Cloud Microservices Architecture Remediation

The client, a pre-revenue FinTech payments and mobile commerce start-up acquired the technology assets from another firm and wished to bring a new offering to market in the mobile commerce and payments space within a 9-month timeframe. The assets acquired, however, were limited by a number of architectural short-comings:

• Insecure and poorly implemented API authentication framework.
• REST-based microservices architecture that was not scalable.
• No multi-tenancy capability, requiring a new production environment per client ecosystem.
• Insufficient encryption and perimeter security provisions, policies and governance to meet security best practices for payment card data requirements (PCI DSS).

GreySpark deployed a partner to fulfil the role of Chief Architect and interim CTO, to accelerate the remediation of these issues in order to make the platform client-ready. The delivery approach was as follows:

• Investigate and recommend appropriate technology solutions to handle the scalability requirements of a B2C internet business of this type.
• Deploy industry standard OAUTH2 authentication infrastructure as the API perimeter in order to allow authentication to be managed properly, and in one place.
• Redesign the data-models in the system to support multiple tenants in a single environment whist ensuring data segregation was maintained.
• Create a Card Data Environment (CDE) with appropriate encryption, firewall, and associated security policy, controls, and governance frameworks required to obtain a PCI DSS auditor certification.

GreySpark delivered the following during the engagement:

• A new approach to infrastructure based on DevOps best practices, that included the use of Docker and Kubernetes to provide internet scale and availability to the platform.
• The introduction of an API Gateway solution that enabled the deployment of OATH2 REST API authentication at the perimeter.
• A new network and security architecture that successfully passed a PCI DSS 3.2 audit.
• Changes to micro-service data models to support multi-tenancy.
• A much improve Continuous Integration and Continuous Delivery approach which resulted in multiple production deployments occur per week.

• PCI DSS certification was an essential pre-requisite to enable this pre-revenue start-up to start to sign up clients.
• The deployment of Docker and Kubernetes effectively ensured that the infrastructure (AWS-based) could be elastically scaled to support the loads predicted by the largest global clients.
• Hosting and infrastructure costs were significantly minimised through the deployment of a new multi-tenancy capable platform.