Wingo IoT: AWS IoT Solutions Position Startup for Rapid, Secure Scalability

Wingo IoT: AWS IoT Solutions Position Startup for Rapid, Secure Scalability

Wingo IoT is an Oregon-based startup that integrates inexpensive IoT and legacy automation systems into one intelligent solution for industrial applications. Its key value proposition lies in collecting critical data for operational analytics, AI and ML modeling, and insurance premium and claim reductions.

Established in April 2018 by an experienced technical team, Wingo focused its early development efforts on local sensor networks and isolated edge devices for data collection. The company’s hybrid IoT solution included 100% offline monitoring at sites and low-cost methods for collecting and managing facility data.

From the beginning, Wingo was aware their initial cloud architecture would require major improvements to meet stringent availability and security requirements for modern enterprise applications. A growing pipeline of large industrial customers motivated CTO Glynn Fouche to approach Effectual for a Well-Architected Framework Review as well as expert advice on Amazon Web Services (AWS) IoT solutions.

Starting with Well-Architected best practices to build long term success

Fouche recognized Wingo needed to properly leverage cloud services in order to best serve their customers. In particular, he wanted to set the young venture up for success from the start by aligning Wingo’s development process with the 5 Pillars of the AWS Well-Architected Framework.

As an AWS Advanced Consulting Partner and authorized Well-Architected reviewer, Effectual frequently helps early-stage companies leverage cloud-based solutions for projects ranging from proof of concept to full-scale custom software development. In this case, it was clear that with few developers, limited resources, and impending customer rollouts, Wingo was on a tight schedule to identify critical issues for remediation, improve real-time reporting, and operationalize its development process.

Given the company’s aggressive timeline, our team of solutions architects completed a thorough Well-Architected review and remediation in less than three months. During the process, we uncovered 34 high-risk issues requiring attention.

In the process of addressing these key issues, Effectual’s contributions include:

  • Developing cost predictions for company revenue model
  • Adopting a flexible consumption model to reduce development to cost ratio and increase product margins
  • Designing and implementing DevOps process for long term scalability
  • Establishing data storage plan leveraging a combination of Amazon DocumentDB, Amazon S3, AWS Glue and Amazon Redshift for quickly indexing data with instant access
  • Ensuring security compliance in a multi-tenant environment by isolating sensitive data
  • Creating NOC dashboard using AWS Lambda for real-time monitoring and business logic for pulling analytics
  • Deploying Amazon CloudFront to move small json payloads of dynamic content
  • Leveraging API Gateway as the medium for mobile and web apps to trigger backend API services in AWS Lambda
  • Providing security and disaster recovery analysis as well as recommendations for a secure, highly available, and fault-tolerant architecture

In addition, implementing Well-Architected best practices has strengthened Wingo’s confidence it can serve larger customers and meet their strict business and compliance requirements. Based on past experience, Fouche believes Wingo is much better prepared to handle comprehensive due diligence and security audits. The review process and documentation will also have a significant impact on the company’s ability to raise capital and could add significant value in the event of a purchase.

In collaboration with Effectual, Wingo’s next steps include documenting security practices as well as failover and recovery recommendations for performance reliability. These steps are critical as the company develops its cloud-based data architecture, user interfaces, and API gateways for external integrations.

Results & Next Steps

With the Well-Architected review complete, Wingo is now positioned to approach both new customers and potential investors with greater confidence in its ability to receive, process and store data in the cloud and offer powerful data insights for driving optimal business outcomes.

 

FinTech Startup: Maintaining security and meeting compliance in a fast-growing, innovative company

FinTech Startup: Maintaining security and meeting compliance in a fast-growing, innovative company

One of our clients is a fast-growing FinTech company that provides payroll card solutions for US businesses of all sizes. Their primary product offering is a direct deposit debit card that maximizes direct deposit participation among unbanked employees, eliminating the hassle of cashing paper checks.

Prior to a recent acquisition, the startup was enjoying success as a market leader with a wave of new customer acquisition. Its growth trajectory was also attracting new investors keen to enter the FinTech market. At the same time, the 100-employee company was facing challenges meeting its PCI DSS (Payment Card Industry Data Security Standard) compliance in a rapidly changing regulatory environment. Deep into their growth mode, the company’s leadership was told by investors they could not commit significant funding until new compliances were met.

For FinTech startups, PCI fines can threaten critical cash flow and bottom line profitability. Companies who fail to pass their audits can be fined anywhere from $5k to $100k per month depending on their size. Given their aggressive first-to-market strategy, the pressure was on the team to operationalize solutions and meet compliance immediately.

Originally engaged by a third-party security company to help the company with custom software development, Effectual was introduced by their auditing company to help address its regulatory and security concerns. As an Amazon Web Services (AWS) Advanced Consulting and Well-Architected Partner, Effectual has in-depth experience identifying security vulnerabilities. More importantly, the firm’s core expertise is translating those recommendations into clear, pragmatic steps for operationalizing long-term solutions.

Rapid growth and changing internal roles

As the startup expanded to service its widening customer base, internal roles and operational responsibilities were continually changing. The result was an unclear separation of permissions and duties as well as a lack of capacity or direction for detailed oversight. While former consultants had provided high level recommendations for mitigating security concerns, they had not provided the firm with practical, specific solutions for implementing them, leaving the team uncertain as how to proceed.

Results:

  • Reviewed all seven workloads – particularly related to Primary Account Number (PAN) data – to ensure the company had change management in place. This included security encryption, data storage, and permissions access.
  • Isolated workloads to keep access separate, creating an Amazon account for each workload.
  • Outlined clear separation of duties for auditing changes in their environment, with segmented duties and workloads.
  • Documented and aligned policies, processes, and permissions with internal changes and promotions to provide stability of roles and what tools each will use consistently going forward.

Managing multiple 3rd party vendors and outsourced workloads

The growing company had also become 100% reliant on third-party vendors for its workloads. Keeping eight different vendors informed of its regulatory and compliance requirements and ensuring necessary standards were met had become extremely difficult for the inexperienced team to manage. In addition, the client was at the mercy of its vendors’ competing timelines and unpredictable capacities. This was dramatically slowing its ability to respond to crucial deadlines for compliance. Effectual’s Well-Architected Framework Review quickly surfaced these issues as well as the need for remediation.

Results

  • Coordinated project management with all third-party vendors to remedy immediate issues affecting compliance.
  • Built a secure CDE data environment to store PAN data.
  • Reduced the number of outside vendors to be more manageable and complimentary.
  • Migrated two PCI-compliant workloads to Amazon using AWS Lambda, Amazon DynamoDB, GuardDuty, and API Gateway.
  • Outlined plan for migrating remaining workloads to Amazon in the next seven months.

Meeting compliance as an everyday activity

Working with Effectual, the client succeeded in passing its crucial PCI audit in less than 3 months. More importantly, the company has built a DevOps foundation for its future growth and regulatory compliance with everyday operations that ensure its continued success.

As a result, the startup is now skilled at the following:

  • Understanding its separation of duties, including how many people are involved and needed to facilitate a change in its environment
  • Documenting and aligning policies, processes, permissions with internal changes and promotions to create greater efficiencies and security
  • Strategically utilizing third-party vendors and keeping them informed as to its compliance needs

“At first, we brought Effectual on board to build an onboarding web application. But they’ve been far more than just a software development firm. Their DevOps infrastructure expertise, ability to build products in a PCI compliant manner, and emphasis on data security has been a game changer for us.”
                 
Evan, VP of Operations

 

FISMA Moderate Requirements met with AWS Infrastructure

FISMA Moderate Requirements met with AWS Infrastructure

Effectual led a Federal Government client in their journey from on-premises infrastructure to a secure cloud environment in AWS.

The Challenge

This Federal Government customer required a move from its on-premises infrastructure to a centralized cloud environment. This move was predicated on the requirement for increased security, flexibility in provisioning infrastructure, and a refresh of technology. The new AWS infrastructure must also be assessed at a FISMA Moderate level for production.

The Solution

Our team led the discovery, architecture, and implementation of an agency’s new infrastructure. We designed a multi-region, international architecture that allowed end users to quickly access virtual desktops at regions closest to those users. The centralized management and region-based architecture allowed devices to move outside the boundary, the virtual desktops infrastructure scaled as users joined around the world, and the agency was able to provision lower cost technology, such as thin clients, to achieve a refresh.

The Benefits

Increased Security

Our team supported the agency in its ATO efforts by provisioning compliant infrastructure and services in alignment with FISMA Moderate controls, then produced documentation supporting the architecture, allowing the agency to get a full ATO.

Privisioning Infrastructure

Our AWS-based architecture and deployment supported configuration of infrastructure to meet minimum workloads, which then scaled as users came online. Additionally, multiple user desktops could be provisioned on a single server, cutting down on associated costs.

Network Efficiency

The agency’s network needed to be overhauled as a result of security concerns. With the AWS backbone and multi-region architecture, users experienced a decrease in latency and the zero-trust model improved network security.

GenomeNext DevOps Process

GenomeNext DevOps Process

GenomeNext is a genomic informatics company dedicated to accelerating the promise and capability of predictive medicine and scientific discovery. It commercializes genomic analysis tools and integrated systems for the evaluation of genetic variation and function.

The advanced informatics and data management solutions are designed to simplify, expedite and enhance genetic analysis workflows. GenomeNext solutions provide the market with genomic data and analysis at an unprecedented combination of performance, quality, cost and scale without requiring the investment in high-performance computing resources and specialized personnel. The proprietary platforms address a broad range of highly interconnected markets, including sequencing, genotyping, gene expression, and molecular diagnostics. GenomeNext customers include leading genomic research centers, academic institutions, government laboratories, and clinical research organizations, as well as pharmaceutical, biotechnology, agrigenomics, and consumer genomics companies.

The Challenge

GenomeNext needed a more efficient way to develop and deploy application changes to its Amazon Web Services Genomics Cloud Platform while maintaining high level of security and compliance.

The Solution

We worked with GenomeNext to design efficient development and agile management process, setup internal DevOps software and AWS infrastructure components, mapped processes to appropriate security and compliance controls, integrated third party DevOps tools with the GenomeNext Cloud platform, implemented development life cycle environments (Dev, QA, and Prod) on AWS, monitored and reduced AWS costs, and architecture high availability and disaster recovery. Our solution enhanced GenomeNext’s ability to quickly and securely roll out application development and infrastructure changes with minimal to zero downtime through the use of tools such as AWS Elastic Load Balancing, AWS CloudWatch, AWS CloudFormation, and AWS CodeDeploy.

The Benefits

Automation

GenomeNext recognized the advantages of DevOps automation by a significant increase in deployment frequencies, a dramatic decrease in deployment failures, immediate recovery of failed deployments, and reduction in the time required for changes.

Disaster Recovery

By combining AWS and DevOps, GenomeNext can automate the deployment of an exact copy of its Production solution within minutes into any AWS region, allowing it to meet its recovery time objectives.

Cost Savings

GenomeNext realized cost saving utilizing DevOps and AWS. Cost saving came in terms of maintaining a small staff, increased quality of products, reduction deployment complexity, and faster time to market.

Ensuring Least Privilege Access: Implementing an Active Directory Federation Service

Ensuring Least Privilege Access: Implementing an Active Directory Federation Service

Effectual led the implementation of an enterprise grade Active Directory Federation Service (ADFS) for a large Federal Government client.

Effectual enabled reliable and secure cyberspace capability by providing a highly innovative network architecture, engineering, integration, and simulation services with unrivaled expertise and commitment.

The Challenge

The client looked to our team to move its highly disparate environment into a highly collaborative one. By implementing Federated Access to the Amazon Web Services environment, this ensured least privilege access to client users.

The Solution

We worked with the client to setup an AWS Identity and Access Management (IAM), federated sign-in through Active Directory (AD), and Active Directory Federation Services (ADFS). This ensured least privilege access to client users.

The Benefits

Reliability

Our team enabled reliable collaborative connectivity to a cadre of remote workers that needed access to the system while utilizing the ADFS PIV card solution.

Increased Security

We were able to meet all security requirements by using a federated solution, allowing the client to set permissions and access levels across different systems. The Federated solution also improved auditing management of credentials.

Efficiency

We implemented AWS CloudFormation to create a template to use when multiple accounts register in the system. This led to an increase in efficiency and ensures consistent configurations overtime.

Applications Rearchitected in AWS to Automate Security Triggers

Applications Rearchitected in AWS to Automate Security Triggers

Effectual led a Federal Government client in their journey from on-premises to AWS by extending their data center into the cloud and rearchitecting their applications.

Effectual provided guidance in the following areas

  • Implementing Automation for the client.
  • Creating a new AWS infrastructure and environment.
  • Updating and retooling current applications.
  • Building the solution as a receiver and retooling specific applications to function in the new environment.
  • Interpreting and providing additional information and understanding of features that are new and being developed as it pertains to their issues.

Our Team Leveraged the following technologies

  • AWS CloudFormation templates were created for DevOps
  • Organizations and AWS Config for management of the system
  • AWS CloudTrail and Amazon CloudWatch were utilized for automating security recommendations
  • Amazon CloudWatch was programmed to alert the client if changes were made in their system. The response would trigger the system to return to original configurations and alert security to these changes.
  • AWS infrastructure resources, EC2 instances and RDS database infrastructures
 

The Benefits

Migration to the Cloud

We rebuilt client applications in the AWS Cloud to connect to their on-premises data. This made their applications more accessible by all and created a working hybrid environment for their data.

Security Improvements

We deployed AWS infrastructure services, including Amazon CloudWatch to monitor resources and trigger responses to changes in the environment.

Management of Resources

The services in AWS monitor both on-premises and AWS cloud environments. The time to build components in the environment was significantly reduced and instances were saved as a template for repeatability.

FISMA Compliance Requirements Met for Self-Service Cloud Solution

FISMA Compliance Requirements Met for Self-Service Cloud Solution

Effectual enabled a Federal Government customer to set up a self-service cloud solution which is secure, compliant, and automated to scale up and down as necessary.

Customer Needs

The Customer wanted to scale out compliant accounts to meet security concerns such as accessing only approved services, protecting centrally managed resources, and ensuring logging and change activity was being captured. The overall issue was ability to consistently provision AWS accounts in a scalable fashion and manage them over time, keeping them up-to-date with newly approved AWS Services. The goal was to provide secure and compliant cloud hosting options while setting up a customer self-service solution.

Our Approach

We assisted the client in creating their entire environment from Infrastructure as Code while implementing a strict change control processes via GitLab. Custom pipelines were created based off the CI/CD framework for structured code. Overall the entire process was automated, eliminating the scalability issue of provisioning accounts. Our resources worked directly alongside the agency resources to document and achieve a FISMA Moderate ATO.

The Benefits

Scalability

The customer was able to quickly provision accounts in a consistent method across multiple geographical locations and regions. The entire environment can be deployed in one hour.

Self-Service

We enabled the customer to securely provision their own infrastructure, standardized methodology, and least-privileged architecture. This methodology ensures security in the cloud for the client.

Management of Resources

The services in AWS monitor both on-premises and AWS cloud environments. The time to provision new accounts was reduced from a month to one minute. The deployments are now consistent and can be saved for later use.

RFD & Associates

RFD & Associates

RFD & Associates, Inc., is an IT Technical Services Company with over 30 years of experience delivering IT solutions to public and private sector clients.

RFD delivers solutions from Mainframe to Mobile and everything inbetween. They have helped hundreds of organizations design, build, purchase and implement optimal technology solutions to achieve business goals. RFD needed help designing and developing a scalable, Amazon Web Services (AWS) cloud hosted, multi-tenant web and mobile friendly application. The proposed solution had a requirement to integrate with external APIs to ensure flexibility for future enhancements and integration with third-party tools. The application was also required to be compliant with Personally Identifiable Information (PII) and the U.S. Health Insurance Portability and Accountability Act (HIPAA) security.

Effectual Provided Guidance in the following areas

  • AWS design and architectural services to include making RFD’s multi-tenant hosting environment PII/HIPAA compliant
  • Provided AWS Training and best practices guidance on how to leverage AWS resources
  • Assisted in helping RFD achieve its defined goals:
    • Identify the challenges presented in third-party hosting of AWS.
    • Evaluate the use of cloud services to meet RFD business and technical requirements.
    • Determine portable containerization services.
    • Evaluate architectural decisions in AWS Commercial and GovCloud Regions.

Our Approach

A four-phased approach was developed to implement an AWS hosted environment for RFD:

  • Phase 1: Discovery, AWS Service Selection, and PII/HIPAA Security Requirements Determination.
  • Phase 2: AWS Foundation Build. Provisioned appropriate environments and access; established AWS accounts
  • Phase 3: AWS Service Build. Provisioned AWS services to include: EC2, Route53, S3, WAF, etc.
  • Phase 4: Process Documentation and Environment Review. Created AWS documentation of resources and provided reports on overall solution, security and cost.

The Benefits

Auto-Scaling

We configured EC2 instances that are PII/HIPAA compliant ensuring adequate capacity to meet traffic demands and compute capacity. In addition, we implemented automated launch configurations to allow RFD to quickly launch and/or scale application severs in target environments in the future.

Security & Compliance

The implementation of AWS Compute, Storage, and PII and HIPAA compliant Database services to ensure the security of sensitive data used in the environment.

Monitoring Services

To maximize the functionality of many services, AWS CloudWatch was configured to help RFD set thresholds/alarms to monitor custom metrics for auto-scaling needs.

ERP Disaster Recovery Solution on AWS

ERP Disaster Recovery Solution on AWS

A longtime leader in golf equipment and apparel needed to find an alternative disaster recovery solution for a new ERP system.

Finding itself with a number of legacy IT systems, the company was looking to upgrade their infrastructure in a number of areas. With an upcoming planned elimination of a corporate disaster recovery support platform, IT management saw an opportunity to investigate alternative solutions for their DR requirements.

“We wanted to upgrade our disaster-recovery capabilities in order to mitigate the chance of data loss in our mission-critical, enterprise resource planning or ERP system,” said the Director of Infrastructure and Services.

“We were looking at the concept of continuous data protection in both our onsite production and DR environments,” he added. The company also wanted to incorporate newer technology, which would allow for quickly scaling memory size, CPU and disk space – without having to purchase incremental hardware.

While they were using nightly backup and data replication for disaster recovery, the company envisioned a solution with a lower recovery point objective (RPO) through continuous replication. They required a best-of-breed disaster recovery environment to match the 99.99 percent uptime of their new Oracle ERP solution.

The planned elimination of a legacy DR platform provided an opportunity to modernize.

“From the very beginning, we were talking about instances and hourly costs. This was an entirely different approach from the colocation options we explored earlier.”

The Solution

To achieve their vision of a scalable DR environment, the company needed to look beyond colocation. Our experts helped the company focus on finding a suitable DR as a Service and cloud solution.

“For a long time, we did not think our requirements would work with Amazon. We required private networking and multiple nodes to be replicated synchronously, that seemed to defy implementation at a public cloud provider,” said the director of infrastructure and services.

To facilitate disaster recovery of its ERP database, the company decided on an Oracle Limited disaster recovery optimized solution. “We learned that the Oracle Limited solution was available to us at no cost when in sleep or standby state.”

AWS is an authorized cloud platform for Oracle — one of a very small number of approved cloud vendors.

It was the flexibility and willingness to share its operations expertise that attracted the company  to effectual’s team. “From the very beginning, we were talking about instances and hourly costs. This was an entirely different approach from the colocation options we explored earlier.”

An economical cloud-based, disaster-recovery environment offering the potential to do more with less.

The company deployed the architecture for its disaster recovery platform on Amazon Web Services. “We can even move between various Amazon data centers if needed for changing protection requirements – without incurring any data transfer charges.”

The effectual  team was able to build a custom, and cost-effective, DR environment harnessing the power of AWS. The company had a highly specific use case for the deployment of cloud resources for disaster recovery in an AWS environment. It was an ideal opportunity for Effectual to architect and secure an optimized solution at scale.