Securing and modernising cloud infrastructure in a fintech

Head of Infrastructure, Security and DevOps

Cybersecurity engineers and pen testers (4)

The challenge

A fintech operating across multiple domains was experiencing performance challenges. In addition to supporting product management within the same company, Gear Train was contracted to optimise and stabilise its cloud infrastructure and security.

The primary challenges were:

  • High infrastructure costs

  • Slow deployments

  • Poor visibility of systems

  • Unmanaged security risks

How we solved it

Fixing security first

We reduced security risk and improved accountability by:

  • Carrying out an infrastructure and code vulnerability and threat analysis

  • Fixing critical and high vulnerabilities and threats

  • Reducing the cyber attack surface by closing known exploitations

  • Introducing secrets management

  • Updating the incident reporting process and ownerships

  • Creating transparent and easily accessible documentation and templates

Made deployments predictable for developers

Many programming languages were in use, which increased complexity. We introduced a single, standard way to build and deploy services, which included:

  • Creating a bespoke infrastructure-as-code framework using Terraform

  • Introducing FinOps practices to control infrastructure costs

  • Migrating services to Google Cloud using Kubernetes

Bringing order and automation to the infrastructure

We improved response time during outages and unlocked immediate cost savings through automation, and reduced wasted engineering time through: 

  • Defining clear service naming conventions

  • Grouping systems consistently across code, logs and cloud projects, making it easy for any engineer to find what they need.

  • Turned off non-production systems overnight.

  • Rebuilt environments automatically

    The company was able to run disposable, repeatable environments, automatically rebuild systems, and stop ‘nurturing’ long-lived servers.

Outcome

In addition to implementing controlled, secure operations instead of reactive firefighting

  • Cloud costs dropped by 40% per month.

  • 80% faster shipping of features to production. Engineers now release features in two days instead of two weeks.

  • 75% improved incident response and recovery times

  • Improved cybersecurity and ownership.

  • Standardised and scalable infrastructure

  • Increased engineering productivity through predictable engineering workflows.