Padok Helps Bridge Improve the Security and Availability of Its Payments Platform Using AWS

Bridge, a France-based company that specializes in enabling and initiating payments, chose AWS Partner Padok to help it maintain its open banking platform 24/7 while optimizing costs and complying with French employment laws that limit overnight working hours for developers. Built on Amazon Web Services (AWS), Bridge’s infrastructure uses APIs to help customers’ systems connect with its platform in real time. Working with Padok, Bridge now has a platform that is secure and available, and the two companies have developed a trusted partnership.

Paris, France-based Bridge is an online payments company that helps businesses of all sizes to initiate and collect payments securely, and in real time. Founded in 2014, Bridge used its strong in-house technical capabilities to build an Open Banking platform and produce APIs that its customers can integrate into their websites, applications, and platforms to quickly enable a range of payment services.

Bridge’s technologies are embedded into its customers’ critical transactional systems and its developers are responsible for ensuring that its platform is always available. However, French employment laws prohibit companies from making their developers work overnight, which left a gap when potential technical issues could cause downtime. “In the payment field, we cannot be credible or competitive if we do not ensure 24/7 availability with a high SLA,” says Benjamin Mur, backend manager at Bridge. “Previously, site reliability engineers (SRE) were part of our development team and, legally, they couldn’t work between midnight and 8 AM.”

It was vital to Bridge that it could guarantee all customers a high SLA, so the company started looking for a technical partner that could help. Bridge’s infrastructure was built in the cloud using AWS, so it was searching for a partner that had extensive AWS technical expertise and could provide a service that would fit within its budget. That’s when it met local AWS Partner Padok, a cloud specialist.

Padok initiated an audit of Bridge’s open banking platform to fully understand its cloud architecture and applications. After several days, Padok reported its findings and recommendations, which included updating to the latest versions of several AWS services. Mur was happy with the results and had already come to the same conclusions. “We had already planned on updating these services, so that was a good start because it validated the work that our developers had already accomplished,” says Mur. 

To monitor its applications and visualize the usage of AWS services, Padok used Amazon CloudWatch, a service that monitors applications, responds to performance changes, optimizes resource use, and provides insights into operational health. It also installed two Datadog probes in Bridge’s infrastructure, which added to the two Datadog probes that Bridge was already using. Datadog probes help customers quickly search, filter, and analyze logs for troubleshooting, and Datadog also helps when optimizing the performance of applications, platforms, and services. “We now have double the security,” says Mur. “Padok also has access to data from our probes, which helps them generate a complete vision of our infrastructure.”

One major issue that needed addressing was the number of security alerts being generated. Originally, Bridge managed these alerts by creating a series of runbooks—which provide staff specific instructions on the steps to take for any given alert—but Padok wanted to improve the alerting system by automating responses so human intervention was required only for unrecognized or important alerts.

Transforming the alerting system took a few months, during which time Bridge and Padok worked together to try and stabilize and optimize the platform as much as possible, and reduce the total number of alerts being generated. Padok also helped create new runbooks where necessary. “The result has been a significant reduction in the number of alerts,” says Mur. “Alerts are rarely repeated and, although we are still developing runbooks, we have automated part of the process so that the system can automatically close alerts without manual intervention.”

Security is one of the most important considerations for any company involved in payments, so it took complete trust for Bridge to allow Padok into its inner circle. “One sensitive point was granting Padok the necessary authorizations so they could maintain our AWS services,” says Mur. “Padok now has almost the same access to our AWS services as our own developers and the responsiveness of its teams means we can now offer our customers a very respectable SLA.”

Padok’s role in the relationship has now extended beyond simply maintaining the Bridge infrastructure into one of a trusted consultant. “The idea is to not just be an operational service provider but to also offer advice,” says Hubert Angebaud, account manager at Padok. “We have monthly meetings to discuss the alerts that have been processed, but we also help them in other areas—such as optimizing services and costs.”

When Padok initially audited Bridge’s infrastructure, it discovered a cluster of 18 machines using Amazon Elastic Compute Cloud (Amazon EC2) that was still struggling to cope when the infrastructure was experiencing traffic spikes. Padok recognized that this was due to a misconfiguration and helped correct it. The result was that the same cluster could now cope with traffic spikes using only two machines, significantly reducing costs. “Thanks to the strength of our relationship with Padok, we can fully concentrate on the development of our platform with complete peace of mind,” says Mur.