Crypto.com Leverages AWS for High Security and Scalability
Powerful Alternative to Traditional Finance
Crypto.com was founded in 2016 as a powerful alternative to traditional financial services. With products including a wallet, an app, a debit card, an exchange, and lending instruments, Crypto.com is a one-stop shop accelerating the global adoption of cryptocurrencies.
Based in Hong Kong, the company serves over 5 million customers around the world and prides itself on its commitment to security and compliance. Crypto.com is the first cryptocurrency provider to become ISO 27001– and ISO 27701–certified. It is also compliant with Payment Card Industry Data Security Standard (PCI DSS) Level 1, which is the highest level of compliance.
The startup launched its first product in 2018 on the Amazon Web Services (AWS) Cloud, which its founders chose for the AWS security posture and privacy controls. “AWS has a strong commitment to security even at the component level, with good encryption features for data at rest and in transit,” says Matthew Chan, CIO at Crypto.com.
AWS has a strong commitment to security even at the component level, with good encryption features for data at rest and in transit.”
Establishing a Security Culture
Crypto.com firmly believes that people, processes, and technology are equally important in establishing and maintaining a culture of security. Many of the startup’s employees have undergone cybersecurity and privacy training and have various AWS certifications. Tools such as AWS Identity and Access Management (IAM) give Crypto.com fine-grained access control to define roles and permissions for each employee.
The startup has had a DevSecOps practice since day one to ensure security is baked into every element of software design. Its development process relies on infrastructure as code, with deployments and changes thoroughly documented. Code and infrastructure are regularly assessed using AWS Trusted Advisor, which detects potential security gaps and suggests recommendations for improvement.
Evolving Regulations Across the Globe
Crypto.com leverages the AWS global footprint to stay on top of evolving data residency regulations. It uses AWS Transit Gateway to ensure privacy when connecting its virtual private clouds in different AWS Regions. All network traffic is automatically encrypted, which helps protect against distributed denial of service (DDoS) attacks and other common exploits.
The startup performs regular business continuity drills for disaster recovery (DR). “We can pivot quickly on AWS, migrating and backing up data between AWS Regions,” says Chan. “Our DR drills are painless, as automated snapshots ensure we can restore our databases to the exact point in time prior to a disaster, while keeping data integrity intact.”
Security and data privacy are critical to achieving Crypto.com’s goal of mainstream cryptocurrency adoption. As cryptocurrency markets’ regulations continue to evolve, Crypto.com's customers appreciate the leading role Crypto.com has taken in regard to verifiable security controls.
Performance Insights Ensure Stability
Customers expect 24/7 access and full functionality for Crypto.com’s services, especially during periods of high volatility in global financial markets. During these periods, traffic can spike up to eight times the typical peak load for applications such as the wallet and exchange.
“Because we’re in the financial services industry, we can’t experience any downtime, but at the same time we need to be agile and fast with content delivery,” Chan explains. The startup has real-time access to performance insights on the AWS Management Console to detect and troubleshoot issues when it experience slow running queries.
Crypto.com is constantly enhancing its products, with one-week release cycles as its norm. Many of its releases introduce new integration capabilities with payment systems such as IBAN in Europe and Automated Clearing House (ACH) in the US, so customers can easily move money from standard bank accounts into their cryptocurrency wallets.
Rolling Deployments Simplify Scaling
Crypto.com uses Docker containers to standardize deployment. It has recently completed its continuous integration/continuous development (CI/CD) pipeline on AWS to automate build and test functions whenever new code is introduced. Engineers use Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Services (Amazon EKS) as fully managed container orchestration services.
“Amazon ECS and Amazon EKS are probably the most important services for our business in terms of the technological triumph we’ve achieved with AWS,” Chan says. “We can do rolling deployments with zero downtime and handle load balancing with the click of a button. Plus, both of these services have self-healing capabilities. This simplifies the scaling process and makes life a lot easier for us.”
Managed Services Save Time for New Projects
Managed services such as Amazon ECS and Amazon EKS are among the features that initially attracted Crypto.com to AWS and have kept the company loyal ever since. In 2020, the business decided to upgrade to AWS Enterprise Support. It uses the service both as an emergency lifeline for system issues and for guidance on best practices and optimal cloud configuration when planning new projects.
Several projects are on the horizon, including the expansion of cryptocurrency derivatives and lending services to enrich the Crypto.com exchange. “By leveraging the latest technologies offered by AWS including more managed services, we gain time-savings, which allows us to focus on new offerings,” Chan says.
Crypto.com is on a mission to accelerate the world’s transition to cryptocurrency. Based in Hong Kong, the platform offers an app, a wallet, an exchange, a debit card, and other financial tools to over 5 million customers globally.
Benefits of AWS
- Achieves compliance certifications such as ISO 27001 and PCI DSS Tier 1
- Protects data at rest and in transit with encryption at the component level
- Migrates and backs up data across global regions to facilitate disaster recovery
- Scales to over 5 million users in 2 years
- Performs rolling deployments with virtually no downtime
- Saves time with managed services for cloud orchestration
AWS Services Used
Amazon Elastic Container Service
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Customers such as Duolingo, Samsung, GE, and Cookpad use ECS to run their most sensitive and mission critical applications because of its security, reliability, and scalability.
Amazon Elastic Kubernetes Service
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service. EKS runs upstream Kubernetes and is certified Kubernetes conformant so you can leverage all benefits of open source tooling from the community. You can also easily migrate any standard Kubernetes application to EKS without needing to refactor your code.
AWS Transit Gateway
AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.
Companies of all sizes across all industries are transforming their businesses every day using AWS. Contact our experts and start your own AWS Cloud journey today.