THE CUSTOMER
Oil Brokerage are an inter-dealer broker operating in physical and derivative oil markets, headquartered in the City of London. They handle confidential trade information and counterparty data on behalf of major commodity market participants, where data integrity, availability, and security are non-negotiable operating requirements.
THE BRIEF
Oil Brokerage operate a business-critical Operations and Brokerage Platform on AWS. As the platform matured and the business scaled, they needed a managed services partner to take ownership of day-to-day operational excellence and the underlying security posture of the environment, freeing the leadership team to focus on commercial growth rather than infrastructure governance.
The brief was to provide ongoing assurance that the AWS environment remained secure, well-architected, observable, and recoverable, with a clearly defined operating model and named accountability.
THE REQUIREMENTS
- Continuous management of AWS security posture using native AWS services
- Codebase vulnerability scanning and remediation aligned to current standards
- Proactive monitoring of platform health, availability, and AWS service health
- Robust backup, disaster recovery, and tested restore capability
- Annual independent assessment against the AWS Well-Architected Framework
- A named support channel with defined response and resolution times
“Green Custard run the platform so we don't have to think about it. The security side gives us real confidence, they're across the AWS controls, the codebase, the audit, and we get an annual Well-Architected review that tells us where we stand. It's the kind of partnership that lets us focus on the business.”
Jon Pike
OB
THE SOLUTION
Green Custard provide Oil Brokerage with a managed Operational Excellence and Support service covering the full AWS Operations and Brokerage Platform. The engagement is structured around the AWS Security, Identity and Governance service portfolio, and is delivered as a packaged set of modular services with defined scope and SLAs.
Cloud Security is delivered through continuous management of the security state of the AWS environment, with AWS Security Hub as the central control plane for findings aggregation and compliance checks. Security groups, IAM policies, access controls, and encryption are configured and maintained against AWS best practice, and access logs are monitored to detect and respond to incidents.
Codebase Protection runs in parallel, with regular scrutiny of the application source code to identify and rectify high-risk vulnerabilities, keeping the codebase aligned with current standards. This closes the loop between cloud-layer security and the application running on top of it, which is often where modern attacks land.
Observability and Cloud Monitoring and Management cover platform uptime, AWS service health, access and performance logs, the security state of the environment, and backup execution. Beyond monitoring, the environment is actively managed, with tuning, updates, AWS spend optimisation, and incident response under defined response protocols.
Disaster Recovery is delivered through encrypted backups held to a defined retention schedule, with restore capability regularly tested. The Recovery Point and Recovery Time Objectives agreed with Oil Brokerage are therefore not just documented, but proven.
Underpinning all of this is an Annual Health and Performance Audit, an independent review of the AWS environment against all six pillars of the AWS Well-Architected Framework, including the Security Pillar. The output is a written report identifying findings and a remediation roadmap, giving Oil Brokerage an evidenced view of their posture year on year.
THE OUTCOME
Oil Brokerage have a production AWS platform with a managed and continuously assured security posture, built on native AWS controls. Findings are triaged centrally, the codebase is kept current, the environment is observable, backups are tested, and the whole estate is independently audited against the Well-Architected Framework each year.
The model gives Oil Brokerage's leadership the confidence that comes with named accountability, defined SLAs, and an evidenced audit trail, without needing to build an in-house security and operations function.
“Helping customers like Oil Brokerage get their AWS security posture right, using the controls AWS already provides, is exactly where we add the most value. It's governance and hygiene done properly, by a team that knows the platform inside out.”
James Harding
Customer Success Manager, Green Custard
Read more of our case studies:
