Secure and Effective Development Services without Access to Sensitive Data AWS Case Study

Managed Team | Customer Case Study | FinTech

Executive Summary

Our Customer

SavvyMoney offers a Smarter Credit Score Solution for online and mobile banking platforms. The company provides comprehensive credit score analysis, full credit report, monitoring, and personalized offers — all in one dashboard.

With SavvyMoney credit score solutions consumers have convenient unlimited access to their credit score anytime and anywhere. Company’s key goals are to empower customers’ control over financial health, to help see how financial decisions might impact scores, to ensure real time monitoring alerts which report about any fraudulent activity, and to provide users with the best savings opportunities on an ongoing basis.

SavvyMoney is an online tool that provides users with free access to their credit score, explains factors impacting it and gives suggestions on how it can be improved. The company aims to empower the control of financial health with easily understandable advice about credits and debits, help monitor the credit score according to the interest rates and provide users with more economic options.

The Obstacles They Faced

Being a fintech startup, SavvyMoney were looking for a partner that would help them to strengthen their presence on the market and keep costs low. SavvyMoney aimed to leverage scaling up the development organization as they grew.

How We Helped

Romexsoft recruited the dedicated development team in line with the client’s business needs. We enabled SavvyMoney to take full advantage of having their business in the cloud by leveraging our proven AWS expertise.

Together with the client our dedicated team developed two new products:

  • SavvyMoney Credit Score to monitor financial health based on the SSO solution for integration with financial business partner software systems.
  • Offer Engine Application which enables the system to make suggestions on loans and credits for refinancing based on the users’ financial profiles.

Romexsoft’s dedicated development team handled most of the software development for SavyyMoney’s key website and also provided Quality Assurance services.

The Challenge

The application works with sensitive data of real users and limited access to it is required. On one hand, all passwords for database access, API tokens or any other sensitive configuration parameters for Production instances must be securely stored with limited access to them only by authorized personnel and removed from the application code level.

On the other hand, there must be a way for effective development and testing on QA and Staging environments. That’s why the strict separation of the application’s codebase from its configuration is required here.

The Solution

Amazon Web Services

SavvyMoney decided to choose AWS as their main hosting platform due to its scalability, reliability, constant innovations, and low latency. Romexsoft has successfully utilized a range of AWS tools during the development of the SavvyMoney’s app, ensuring the app’s high performance, global availability, and security.

AWS Services Utilized

EC2, Autoscaling, ALB, RDS MsSQL, ElastiCache Redis, SQS, Amazon MQ, S3, CloudFront, CloudWatch, CloudFormation, AWS CodeCommit.

Solution Delivered by Romexsoft

The huge variety of AWS services for different cases was a key reason the SavvyMoney team chose to work with AWS. Two of them, AWS Systems Manager Parameter Store and CodeCommit, were used to overcome this challenge.

Microservice architecture is built in Java Spring Boot framework. Each microservice is a separate REST API that performs required business logic and is running on EC2 instance in the Autoscaling Group. Launch Configuration has attached the IAM role with read-only access to the parameter store. So any sensitive parameter is known only for the application on startup and there is no way to see it.

All sensitive configuration parameters from classic *.properties files are moved into the AWS Parameter Store and all *.property files with other parameters are moved into the CodeCommit. Spring Cloud Config service reads properties from CodeCommit, and REST API application calls Spring Cloud Config for required properties on startup or on-demand refresh. The access to Parameters store and CodeCommit have only authorized persons.

Key benefits of delivered architecture:

  • No access to sensitive data for a development team in Parameter Store and no way to see it being logged on the EC2 instance.
  • The application code is separate from configurations. The same application with the same codebase can be launched in different environments: Staging, QA, Production.
  • Separation parameters storage on Parameter Store and Code Commit allows better security, handling, and maintenance.
  • There is a possibility to reload parameters from Code Commit on the fly without application rebuild or restart.
  • There is a possibility to reload parameters from Parameter Store without application rebuild. Restart is required.

Romexsoft ensured that the solution was in line with SavvyMoney’s vision and expectations and that it worked seamlessly 24/7.

Secure and Effective Development On AWS Architecture Diagram

Secure and Effective Development without Access to Sensitive Data On AWS Architecture Diagram

AWS Services Utilized

Name Description
aws-codecommit CodeCommit AWS repository. It contains all properties of the application, except for sensitive such as DB passwords, etc.
AWS parameter store AWS System Manager Parameter Store. It contains sensitive data such as DB passwords.
AWS IAM Role AWS IAM role attached to EC2 instance with permission to Read parameters from Parameter Store.

AWS IAM User that has permissions to edit records in the Parameter Store.

The development team has these permissions for Sandbox/Beta env.

Only account administrator has these permissions for PreProduction/Production.

Amazon-EC2

Restful API, Spring Boot 2 application launched an EC2 instance within the Autoscaling group.

The startup app performs two actions:

  • connects to the Configuration Server to get configuration properties.
  • having attached IAM Role connects to the Parameter Store to get sensitive parameters.

Technologies Used

Amazon Web Services
Java Logo
spring.io
Hibernate Logo
JavaScript
HTML 5

What We Achieved Together

Romexsoft’s high-performing dedicated team of software developers helped SavvyMoney to scale up faster. And by using the AWS services we are sure the solution is secure, reliable, cost-effective and highly-scalable.

The improvements, our dedicated team implemented, helped SavvyMoney to increase the amount of users by 250 times and keep it growing.

Romexsoft made sure that the application provided limited access to sensitive data (i.e. all passwords for database access, API tokens or any other sensitive configuration parameters for Production instances) and that the strict separation of application’s codebase from its configuration was in place.

More than 600 banks and credit units across more than 35 digital banking platforms have already integrated SavyyMoney’s credit score solution to accomplish their goals.

Feedback

SavvyMoney Logo
“Romexsoft has built a skilled and proactive team for SavvyMoney, eager to propose new solutions and hire expertise when needed. It’s a pleasure to work with Romexsoft, and I would highly recommend them.

They have very good developers…. We haven’t had the same problem with them as with other vendors.

Bhavna Guglani, VP of Products at SavvyMoney

Recent Success Stories

HealthCare EMR / EHR SaaS Platform Development for Therapy Companies

Managed Team | Customer Case Study | HealthCare

AdTech Text-to-Speech SaaS Platform Development for Content Publishers

Staff Augmentation | Customer Case Study | AdTech

24×7 DevOps Support Services for Healthcare Marketplace

24×7 DevOps Support Services | Customer Case Study | Healthcare

Why Romexsoft

Romexsoft has been a Trusted Software Vendor and Managed Service Provider since 2004.

  • We are an AWS Certified Consulting Partner, focused on long-term cooperation and customer satisfaction.
  • We provide customers with the effective and market competitive solutions that would absolutely separate them from the competition, help clients minimize their Total Cost of Ownership (TCO) and maximize Return on Investment (ROI).
  • Having a number of AWS Certified Engineers, Java Developers, SysOps and DevOps Engineers, and Cloud Architects in the team, Romexsoft offers rapid start and stable performance which 90% of our clients are willing to recommend.

Let’s Talk about Your Business Needs!