Stable Payments Operations Thanks to A Deep AWS Partnership
Stable Payments Operations Thanks to A Deep AWS Partnership
Payments & Merchant Services
Our client delivers customized payment solutions to banks, merchants, and fintech companies across the MENA region. That includes several organizations in different countries around the world that rely on our client’s cutting-edge card processing, merchant acquiring, and value-added payments services.
How did our client build this extensive reach? Trust. The organizations that depend on our client for payment processing place an enormous amount of confidence in their payments partner. That includes the confidence to execute payments because even a short downtime of payment processing can lead to large financial losses – and loss of reputation.
There’s another critical factor: any company that processes payments must be a trusted partner that can safely handle the private payment data of the businesses that depend on it. To deliver on this high level of trust our client requires technology infrastructure that is both highly resilient and secure from outside attack.
Our client already used AWS for core services but started to work with Bespin Global to achieve several key resiliency and redundancy objectives across its AWS implementation – an AWS implementation that was becoming increasingly complex in nature.
First, given the sprawl of our client’s AWS operations, the company asked Bespin to lay the groundwork for a more structured approach to AWS account and facility management. That was to ensure that future growth – both in terms of payment processing volume and product complexity – could be handled safely within AWS.
Our client also needed to build a redundancy mechanism for a key payment processing platform that is handled on-premises – and wanted to rely on AWS to achieve redundancy. The stakes for doing so were high given that it is a live payment processing system: in case of failure, switchover needed to be instant.
There was another unique challenge. The payment provider wanted to make use of the AWS region in their home country to ensure maximum efficiency. However, their preferred AWS region was new to the market which meant that certain AWS services essential to our client’s operations were unavailable in that region, requiring manual workarounds to get several key services operational.
Furthermore, given our client’s extended regional presence, there was also a need to manage AWS operations across multiple AWS regions, which required complex network topology.
Setting the stage for a capable, resilient, and trustworthy AWS implementation was the very first step. We kicked off the project by configuring an AWS Landing Zone to help coordinate AWS operations.
In the AWS Landing Zone we built a structure that supports the variety of environments required for development and deployment. That includes a development zone used as a staging area for deployment, a production environment, as well as a shared environment for shared resources.
To create a coherent and secure structure with the needed policies and monitoring systems we used the following AWS technologies:
- AWS Organizations for a centralized structure, so that accounts for the various AWS environments are under one master account.
- AWS config to audit and evaluate configurations, so configurations always adhered to security standards.
“AWS Landing Zone was a good fit for our client, but that did mean our developers needed to heavily customize the preferred AWS deployment region, hard-coding certain aspects of the AWS implementation to match the capabilities of other AWS regions.” – said Dania Alrefai, Project Leader at Bespin Global.
Building an AWS-based disaster recovery solution for our client’s payment processing platform required overcoming a set of privacy challenges which we solved through the meticulous configuration of a VPN, which maintained data privacy and security during transfers.
Next, we needed to ensure watertight security across AWS services to support the security of the financial operations throughout our client’s platform. We did so using three key AWS tools:
- Amazon Detective which simplifies the analysis and investigation of suspicious activities by relying on machine learning and graph theory.
- Amazon GuardDuty to continuously monitor security through threat intelligence feeds and machine learning, detecting unexpected and potentially malicious activity within an AWS.
- AWS Security Hub to provide a comprehensive view of the security state of the AWS environment, collecting security data from AWS and supported third-party products.
Obtaining clear requirements during the planning phase was challenging because our client is in a uniquely complex environment. “Given that our client is in a fast-moving fintech space, we also found that the project’s scope rapidly evolved as the requirements altered over time, influenced by an agile development process.” – said Dania.
Despite changing requirements, the AWS experts at Bespin were so knowledgeable and flexible around architecture, requirements, and standards. That includes implementing the AWS solution in our client’s AWS region of choice even though that region did not offer the required AWS Landing Zone features.
For our client, implementation success delivered several important outcomes that underpin ongoing AWS stability:
- Scalable, Defined Access: Implementing an AWS Landing Zone setup delivered tightly defined access controls ensuring that employees access AWS resources according to their roles and responsibilities.
- Simplified management and Governance: Bespin built an accessible view of the entire AWS environment, contributing to efficient handling and governance of cloud infrastructure – facilitating auditing and compliance reporting.
- One Organization: Creating all accounts under one AWS Organization encourages account centralization helping maintain compliance with internal security requirements across all accounts and resources – reducing the risk of security incidents and misconfigurations.
- Securing and Governing AWS Accounts: Service control policies (SCPs) offered granular control over AWS services, enabling administrators to secure sensitive resources and prevent breaches.
Throughout the implementation we ensured that we right sized our client’s servers: it’s a complex exercise, but we used our experience in predicting server load to ensure optimal costs and security.
RESULTS & BENEFITS
The collaboration between the payments company and Bespin created a seamless team dynamic, leading to more effective communication and efficient work processes. “The company’s AWS team gained a better understanding of infrastructure components, limitations, and the potential of AWS features like Kubernetes and containers.” – says Dania.
Throughout the project, our client benefited from rapid responses and deployment of resources by Bespin, which ensured a consistent project pace. The partnership not only delivered a technical solution but also business benefits, including:
- A Productivity Lift: The well-structured AWS landing zone minimized hiccups which ultimately improved employee productivity and speed of execution by reducing issue-related downtime.
- Optimal Resource Utilization: The new AWS configuration’s clearly defined access rights facilitated superior resource management, empowering our client’s management team to allocate resources like time, finances, and staff with greater efficiency.
- Improved decision-making: Managers could now shift focus from issue resolution to data analysis, evaluating options, and well-informed decision-making, thereby paving the way for superior strategic choices and better results for payments clients.
At the time of writing, three ongoing projects are in various phases. For example, our client aims to move a large-scale point-of-sale system into a Kubernetes cluster, and Bespin is assisting in creating this cluster on AWS.
Bespin Global is also acting as a managed service provider (MSP) – including comprehensive infrastructure management, technical support, and strategic consulting. As the MSP for our client, we monitor resource usage for cost-effectiveness and provide continuous advice to optimize cloud usage.
The AWS implementation project was a major milestone for our client, pushing the boundaries of AWS capabilities to meet specific project requirements and innovatively utilizing AWS services.
It set a robust foundation for our client, who can depend on their AWS implementation to continue leading in the payments space. Our implementation illustrates how deep AWS expertise can build a foundation for stable computing, and trusted payment processing.
About Bespin Global, an e& enterprise company:
An AWS Premier Tier Services Partner and AWS Managed Service Partner, BESPIN GLOBAL MEA (Middle East and Africa) is a leading provider of automated cloud solutions and consulting services, including cloud adoption, strategy, migration, implementation, Managed Services, DevOps, FinOps and Data & Analytics. Bespin is positioned as a Leader in Gartner’s 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, as well as a “Visionary” in Gartner’s 2022 Magic Quadrant for IT Transformation Services.
In late 2022, Bespin Global MEA and e& enterprise formed a joint venture with the aim to assist enterprises in their digital transformation journey and eventually become the largest pure-play public cloud-managed and professional services provider in the Middle East, Turkey, Africa, and Pakistan.
Bespin’s cloud FinOps management platform, OpsNow offers an automated end-to-end solution for customers to effectively manage cloud assets and costs, optimize cloud expenses, and automate the implementation of cloud governance policies across multi-cloud environments.
Address: The Offices 4, #138-139, One Central, Dubai World Trade Center (DWTC)
Telephone: 800 BESPIN (237746)
P.O. Box: 340729