At Ellie Mae, our top priority is the success of our customers. As part of our continued commitment to improve stability, performance and scalability for our customers, we will begin leveraging Amazon Web Services (AWS), the leader in cloud computing, to provide online services starting in June of 2019.
Cloud and AWS Overview
What is a public cloud?
A form of cloud computing in which a company relies on a third-party cloud service provider for servers, data storage and applications, among other services, which are in turn delivered to the company through the internet. Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure are some of the leading public cloud providers.
What kind of cloud infrastructure does Velocify by Ellie Mae have today and why the transition to Amazon Web Services?
Velocify by Ellie Mae currently runs its Velocify lead management solution and other applications on a private cloud infrastructure hosted by Terremark, located at facilities in Arizona. While our private cloud data centers have historically served our purposes, we have experienced some challenges with scalability, elasticity and reliability. Data centers and maintaining physical infrastructure is the singular focus of public cloud providers, like AWS. We believe we can innovate and deliver products and services faster by focusing less on physical data centers and by partnering with the best infrastructure provider. For these reasons, the organization has decided to leverage a public cloud infrastructure on AWS to take advantage of the increased benefits it offers.
Why Amazon Web Services?
Amazon Web Services (AWS) is the leading provider of cloud infrastructure and will be a technology partner that will help deliver our solutions and services with the utmost availability, performance, reliability, scalability and security.
What is Ellie Mae’s relationship with AWS?
Ellie Mae currently partners with AWS for IaaS (Infrastructure as a Service) and is leveraging AWS technology services to build and operate Ellie Mae products and services. Velocify by Ellie Mae believes we have an opportunity to leverage our existing in-house AWS expertise to improve our products’ stability and performance.
Will the move to AWS impact Velocify’s performance?
Velocify by Ellie Mae’s migration to AWS will not have a direct impact on application performance, and all of our applications are load tested to ensure they meet strict internal SLA requirements for processes. In addition, with the AWS regions in slightly different geographic regions from our current datacenter, customers may benefit from reduced latency dependent on their internet providers.
What is the timeframe of this move in terms of our account and data?
Velocify by Ellie Mae will begin transitioning our customers in batches to AWS starting in June and will be completed by early August.
How will I be notified of the AWS transition plan and schedule?
An email communication will be sent to your organization’s system administrator and executive contacts, which will include a high-level schedule and a webinar invitation for more information.
How will the transition to AWS be different for existing customers vs. new customers?
This will be a seamless transition for all Ellie Mae customers. Leveraging AWS is controlled at the network and application layer and is performed by Velocify by Ellie Mae.
How will the move to AWS affect my day-to-day operations?
We do not expect any changes to the day to day operations of the Velocify platform. Needed redirects/configurations will be handled by the application. If you leverage IP whitelisting, you may need to add additional URL/IP’s to your exception block. These details will be in an upcoming communication.
Should I expect there to be any downtime or will my Velocify solution be unavailable at any time during the transition?
During the cutover event there may be a minimal amount of downtime, however we expect that to be within normal maintenance windows. We will work to minimize this to the smallest duration possible and will communicate the expected downtime window in your migration notice.
What changes will I be required to make?
If you leverage IP whitelisting to connect to the Velocify systems, you may need to add new IP addresses. We recommend leveraging the DNS name over a specific IP address as this will allow more flexibility in the future. Updated IP information will be shared with you prior to your migration.
What changes will our partners be required to make?
There are currently no changes anticipated for our partners to make.
Are the endpoints for import.aspx (lead import service) changing?
No we do not expect any changes to the endpoints for import.aspx.
Backup, Data and Security
How does AWS impact data storage and encryption policies?
Encryption policies continue to be enhanced and expanded to address the security and data concerns in the public and private cloud. The data will continue to be encrypted in the public cloud just as it has been in the private cloud, however the technologies used for the encryption may change to support the increased availability, scale and integrity requirements.
AWS will not change to our data retention or encryption key process and policies. As we are leveraging different technologies in some case the method used to encrypt the data/interface with the keys has and will change but will not have a material impact to the data encryption policy.
Does AWS affect data backup policies, such as backup times, availability of backups, and storage locations of backups?
Ellie Mae stores three copies of all data. This model will not change in AWS with data being stored in at least two US based regions with a cold archive copy in a third region. Backups and backup availability will not change with our transition to AWS.
Will client data remain in the United States at all times?
Yes, all Ellie Mae’s client data is always stored in United States. AWS is broken down into Regions and Availability zones. A Region being a geographic area, and availability zones being multiple data centers in a designated region.
Ellie Mae is leveraging three regions US- WEST-2 (Oregon), US-EAST-1 (Virginia) and US-East-2 (Ohio). Ellie Mae also leverages multiple availability zones within each given region and has disabled the ability to spin up resources in any other region not approved.
Will Ellie Mae be providing SOC 2 and related security, disaster recovery, audit and related due diligence of AWS to clients?
Ellie Mae has been a SOC 2 certified organization since 2012 and we will continue to go through SOC certification every year which includes Ellie Mae hosting on AWS. In addition to that, AWS also maintains SOC certifications for Infrastructure, but Ellie Mae cannot provide SOC 1 and SOC 2 reports for AWS directly.
If you have an AWS account already or can sign up for one at aws.amazon.com, you can request a copy of their SOC reports directly through AWS Artifact Service in your AWS account. In addition, a large overview of AWS’s security controls, control mappings and resources are publicly available at https://aws.amazon.com/security.
The Security model for AWS is a shared responsibility model and will be reflected in our future SOC 2 reports as well. Ellie Mae will take advantage of multiple regions and availability zones in the AWS cloud provides to address high availability and disaster recovery. Data retention requirements do not change between public and private cloud, but the method the data is stored may change to take advantage of the public cloud. Ellie Mae will invest in improving Recovery Point (RPO) and Recovery Time Objectives (RTO) in AWS.
What security standards or frameworks does AWS comply with today?
Amazon Web Services holds more than 20 domestic and international compliance accreditations, including SOC, PCI and ISO, among others, which allows Ellie Mae to build more security controls on top of the existing controls at the infrastructure layer. Please see below for list of compliance certifications that AWS maintains (reference: https://aws.amazon.com/compliance).
Does AWS meet or exceed the same security standards as Velocify by Ellie Mae’s existing data centers?
Ellie Mae built our security program on ISO27001 which follows the guidelines provided in:
• FFIEC Information Technology Examination Handbook for Information Security
• NIST Cyber Security Framework
SOC 2 Trust Principles, are similar standards as AWS. AWS standards also meet personal health data, Department of Defense security and European data privacy standards. Combining Ellie Mae’s application expertise and robust security controls with infrastructure provider like AWS increases the security of our service and ensures we meet the strongest compliance requirements.
Does Ellie Mae remain responsible for securing customer data?
Yes. AWS provides robust controls to ensure security and data protection in the cloud. As systems are built on top of AWS cloud infrastructure, compliance responsibilities will be shared between Ellie Mae and AWS. Ellie Mae is, and will remain, directly responsible for securing our customers’ data and will continue with Service Organization Controls attestations for Ellie Mae products and services.
Is any borrower information hosted or accessed at any time by AWS?
AWS has no access to any Ellie Mae data, borrower or otherwise. In addition. Ellie Mae encrypts all Personally Identifiable Information (PII) data and the key is secured in Ellie Mae’s private cloud. Ellie Mae employs industry-standard encryption that meets FIPS-140 compliance requirements.
Who should I call if I have any issues with my applications after moving to AWS?
Ellie Mae clients should continue to use the current process for requesting information from their Relationship Manager and help from Technical Support.
More questions? Please email any questions to email@example.com.
Additional AWS reference materials: