Get in touch
Klub

Executive Summary

Klub is an investment platform utilizing financial innovation and deep data-driven analytics to provide growth capital to entrepreneurs. Klub partnered with Comprinno to enhance the security landscape of its AWS cloud infrastructure to create a robust, secure and reliable environment for its customers.

About the Customer

Klub is India’s leading FinTech platform focusing on growth capital for brands through revenue-based financing. They are a team of FinTech, investment banking, venture capital, and technology professionals, determined to create a seamless funding experience for business founders, through technology & data. Investment platform combines financial product innovation, deep data-driven analytics, high-frequency collections, and community engagement. Klub has facilitated over 600 investments in 250+ leading brands including SMOOR, Bewakoof, Third Wave Coffee Roasters and have onboarded 7000+ patrons.

Challenges

As a responsible cloud adopter, Klub wanted to ensure that its AWS cloud infrastructure was robust and foolproof to avoid any security breaches. They also wanted to ensure that they were audit ready with an enhanced security landscape. To market their innovations faster, they required a setup for secure and fast deployments.

Klub

Solution

Klub, being a FinTech company is in a domain that has stringent security requirements. To fortify the AWS cloud architecture Comprinno undertook a series of security strengthening measures.

Threat of HTTP flood attacks and distributed denial of service (DDoS) attacks designed to take down its website, loomed large. The company needed protection against rogue robots that could flood its website with traffic and SQL-injection attacks designed to extract data. Comprinno configured AWS WAF for the application load balancer as an additional level of security against common web exploits and bots, that may affect availability, compromise security or consume excessive resources.

AWS Organizations was introduced for managing and governing AWS accounts centrally and efficiently. Separate accounts were created for all environments and a separate management account was created. AWS SSO has been used to centrally manage single sign-on access and user permissions across all the AWS accounts in AWS Organization. AWS IAM is used to provide access with least-privilege permissions. AWS SSO was integrated with G-Suite allowing users to access AWS accounts with their G-suite credentials. AWS IAM is used to provide access with least-privilege permissions. Mechanism was devised for root login notification.

AWS Client VPN Endpoints were utilized for accessing private resources using SSO as identity provider. It provides a secure TLS connection from any location using the OpenVPN client and it automatically scales to the number of users connecting to your AWS resources.

Klub

Amazon EKS cluster and database was deployed in private subnets in Amazon VPC. Application was deployed on Amazon EKS instances in Auto scaling group in private subnets for high scalability. Security groups were reviewed and restricted. Configuration changes were made enabling data encryption at rest in AWS EC2 and AWS RDS.

AWS Secrets Manager was used to rotate, manage and retrieve the database credentials and API keys. AWS Key Management System (KMS) was used for encrypting data as per AES-256 standard, to guarantee high level of security for the data during the transactions. This also guaranteed security provided for sensitive Personal Identifiable Information.
As per Security best practices, AWS GuardDuty, Amazon Inspector and AWS Security Hub have been used for security threat detection and monitoring.

AWS CloudTrail was used to monitor and record account activity across AWS infrastructure, giving control over storage, analysis, and remediation actions. All AWS Services logs were generated and stored in Amazon S3. Amazon S3 buckets associated with Amazon CloudTrail logs were configured to use the Object Lock feature in Compliance mode, in order to prevent tampering of stored logs and meet regulatory compliance. Application logs were shipped from Amazon EKS to Amazon Kinesis Firehose with Fluentbit log shipping tool. All AWS Services metrics were aggregated to create a common AWS CloudWatch Dashboard. Application metrics were exposed using Kubernetes Dashboard. Relevant alarms were configured in AWS CloudWatch Alarms for the infrastructure components.

Infrastructure was automated using Terraform. Terraform was an essential part disaster recovery strategy as it helps put up new infrastructure very quickly and efficiently.

CI/CD pipeline was implemented using Jenkins. Jenkins is triggered whenever code is committed to repository because of webhooks configured. Jenkins here was used for building the docker image, pushing it to AWS ECR and then deploying to AWS EKS. Whenever the new code is pushed to the repo, Jenkins is triggered which then clones the repository in its file system and sends it to SonarQube for checking the code quality.
SonarQube then checks the code on the rules defined in quality gate and sends back a JSON to Jenkins which reports the status of the code. If the code passes the quality gate the code is deployed and if it does not pass the quality then the pipeline is aborted.

Klub

Benefits

- Enhanced security posture
- An automated, scalable security solution has been built
- DDoS attacks are thwarted
- Improved incident response times by automating incident management process
- Secured static website
- Effective logging and monitoring of AWS services
- Reduced delivery time owing to automatic deployments via CI/CD.

Related Case Studies

View All
Highway Delite adopts a resilient AWS architecture
Highway Delite is a pioneering travel app specifically designed
Pando: Building a Resilient Infrastructure
Pando, a leading global supply chain technology company, is renowned
Skill-Lync migrates to AWS from Digital Ocean
Skill-Lync offers industry-relevant advanced engineering courses for engineering students
Leher migrates to AWS
Leher provides tools to creators for hosting exclusive communities
ISO 27001 compliant architecture
ISO 27001 compliant AWS infrastructure architected by Comprinno
Secure AWS architecture with data localization
FinTech company allies with Comprinno to clear data localization audit
GigsBoard
GigsBoard migrates to AWS with assistance from Comprinno
Bigyellowfish Technologies
Bigyellowfish engages with Comprinno to conduct a Well-Architected Review
Klub
Klub fortifies its AWS Cloud infrastructure by partnering with Comprinno
Neural Hive
Neural Hive launches its cloud journey by partnering with AWS and Comprinno
AyuRythm
AyuRythm gears up for high demand volumes for its wellness app
FinTech case study
Asia’s largest Fintech company partners with Comprinno for a PCI DSS Compliant infrastructure
boAt
DynamoDB Cost Optimization For boAt
Portea
AWS inter-region migration in record time during Covid-19 lockdown period
MediBuddy
Cutting edge cloud technology solution for India’s leading healthcare service provider
Mantle Labs  
High-Speed Satellite Image Processing for a Partner Geobotanic AI Platform
LightMetrics
Distributed database that is optimized for Partner handling heavy workloads for an AI platform
Ephicacy
AWS Workspace-based virtual office for a global Clinical Research Organization (CRO)
CreditMantri
Secure CRM access to WFH telemarketer during Covid-19 lockdown
View All

Company

Services

Subscribe to our Newsletter

Are you curious about what’s happening with AWS cloud? Sign up to our newsletter and stay updated on the latest news on product launches and updates.

null Copyright 2022