AWS Startups Blog
Achieving a Swiss Bank Security Level with Nummo
Guest post by Enrico G. Schoch, Co-Founder & COO of Nummo
Nummo is a personal financial management platform that empowers people to live better, by helping them manage, maintain and improve their financial health. At the outset, we wanted to give our customers the same quality of service offered by the big banks. Given our background in the Swiss banking industry, a key aspect for us would be security. We place security at the highest priority and have invested heavily in order to give our users the peace of mind they need.
Like many startups today, Nummo was born in the cloud and given our industry and our future goals, we wouldn’t compromise any other aspects of our offering. People needed to feel their data is secure when using Nummo.
Given my prior experience with Amazon Web Services (AWS), my team and I felt that Amazon would be the right partner for us, as it offers a large number of additional services that would help us achieve our ultimate goal. At that point in time, I knew what we wanted to build, but realized we didn’t have the know-how to do such a deployment ourselves, directly on AWS. So I picked up the phone (old style), rang Amazon HQ in Europe, and asked them to recommend their best implementation partner in Switzerland. That’s how we were introduced to Amanox.
Together with our new partner we started the journey in which a startup wanted to achieve the same level of security as a Swiss Bank. We drafted our infrastructure plan and analyzed every single component. We focused on making them secure and scalable. We implemented every possible solution to ensure that our users would feel secure when trusting us with one of their most precious possessions—financial data—and confirmed that we would be able to handle any number of requests going forward, by having a fully auto-scalable system.
This project was not a walk in the park. It takes a lot of effort and a great combined team of professionals to put this kind of infrastructure in place, but we did it and the result speaks for itself—it’s great!
During the initial phase of the implementation, we worked closely with our consultants, letting them lead as we learned. Later on we would take back the helm in order to navigate through from the plethora of services, all the way up-to completing our platform before going live this spring.
Today we are entirely on the cloud and have a fully redundant infrastructure with various environments to support our development team (DEV, UAT, PROD). We’re able to spin multiple instances of the necessary servers, within minutes. We use a load balancer and firewall (cloud-based from the Amazon marketplace) which among many features (including WAF) allows us to fully control the sessions of our users, and redirect them to any available server (with Amazon ElastiCache managing our sessions). Our data is secured behind many layers of infrastructure and by using RDS, we ensure it’s always backed up and available to our users. Last but not least we have implemented our CI/CD (continuous integration/continuous development) workflow which allows us to commit code, forward and distribute it to all our instances/environments speeding the development process and allowing us to better handle our releases ensuring the best quality possible for our users.
Our infrastructure and code are constantly monitored by outside professional security experts who guarantee that the system has no vulnerabilities.
Currently, we are focusing our efforts on extending Nummo’s capabilities by introducing new features and using other AWS services, such as Redshift, Kinesis and Deep Learning. The latter is part of our strategy to better understand our users and offer them more options to help improve their finances.
Nummo offers the possibility to consolidate and analyze anyone’s financial situation, providing a holistic picture of one’s finances. Understanding is the key to helping people shift their money mindset. We lay out a variety of conflict-free options, giving our users the tools to make their money work for them. Being truly independent of any financial institution and providing complete transparency is in our DNA. And, since Nummo’s platform is fully hosted on the cloud, we are able to handle thousands of users and help them get to cloud nine via their financial well being!