Client Overview
Our customer – a SaaS application, a cryptocurrency exchange platform with products including a wallet, an app, a debit card, an exchange, and lending instruments. Their mission is to accelerate the global adoption of cryptocurrencies, making the transactions more convenient for every user. The company serves over 2 million customers around the globe and prides itself on its commitment to security and compliance, obtaining ISO 27001 and ISO 27701 certification.
From the beginning, the startup has implemented a DevSecOps approach to guarantee that security is an integral part of every aspect of software design. Their development process hinges on using infrastructure as code, with meticulous documentation of deployments and modifications. They consistently evaluate both their code and infrastructure using AWS Trusted Advisor, which identifies possible security vulnerabilities and offers suggestions for enhancement.
Challenges
The customer needed help with building a resource-segregated system and ensuring that wallets cannot contact the blockchain ledger directly, which prevents wallet funds mismanagement.
Also, their resources remained underutilized and overall operational and business effectiveness suffered.
The customer had the following project specifications and challenges:
- Automate Kubernetes cluster deployment to bare metal servers
- Automate Kubernetes cluster deployment to AWS
- Build resource-segregated AWS stack
- Implement and optimize CI/CD pipelines to reach better agility, scalability, and continuous integration/continuous deployment (CI/CD) capabilities
- Effectively utilize infrastructure – make AWS infrastructure cost-effective
- Implement monitoring and alerting.
Solution
In response to the mentioned challenges, Gart conducted a comprehensive infrastructure audit and found out where to optimize resources and streamline the services to enhance cost-efficiency and overall operational effectiveness.
Also, it was important to monitor the system and prevent hacking (as for any fintech startup). The platform also has a lot of network segregation between different parts of the app to ensure that wallets are not accessing it directly — they must pass through a proxy before authentication.
1.Infrastructure Audit and Optimization
a) Audit Phase
Gart initiated the project by conducting a thorough infrastructure audit. This involved assessing the existing AWS resources, identifying areas of underutilization, and pinpointing redundant services.
b) Optimization Phase
Following the audit, we optimized the resource allocation by eliminating non-essential services and rightsizing the infrastructure components. This approach resulted in significant cost savings for the client, reducing their operational expenses on AWS by approximately 68%.
2.Infrastructure Transformation for CI/CD
The platform employs Docker containers to streamline deployment processes.
Recently, the company finalized its Continuous Integration/Continuous Deployment (CI/CD) pipeline on AWS, enabling automated building and testing whenever new code is introduced. Engineers rely on Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS) as fully managed container orchestration services.
a) Monolith to Microservices
Recognizing the need for greater agility and scalability, Gart proposed a transformation from a monolithic architecture to a microservices-based architecture.
b)CI/CD Implementation
With the newly adopted microservices architecture, we implemented a robust CI/CD pipeline. This enabled automated testing, deployment, and monitoring of individual microservices, streamlining the development and release processes.
c)Continuous Monitoring
To ensure the ongoing stability and performance of the cryptocurrency trading SaaS, our team has established continuous monitoring solutions that allow for prompt detection and resolution of potential issues, ensuring the application’s high availability.
3.Outlining Security as a Priority
The cryptocurrency exchange platform takes advantage of AWS’s extensive global network to remain compliant with constantly changing data residency regulations. It employs AWS Transit Gateway to guarantee data privacy when linking its virtual private clouds across various AWS Regions. All network traffic is automatically encrypted, providing a safeguard against distributed denial of service (DDoS) attacks and other typical security threats.
As cryptocurrency markets’ regulations continue to evolve, the startup performs regular business continuity drills for disaster recovery (DR), as security and data privacy are critical for building trust and market adoption.