Success Case Category: Security

Sucess Stories – MODO

Sucess Stories – MODO

MODO, a pioneering digital wallet collaborator with financial institutions that offer instant cashback rewards, integrated payment methods, and exclusive banking promotions, has chosen AWS as its operational foundation.

MODO’s website

Committed to providing safe and smooth financial services, MODO partnered with DinoCloud for two important projects to strengthen and optimize the security of its AWS environment, aligning with the high standards of the AWS Financial Services Competency.

Improving Financial Security for MODO’s Innovative Payment Solutions

The first step involved a thorough review of MODO’s live production environment’s security framework. The main goal was to ensure strict adherence to security best practices and regulatory requirements in the financial sector. Key areas included workspace security, database management, encrypted backups, access control, and governance mechanisms. The second project focused on examining a staging environment, specifically aiming to comply with the Payment Card Industry Data Security Standard (PCI DSS). This validation was essential before moving the staging environment into production to seamlessly introduce an advanced virtual wallet offering.

DinoCloud approached these challenges with a comprehensive security assessment approach. They created a custom application for the initial project, using open-source tools to carefully assess MODO’s infrastructure against top AWS security standards. This application produced detailed findings and summarized results in an executive report, utilizing Open AI’s capabilities. Additionally, a manual evaluation was done alongside the automated analysis. The same application from the first project was skillfully adapted for the second project to evaluate the new infrastructure’s alignment with PCI DSS requirements.

The first project involved a thorough evaluation of MODO’s existing infrastructure, resulting in a detailed security report that highlighted potential vulnerabilities and compliance gaps without immediate solutions. In contrast, the second project aimed to assess the new infrastructure’s strength in meeting PCI DSS compliance standards.

Results

Both efforts provided MODO with valuable insights into the security of their AWS environment. The comprehensive security assessment reports helped MODO identify potential weaknesses and compliance issues, allowing them to proactively address and improve security procedures. With a clear understanding of their security status, MODO is ready to offer their growing customer base secure, reliable, and PCI-compliant financial services, reinforcing their position as a leader in the financial services industry.

Conclusion

In conclusion, MODO’s collaboration with DinoCloud has substantially enhanced the security of their innovative payment solutions on AWS. Through two meticulously executed projects, they’ve identified and rectified vulnerabilities and compliance gaps, ensuring their financial services meet the highest industry standards. This comprehensive approach has equipped MODO with the knowledge and capability to provide their growing customer base with secure, reliable, and PCI-compliant financial services. This success reaffirms MODO’s leadership in the financial industry, setting a new standard for innovation and security in the digital payment sector.

Sucess Stories – Shake Again

Shake Again moved to the AWS Cloud

Its road to digital transformation alongside DinoCloud

Shake Again is a company dedicated to digital services in marketing and technology. Shake Again is present in 4 countries and continues to grow daily. This recent growth began to generate a new need within the company: to continue offering an excellent service level while meeting the needs of a volatile and expanding market.

Visit Shake Again site

DinoCloud, leaders in the adoption of global innovation technologies and cloud computing, have professional teams with the technical expertise to accompany companies in adopting cloud technologies. Shake Again approached DinoCloud with a need, and after months of work, they now have a cloud infrastructure to deploy their applications.

The challenge of this project was the creation of an infrastructure for the development, staging, and production environments, covering the application, networking, and persistence layers. Implementations were executed for all CI and CD environments using GitLab pipelines. 

This was addressed using automation tools and the deployment of frontend and backend services. On the other hand, a database was created for dev and staging and another for production with database migration execution and cron jobs execution for each environment. Finally, application autoscaling and the implementation of a load balancer were implemented.

Project duration and objectives achieved

The project lasted three months and was divided into five different milestones:

  1. Knowledge of the application and understanding of its components and architecture
  2. Setting up an AWS account and registering for local billing
  3. Application architecture design and validation
  4. Infrastructure deployment
  5. Application deployment

AWS technologies and services used

The following technologies have been used in this project:

  • Terraform: This technology was used to create the different environments required, raising the networking, application, and persistence layers with the services that each layer implies. And the corresponding configurations to save the states of the created resources in an S3 bucket.
  • Git: It is the tool used for the repository version control system and GitLab for git repository management, code reviews, issue tracking, activity sources, storage of both backend and frontend repositories as well as the repository that holds the terraform code. GitLab pipeline for continuous integration (CI) and continuous deployment of services (CD) 
  • AWS: To support all the infrastructure required for customer services.
  • Cli-AWS: For various purposes, such as validating the creation and configuration of AWS resources and accessing ECS containers.

The AWS services that were part of this project were:

At the networking level

  • VPC: To logically isolate our private virtual network
  • Subnet: To logically divide our VPC and to be able to tie resources if we want to have public or private access.
  • Internet gateway: To enable communication between the VPC and the Internet.
  • Nat Gateway: To allow private subnet services to access the Internet, but external Internet services cannot connect to these resources. It only outputs to the Internet.

Persistence

  • RDS Aurora: To support the persistence layer required for storing data generated by MySQL technology applications.
  • Bucket S3: For storage of files sent from different applications.

At the application level

  • ECR: To store all the docker images for each of the services
  • IAM: It was used to manage the different services’ users, roles, and profiles required to perform specific actions on other resources.
  • SG Firewall: To allow traffic in and out to the resource that is tied up.
  • ALB: To create the access point to the ECS services used to distribute traffic and validate the status of the destination points. 
  • ECS: For the definition of the containers that provide frontend and backend services, as well as for the execution of cron jobs.
  • Fargate: Service used as a worker to allow the execution of the containers created by the ECS services.
  • EC2: To create bastions and access to private subnetworks and private RDS. They were also used to create the GitLab runners that support the execution of the pipeline. 
  • CloudWatch: For logging logs generated by the containers.
  • ACM: For the creation and management of SSL certificates.

Conclusion and results

All the objectives were achieved, including implementing the infrastructure for the different environments using the terraform tool, maintaining the management of layers (networking, application, and persistence), and implementing CI-CD to deploy services in each environment. Each branch has a specific runner assigned to it where the pipeline corresponding to the environment is executed. 

Each developed environment was tested by validating the correct deployment of frontend and backend services, as well as the execution of cronjobs and database migration in each of the environments. The HTTP to HTTPS redirection was also validated in the application load balancer implemented for each environment.

Now, Shake Again has a cloud infrastructure that can cope with the recent growth they have experienced. Being able to deploy its applications in the cloud allows Shake Again to expand into new territories and markets, predicting even more significant growth and a faster, more efficient return on investment.

Get in touch

(*) Required fields

Success Stories – Finket

Success Stories – Finket

Performance and security: Finket’s journey with DinoCloud and AWS

C-Tech S.A. is an Argentinian company dedicated to providing financial technology consulting and solutions for companies of all sizes. One of the leading products they have developed is their virtual wallet, Finket. This virtual wallet aims to take its users into the world of digitalization and online banking, allowing them to carry out transactions without leaving their homes.

Visit Finket

DinoCloud, an AWS Premier Partner, has the tools and expertise in the financial world to enhance the scalability and security of financial companies’ applications and products. DinoCloud has several success stories in the fintech world that testify to its technical expertise in developing healthy and, above all, protected virtual environments due to the high sensitivity of the data these companies manage.

The Finket virtual wallet is already deployed on AWS in a secure, reliable, and scalable environment; however, DinoCloud and C-Tech had to overcome some technical challenges to achieve this. These include the following:

  • Validation and verification of the current architecture following Well-Architected Framework best practices.
  • Remediation of risks encountered in tandem with C-Tech.
  • Consulting on AWS environments.

Project duration

The project was developed over six months with a dedication of 80 hours per month (480 total) between 09/01/2022 and 02/01/2023.
It took the active participation of the client and a team consisting of a Solution Architect, a Cloud Engineer, and a Project Manager.

Review and remediation process

For the completion of the project, the following process was used to understand the architecture, evaluate the business’s specific needs and define the risks to which the workload was exposed.

At the same time, as part of the process and working with C-Tech, we prioritize implementing the services and adjustments needed to maximize business value and strengthen the deployed infrastructure. 

1- Customer Assessment

We conducted interviews with the client to achieve a first understanding and approximation of the workload at a technical and business level to be analyzed.

2- Primary Analysis

First analysis of the workload. With access to the AWS account and supported by the preliminary assessment with the client, we could know the infrastructure’s real and most recent status.

3- Secondary Analysis / Well-Architected Framework tool Review

Review through the “AWS Well-Architected Tool” on the defined workload. A milestone was established as a baseline. This milestone will be used to evaluate the improvements achieved at the end of the project.

4- Recommendations by pillar

Based on the best practices recommended by AWS, those associated with high risks are mapped and prioritized according to the remediation effort and the resulting impact on the business.

5- Remediation by pillar

Implementation of the defined recommendations. Generation of a new milestone in the “AWS Well-Architected Tool” considering the implemented improvements.  Evaluation of the final state concerning the initial state.

Improvements implemented

We started with an initial status of 34 high risks, according to the WAF tool. As a result of the project, we were able to mitigate approximately 65% of these risks, achieving a final status of 12 high risks.

The following are the best practices that were promoted and whose compliance was validated by the DinoCloud team in conjunction with those responsible at C-Tech. In addition, the services evaluated, activated, or reinforced during the review of the 5 WAF pillars for the Finket workload are presented.

Deployed AWS services

SecurityIAM Identity Center
AWS Organizations
MFA AWS (Token AWS CLI SSO, Access by SSO URL)
Control Tower
AWS GuarDuty
KMS
S3
Elastic Load Balancing (ELB)
Amazon EBS
Amazon RDS
Amazon CloudWatch Events
IAM
Amazon CloudWatch
Cost optimizationAWS Budgets
AWS Cost and Usage Report 
AWS Cost Explorer
AWS Auto Scaling
AWS Lambda
AWS Cost and Usage Report
ReliabilityService Quotas
AWS Auto Scaling
Amazon CloudWatch
AWS CloudTrail
AWS CloudFormation 
Amazon S3 
Amazon Route 53 (DNS, Health Checkers)
Performance EfficiencyAWS Auto Scaling Amazon
Elastic Block Store (EBS) 
Amazon Simple 
Storage Service (S3)
AWS Lambda Amazon RDS
AWS CloudFormation
Amazon CloudWatch
AWS Lambda
Amazon RDS Amazon
Amazon CloudFront
Operational excellenceCloudformation
AWS Cloudtrail
Amazon CloudWatch

Get in touch

(*) Required fields

Sucess Stories – La Caja

Sucess Stories – La Caja


DinoCloud implements AWS Cognito for user authentication in La Caja

Grupo La Caja is an Argentine company with a long history in the Argentine insurance market, with a 7% share of all insurances in force. La Caja offers comprehensive insurance packages, including home, vehicle, health, and life insurance, among many others.

Visit La Caja

DinoCloud is a leading AWS Premier Partner company in Latin America, with expertise in the creation, optimization, and evolution of products deployed in the cloud. DinoCloud’s technical expertise plays an essential role in accompanying companies belonging to various industries on their way to digital transformation.

The professional relationship between the two companies started from the need La Caja had to implement an authentication stack for the Web Empresas business site due to the sensitivity of the data that the insurance company manages for the distribution of its services. 

DinoCloud, as an AWS Premier Partner, brought the entire AWS ecosystem of services to La Caja to address this need and tackle the problem with operational excellence. La Caja was unfamiliar with all the AWS services. Because of this, in the preliminary stage of the project, DinoCloud introduced the engineering team to the AWS Cognito service, a fundamental piece to carrying out the authentication of users on the Web Empresas.

Stages, technologies, and services implemented

The project lasted two months and was divided into four stages:

  1. The creation of an AWS account for La Caja and a basic security application.
  2. IAM configuration for user login federation to your Active Directory.
  3. Support in implementing AWS Cognito for authentication and authorization of the use of La Caja’s business applications. 
  4. AWS Security Session.

On the other hand, Terraform was implemented for the deployment of services in AWS and AWS SDK NodeJS for the integration of services with the Web Empresas site.

In turn, the AWS services implemented were as follows:

  1. AWS IAM: For the deployment of configurations to use Azure AD as IDP.
  2. AWS Cognito: Customer Identity and Access Management for the Web Empresas site
  3. DynamoDB: Saving of registered user data through AWS Cognito
  4. Lambda: Creation of automatic user approval function for development in test environments.
  5. Amazon Simple Email Service (SES): Emails are sent to users when AWS Cognito makes it available to execute a particular event. (e-mail validation, password recovery, etc.)
  6. AWS WAF: Application of a geolocation security rule that prevents any user not located within the Argentine territory from registering or authenticating in AWS Cognito.
  7. CloudWatch: Logging for the services mentioned above.

Conclusion and results

As mentioned earlier, La Caja did not know about AWS services and its ecosystem. Thanks to this project, it was possible to transfer the knowledge to the developers so that they could work on the continuous integration of authentication with a basic understanding of all the services configured, along with detailed documentation on each attribute used in the configuration. 

As a result of this project, La Caja now has a secure and low-cost authentication stack without the need to have intervened in highly complex services.

Get in touch

(*) Required fields