Elastum Security Case Study

Nov 8, 2022

AWS Helps Elastum Make Buying Cryptocurrency In Two Clicks Possible

Implementing world-class security measures ensured scalability, reliability, and cost-effective results for Elastum

Elastum is a leading cryptocurrency platform designed to make crypto investing accessible to everybody in just two clicks. The platform makes it possible to purchase mainstream cryptocurrencies, like Bitcoin, or more niche projects like Loopring, using any currency you like.

Helping people buy and sell cryptocurrency is a challenging task. You need access to a scalable solution while also providing top-tier security to your customers. Before working with Cloudvisor, Elastum was already taking advantage of AWS but wanted to improve their security practices further and ensure they were doing everything they could to keep customer data safe. 

Cryptocurrency investing can be very unpredictable and susceptible to sudden spikes in interest, which could overload an inflexible platform. That’s why it was important for Elastum to opt for a solution that would allow them to scale their operations up or down quickly. 

Elastum Had Already Put The Foundations In Place

Elastum had put security procedures into place, but the solutions they used were manual and not simple to scale. For example, the Elastum team relied on the AWS console to make changes, not more robust solutions. They asked Cloudvisor to help them optimize their solution and implement AWS best practices to help make their solution both secure and scalable. 

Let’s dive into how Cloudvisor improved the security and scalability of Elastum’s AWS implementation. 

Infrastructure Security Was Mission One 

Security should be a key concern with any implementation, but this is even more true when handling people’s money. Elastum not only helps people buy and sell cryptocurrency, but it needs to handle sensitive data during Know Your Customer (KYC) checks. 

The first step was to audit Elastum’s existing infrastructure. It was well set up but entirely self-managed, and it wasn’t yet compliant with many AWS best practices. Cloudvisor began to put its plan in motion by focusing on the initial infrastructure. 

Improving development processes and role management

To start, the team began to implement an integrated infrastructure as code (IAC) approach that took advantage of the AWS Cloud Development Kit (CDK) and infrastructure CI/CD pipelines. Following best practices,The Cloudvisor team implemented a multi-account approach by creating separate AWS accounts for access management, logs collection, development & production environments. 

Accounts had specific roles that followed the rule of least privileged access. This ensured that users and systems are always under control of what they could do within Elastum’s environment. Using this approach reduced the “blast radius” of any one account and minimized the damage that can be done if one is compromised. As a nice side benefit, it also prevents inexperienced users from accidentally accessing features that they should not be using. As an additional layer of security, all logs were separated into different accounts, providing visibility in case things went wrong. 

The team also helped improve Elastum’s systems’ long-term viability by overhauling the code and backup procedures. This included creating a better system for restoring backups on S3, fully utilizing Gitlab and a number of other miscellaneous changes. 

Implementing Robust Encryption 

The next challenge to overcome was encryption. Ensuring that your data is properly encrypted is one of the best ways to protect it from prying eyes, particularly important when handling sensitive financial data. 

Cloudvisor helped Elastum to implement encryption as per AWS best practices. Specifically, implementing the AWS Key Management System and Secrets Manager removing the human factor from the company’s encryption process. This helps to protect the infrastructure from internal challenges, while also preventing any data from being read with an appropriate key. 

Focusing on managed infrastructure 

The final major piece of the puzzle was shifting away from self-managed infrastructure to AWS managed services. These services are scalable and reliable by design, which eliminates the need for third party solutions that would normally be needed to ensure scalability and reliability. 

Additionally, AWS takes care of ensuring that the service is available, and that each layer of infrastructure is hardened against accidental or deliberate human factors. This reduces the amount of time and expertise the customer needs to operate their cloud infrastructure. 

Next Cloudvisor Needed To Ensure Scalability & Reliability

The great thing about following AWS best practices is that everything is interconnected. The client was previously using self-managed Kubernetes clusters, which are functional but generally difficult to  scale, with significant amounts of time and expertise dedicated to supporting it. In an effort to alleviate this pain-point, Cloudvisor migrated the client to a managed Kubernetes service: Amazon EKS

This was a huge boost for Elastum because they were able to take advantage of autoscaling. This tool enables a company to rapidly scale a system up or down without overspending. This is hugely important for companies in fields like cryptocurrency, where the hype cycle can lead to sudden large influxes of users, followed by a drop-off as excitement dies down. Autoscaling helped Elastum to save money during bear cycles, and meet demand during bull cycles. 

In order to maintain continuity of service, Cloudvisor has been working closely with Elastum’s team to make continuous improvements to their systems. We have also helped their team to successfully implement our suggested development practices, which makes it far easier to update their implementation. 

Elastum has had zero downtime while working with Cloudvisor 

Downtime is a major concern for many companies when making adjustments to their cloud services. That’s why we were so proud of maintaining zero downtime for Elastum for the entire period they have worked with us, even when migrating the implementation. 

In addition, we helped Elastum to implement efficient development processes. This ensures that their releases to production are properly tested and controlled. This significantly reduces the risk of downtime due to human error, or a poorly tested release. 

We think that the results speak for themselves. 

AWS Services Used 

Why Over 500+ Startups Trust Cloudvisor?

At Cloudvisor, we have one simple goal: we help startups scale with AWS.

The Cloudvisor team has a unique combination of experience working with AWS and also applying those solutions in a way that helps startups thrive. One-half of Cloudvisor’s DNA is AWS, the other is startups.

Want to discover how you can take your AWS implementation to the next level? Book a Free Consultation!

PAYPS

I was able to participate in the Well-Architected Framework Review program, which let me work with Cloudvisor engineers to receive outside feedback on how my infrastructure was built and how to make it stronger and more secure. I am really happy with the whole process. Dawid gave me general guidance along with step-by-step tutorials to help me reconfigure some parts of my infrastructure to make it more secure and more efficient at a lesser cost! What is really interesting is that this advice and support were not just a one-time shot, but I was able to get guidance for as long as it took to implement these guidelines. Regarding cost optimization, after optimizing my infrastructure, I was able to reduce my infrastructure cost by 35%. I highly recommend participating in WAFR to see real and quick benefits from it.

Fabrice Lefloch
CTO at PAYPS

Other Case Studies