SoFi and Aviatrix

About SoFi

SoFi (Social Finance) helps people achieve financial independence – the company’s products for borrowing, saving, spending, and investing give more than half a million members fast access to tools to get their money right. Whether looking to buy a home, save money on student loans, grow in their careers, or invest in the future, the SoFi community works to empower members to accomplish the goals they set and achieve financial independence as a result.

SoFi acquired Clara lending in January of 2018.  Around that time, average mortgage loans took 100 person-hours to process. The startup’s two founders had specific goals to address this inefficient process:

(1) educate buyers, provide transparency, and find the right mortgage product for each person’s needs, and (2) automate, improve, and overhaul the mortgage process from an engineering standpoint— which included networking.

Customer Challenges and Requirements

With more of their strategic acquisitions operating 100% in a cloud environment, SoFI needed a simple, cloud-native networking architecture – allowing them to integrate companies faster and ultimately empower staff to process mortgages and loans quickly and with less support from IT staff.  They wanted their networking to be just as dynamic and automated as their compute and storage. Existing solution inefficiencies caused by lack of visibility was hindering SoFi’s ability to execute on lending goals.

Key Requirements:

  • Simple orchestration, visibility and control for AWS transit networking
  • Securely segment VPC network traffic
  • VPN encryption for all connections from on-premise resources to VPC-based applications
  • Simplify user VPN with SAML Authentication and profile-based access control
  • Remote access privileges based on cloud-network destinations, host IP addresses, protocols and ports.
  • User connection history and bandwidth usage logging.
  • Integration with existing reporting tools.
  • Key tenants for global operations – simplicity, automation, visibility and control.

Solutions

The Aviatrix cloud-native multi-cloud software delivers on all SoFI requirements for both simplified secure user access AWS transit networking orchestration, as well as the ability to easily segment and manage traffic between VPCs and on-premise resources.

  • Aviatrix cloud-native networking for AWS global transit network
  • Aviatrix Intelligent Orchestration and Control to deliver global visibility and monitoring
  • Aviatrix Orchestrator makes it easy to apply network segmentation and keep VPCs secure
  • Aviatrix secure site-to-cloud solution for encrypted for connectivity between on-premise and AWS-based application environments
  • Aviatrix client-based SAML authentication solution for multi-cloud, profile-based remote user access control
  • Monitor and visualize their entire cloud network thru a centralized dashboard
  • Eliminate complexity associated with networking in the cloud
  • Use the native AWS constructs and services and augment those with Aviatrix services where needed – all controlled through a single console

Key Results

The Aviatrix Cloud-Native Networking Software enabled the company to embrace and extend the native AWS services, allowing the SoFi business to:

  • Process mortgage applications faster. Instead of spending time finding the right VPN to connect to, or contacting the IT staff to help with sign-ons or finding cloud resources, mortgage staff could focus directly on working with the information they needed.
  • Reduce the demand on IT. By handling VPN and VPC connectivity automatically, the Aviatrix software reduced the number of IT tickets and freed up IT staff to handle business-critical issues.
  • Implement defense in depth throughout its cloud environment.
  • Comply more easily with regulatory requirements. The Aviatrix software conforms to many of the VPN-related best practices outlined by regulatory agencies with influence over the mortgage industry—especially security practices such as encryption of data in transit and at rest.
  • Achieve frictionless connectivity. Users could log into a single account, be authenticated, connect with the right VPN, switch between wired and wireless access—all effortlessly and immediately.