DBS is a leading financial services group in Asia with a presence in 18 markets. In order to remain the “Safest Bank in Asia,” DBS takes compliance and security extremely seriously. Security configuration management at DBS involves compliance checks and guidelines set by international organizations. Prior to 2018, security configuration management was a manual process consisting of regularly generating reports, reviewing them, and subsequently remediating the security configurations in between cycle periods. This end-to-end effort required well over a dozen people and an increasing amount of time spent as the number of servers increased each year.
DBS chose Puppet Enterprise (PE), which enables DBS to manage policy enforcement and reversion to baseline security configuration while also handling deviations. Puppet Enterprise also serves as the automation orchestrator engine for their proprietary solution, SecureSys. The SecureSys portal handles the reporting and deviation management capabilities and is built on top of the Puppet database. With a layered approach, DBS can scale the architecture easily as they implement it in the public cloud.
With Puppet Enterprise, DBS has made significant progress with their SecureSys framework, moving from monolithic and manual configuration management to an automated and scalable solution. They have seen substantial benefits, including a reduction in reporting overheads, real-time reporting, continuous compliance and security scans, auto-healing drifts in mandatory configurations, and more. This frees up the time and energy for engineers to invest in other value-driven innovation or projects that the organization could benefit from in the long term. Now, DBS is set to keep pace with the ever-changing needs of their ever-growing organization.