Advanced Cyber Security

A FORTUNE® global leader in payments and financial technology, approached ACS about including EndpointLock in its Clover Security Plus product bundle, which is designed to help their merchant customers reduce risk and liability from potential breaches while maintaining Payment Card Industry (PCI) compliance.

“Our new partnership significantly expanded our customer base, and we knew our on-premises infrastructure would not be able to handle the demand,” said Stephen Santise, director of technology at ACS. “We needed a modern environment that would allow us to scale out to hundreds of thousands of users quickly. Our plan was to move to AWS, but we needed a trusted partner to help get us there.”

Santise chose Navisite as that trusted partner, bringing the company’s cloud experts on board to design and build an AWS environment that would support increased demand for EndpointLock and power the company’s product licensing server and user-facing Web portal.

The Navisite team built an AWS architecture that mirrored the company’s current on-premises set up, and then migrated existing EndpointLock Windows workloads to a Microsoft SQL Server database running on Amazon Relational Database Service (RDS).

As part of the migration, ACS tapped Navisite’s DevOps expertise to create an environment that would allow their developers to continually innovate using modern DevOps best practices.

Navisite’s cloud experts built three environments on AWS—development, staging and production—and moved the company’s code base to .NET on Windows-based Amazon Elastic Compute Cloud (EC2) instances. From there, Navisite developed a
CI/CD pipeline using terraform infrastructure as code templates to create a modern code pipeline that enabled the team at ACS to rapidly develop and deploy changes, upgrades and new features.

“Navisite modernized and automated our DevOps process, so deploying code on AWS is fast and easy,” said Santise. “Our team can confidently and securely build, test and push changes into production without having to worry about infrastructure management.”

In addition to DevOps, ACS is taking advantage of Navisite’s AWS Cloud Optimization (ACO) service to control cloud costs.

“By doing AWS billing through Navisite, we’re benefitting from discounted rates,” said Santise. “And with Navisite’s AWS cloud expertise and continued oversight, we’ve been able to significantly reduce our costs. Most importantly, we rely on Navisite’s expertise every day to help us ensure ongoing innovation and cost optimization on the cloud.”

After a running on AWS for several months, Santise was ready to make another change. With the rapid adoption of EndpointLock, ACS needed a more cost-effective way to manage growth and opted to move off Windows and refactor to an open-source solution on AWS.

“The majority of our AWS costs came from Microsoft’s outdated and expensive licensing fees,” said Santise. “We wanted to eliminate those costs and better utilize what AWS has to offer.”

Navisite guided Santise and his team through a two-phased migration: migrating the Microsoft SQL Server database running on Amazon RDS to MySQL on Amazon Aurora, and then moving the code base running on .NET on Windows EC2 instances to .NET Core running on containers on Amazon Elastic Container Service (Amazon ECS).

As part of this process, Navisite:

• Built new AWS infrastructure and refactored the SQL Server database for MySQL
• Integrated the terraform tool into the new environment
• Containerized ACS’ existing code base
• Built a new CI/CD pipeline to automate the container build process
• Facilitated networking between GitHub, terraform and AWS cloud infrastructure

The open-source environment on AWS is secure and enables ACS to scale both horizontally (adding instances when demand rises) and vertically (resizing existing instances), enabling the company to significantly scale up without having to rewrite code. All the work done in terraform is version controlled and repeatable, providing ACS with proven templates that can be used to build similar environments for new product deployments.

“This second phase of modernization has set us up nicely for continued growth,” said Santise. “In fact, we’re currently working with one of the leading financial service providers to include EndpointLock in its CyberProtectSM: Identity Watch offering, which is an identity protection package for banks to offer to their customers. This will bring our product to a whole new industry and millions of new users over the next few years. Between the AWS environment that Navisite built and their ongoing support, we’re excited and prepared to meet new demand.”