SoyYo, Well-Architected

The challenge

SoyYo is the platform that allows people to make payments and procedures with their cell phones, and that helps mitigate risks of fraud or impersonation through multiple authentication mechanisms, framed in a digital identity ecosystem that allows continuous verification of its users.

In 2020, the Covid-19 pandemic promoted the use of digital channels to carry out procedures, purchases, and banking errands. In the case of Colombia, virtual transactions showed a peak of 174.7% growth (exceeding 110 million operations), Internet purchases grew by 68% and payment through mobile applications by 48%. Under this scenario, SoyYo was clear that it had to optimize the workloads associated with its platform to guarantee the quality and security of services such as facial biometrics and all the tools associated with digital authentication.

SoyYo supports the digital peak during the start of the pandemic through Well-Architected Framework practices

To address these needs, SoyYo hired the services of Clouxter, an Amazon Web Services partner, specialized in developing cloud solutions under practices such as a Best Practices Review (Well-Architected Framework Review) and a Cloud Adoption Framework (Cloud Adoption). Framework).

Well-Architected Framework Review (WAFR) for risk mitigation and platform optimization

Clouxter then began the execution of a Well-Architected review of its critical productive load, to identify and mitigate potential risks and obtain an efficient, reliable, secure, and optimized infrastructure, capable of supporting the increase in users on the platform and minimizing the risk of incidents.

The review showed a 67% opportunity for improvement, of which 18 activities were addressed and distributed in the 5 pillars of good architecture practices: Security (2), Reliability (7), Performance (3), Operational Excellence (2), and Cost optimization (4).

For each of the pillars, the following actions were established:

Reliability

Recommendation of Disaster Recovery Planning (DRP) strategies (scopes and benefits) for implementation. The Objective Recovery Times RTO and the Recovery Point Objective (RPO) were defined and the strategies were established, where Clouxter supported the first phase of the selected DRP scheme.

• Exhaustive configuration analysis of the network solution resulted in a document with actionable recommendations to improve the findings found.
• Needs assessment for regional Virtual Private Cloud (VPC) deployments to ensure availability.
• Definition of a strategy to identify and manage the monitoring of resources, through the evaluation and enabling of logs, metrics, and alarms.
• In addition to providing a strategy to manage the life cycle for application logs.

Cost Optimization

• Definition of a monitoring scheme for resource utilization and capacity.
• Proposal for the implementation of a pricing model to reduce costs.
• Definition and proposal of a unified mechanism for the management of user accounts across its 5 accounts.
• Defining a labeling scheme and configuring cost explorer services.

Performance

• Definition of performance requirements and considerations of compute options and required configuration, supported by the collection of related metrics.

Security

• Definition of the strategy and configuration of AWS services and analysis of log files, to detect and investigate security events.
• Configuring AWS resource tagging to classify data.

The execution of these activities achieved a substantial improvement in the workload, which is reflected in the following numbers:

Summary of findings: Initial State vs Final State

Among the most notable AWS tools during implementation are AWS CloudTrail, Amazon CloudWatch, AWS Single Sign-On, in addition to the use of Savings Plans.

Benefits

The establishment of a monitoring scheme through control panels and alarms that allows them to view the behavior of all their services in a more controlled and organized manner, and receive notifications derived from irregular situations or close to the limits established as normal operation; gives SoyYo the possibility of making informed and timely decisions about the correct configuration of its base infrastructure, resources and associated services. This scheme is not only useful to improve performance or address specific situations, but also improves costs by not having oversized resources.

On the other hand, with the documents and recommendations that emerged from the strategies to guarantee and support component failures, improve the adaptability of demand changes and efficiently manage disaster scenarios and/or interruption events; SoyYo was able to develop a clear and consistent roadmap to strengthen its platform capable of offering a seamless service to its customers.

Finally, due to the knowledge accumulated thanks to the practices and recommendations identified during this Well-Architected Framework Review, SoyYo feels able to implement substantial improvements in its architectures and successfully mitigate the risks that may arise.

About SoyYo

The SoyYo mobile application, a project developed from a joint initiative by Davivienda, Bancolombia, and Banco de Bogotá, arose intending to reduce difficulties in identity authentication processes that are essential to request any type of credit.

This application allows the user to manage their digital identity from a single place, something that greatly speeds up the authentication processes that are necessary within banks, and credit institutions, among other organizations.

About Clouxter

At Clouxter we enable the adoption path and consolidate the cloud in organizations. Our focus is on DevOps, Migration, Security, and Analytics, providing the key pieces to have a great Cloud strategy. We have extensive experience in different industries such as Banking, Media, Fintech, Public Sector, ISVs, and Startups.

We accompany organizations on this path and accelerate their adoption curve, covering the Definition, Planning, Implementation, and Operations of their solutions, through our Professional Consulting Services, Managed Services, and Local Billing.