powered Next Generation Firewall(NGFW)
  • Global Load Balancer will be enabled for high availability, lower latency and design redundancy
  • Managed Cloud Services with inbuilt capability for auto scale (in/out) and high reliability
  • Integration of the existing On-Prem SD-WAN and Partner Interconnect with Google environment to ensure seamless connectivity between DataCenters and GCP
  • Access management for users with a different profile will be created using Google Cloud Identity Groups and Custom Roles for fine-grained access.
  • Storage Tier with Object life cycle management is enabled for cost optimization and automated retention policy
setup-landing-zone

Technology Stack

Global Load Balancer
Identity and access management (IAM)
palo alto prisma CONTAINER SECURITY
Managed Cloud Services
Cloud Storage

Drive Modernization to Unlock Innovation with Google Cloud

Connect Now