SoFi and Aviatrix

About SoFi

SoFi (Social Finance) helps people achieve financial independence – the company’s products for borrowing, saving, spending, and investing give more than half a million members fast access to tools to get their money right. Whether looking to buy a home, save money on student loans, grow in their careers, or invest in the future, the SoFi community works to empower members to accomplish the goals they set and achieve financial independence as a result.

SoFi acquired Clara lending in January of 2018.  Around that time, average mortgage loans took 100 person-hours to process. The startup’s two founders had specific goals to address this inefficient process:

(1) educate buyers, provide transparency, and find the right mortgage product for each person’s needs, and (2) automate, improve, and overhaul the mortgage process from an engineering standpoint— which included networking.

Customer Challenges and Requirements

With more of their strategic acquisitions operating 100% in a cloud environment, SoFI needed a simple, cloud-native networking architecture – allowing them to integrate companies faster and ultimately empower staff to process mortgages and loans quickly and with less support from IT staff.  They wanted their networking to be just as dynamic and automated as their compute and storage. Existing solution inefficiencies caused by lack of visibility was hindering SoFi’s ability to execute on lending goals.

Key Requirements:

  • Simple orchestration, visibility and control for AWS transit networking
  • Enhance AWS native security capabilities with advanced security services including end-to-end and high performance encryption, Internet Egress FQDN Filtering and SAML Remote user Access Control
  • Securely segment VPC network traffic
  • VPN encryption for all connections from on-premise resources to VPC-based applications
  • Simplify user VPN with SAML Authentication and profile-based access control
  • Remote access privileges based on cloud-network destinations, host IP addresses, protocols and ports.
  • Threat detection embedded into the global cloud transit network data plane
  • User connection history and bandwidth usage logging.
  • Integration with existing reporting tools.
  • Key tenants for global operations – simplicity, automation, visibility and control.


The Aviatrix cloud-native multi-cloud software delivers on all SoFI requirements for both simplified secure user access AWS transit networking orchestration, as well as the ability to easily encrypt, segment and manage traffic between VPCs and on-premise resources.

  • Leveraging AWS VPC Ingress Routing feature, offers capability to integrate with AWS GuardDuty to create rules for Internet Ingress filtering on the Aviatrix Gateway
  • Aviatrix Transit delivers end-to-end encryption for data in motion security
  • Aviatrix High-Performance Encryption enables up to 25 Gbps IPSec Encryption over AWS Direct Connect
  • Aviatrix ThreatIQ detects and alerts on known malicious IP addresses communicating anywhere on the global transit network
  • Aviatrix Intelligent Orchestration and Control to deliver global visibility and monitoring
  • Aviatrix Orchestrator makes it easy to apply network segmentation and keep VPCs secure
  • Aviatrix secure site-to-cloud solution for encrypted for connectivity between on-premise and AWS-based application environments
  • Aviatrix client-based SAML authentication solution for multi-cloud, profile-based remote user access control
  • Monitor and visualize their entire cloud network thru a centralized dashboard
  • Eliminate complexity associated with networking in the cloud
  • Use the native AWS services, such as GaudDuty and VPC Ingress Routing and augment those with Aviatrix services where needed – all controlled through a single pane of glass.
  • Aviatrix is an AWS Networking Competency Partner

Key Results

The Aviatrix Cloud-Native Networking Software enabled the company to embrace and extend the native AWS services, allowing the SoFi business to:

  • Process mortgage applications faster. Instead of spending time finding the right VPN to connect to, or contacting the IT staff to help with sign-ons or finding cloud resources, mortgage staff could focus directly on working with the information they needed.
  • Reduce the demand on IT. By handling VPN and VPC connectivity automatically, the Aviatrix software reduced the number of IT tickets and freed up IT staff to handle business-critical issues.
  • Implement defense in depth throughout its cloud environment.
  • Comply more easily with PCI regulatory requirements. The Aviatrix software conforms to many of the VPN-related best practices outlined by regulatory agencies with influence over the mortgage industry—especially security practices such as encryption of data in transit and at rest, threat detection and egress filtering.
  • Achieve frictionless connectivity. Users could log into a single account, be authenticated, connect with the right VPN, switch between wired and wireless access—all effortlessly and immediately.