ekonoo SA Builds Serverless Solution Using AWS and Achieves CSSF License

Founded as a startup in 2019, ekonoo SA is headquartered in Luxembourg and offers financial solutions to individuals and enterprises across all sectors in Luxembourg and France. Its customers are organizations who provide occupational and pension schemes to their employees. “ekonoo SA wants to help users gain ownership over their retirement and interact with their savings in a way that represents their goals and needs,” says Jaime Prieto, chief compliance and risk officer of ekonoo SA. “Users can adapt their saving decisions to different risk levels and make critical decisions that determine their long-term retirement.”

In Luxembourg, companies that handle users’ data must comply with privacy regulations from the General Data Protection Regulation (GDPR). Financial services entities also need regulatory approval from the CSSF. To meet these requirements, ekonoo SA must adhere to guidelines like storing its data in Europe, developing an internal audit function, and keeping client data protected and anonymized. These laws are complex and often change, requiring the company to be agile.

ekonoo SA sought to maintain security and compliance while avoiding the complexity of managing physical devices. Seeking cloud-native tools, ekonoo SA turned to AWS. “AWS provides us with many tools that we can use to implement virtually any kind of security or data protection that we need,” says Julien Del Piccolo, DevOps and cloud architect at ekonoo SA. “Additionally, we do not need to manage any infrastructure on AWS, which is great for quick prototyping. We have a big toolbox that we can use, but it’s still our job to use it correctly.”

To meet GDPR requirements, ekonoo SA anonymized and encrypted its data. “It has been very straightforward to use AWS services,” says Jonathan Bernales, IT project manager at ekonoo SA. “If we want to encrypt data, we select the option, and the databases are encrypted.” It also set up two-factor authentication for added security using Amazon Cognito, with which companies can add user sign-up, sign in, and access control to web and mobile apps. “The benefit of Amazon Cognito is that you can secure your APIs and do everything by using AWS,” says Xavier Ledune, chief technology officer at ekonoo SA. To further improve its security posture, ekonoo SA split its infrastructure into two accounts: one account for core business calculations that aren’t exposed externally and one account for APIs. The two accounts communicate using Amazon EventBridge, a serverless event bus for building event-driven applications at scale across AWS, existing systems, and software-as-a-service applications.

An integral component of ekonoo SA’s solution is the ledger that it uses to prove data integrity in case of an audit. Using Amazon Quantum Ledger Database (Amazon QLDB), a fully managed ledger database for maintaining an immutable, cryptographically verifiable log of data changes, ekonoo SA can track the transactions that an individual makes using its solution. “We had support from the teams at AWS from the beginning,” says Ledune. “For example, when we wanted to build a ledger, our account manager put us directly in touch with the team that could help us.” ekonoo SA also relies on AWS CloudTrail, which monitors and records account activity across AWS infrastructure. Using this solution, it can take every audit trail, route it to a management account on AWS Organizations—which companies use to manage their environments centrally—and quickly perform queries.

Before going live, ekonoo SA validated that its build was effective and secure by performing an AWS Well-Architected review, which helps companies learn, measure, and build using architectural best practices. “The power of AWS is all the people working behind the scenes who are always available to answer our questions,” says Ledune. “Even though we are a small startup, the AWS team treats us like a very important customer.” The review process went smoothly and validated ekonoo SA’s decisions. After the 1-year application process, which involved significant paperwork and follow-up interviews, ekonoo SA received its first CSSF license in June 2021, and customers could start using the solution in production. The company has since received a second license and a European passport to apply those licenses to business in France.

With a serverless solution, ekonoo SA doesn’t need to manage physical infrastructure and can reduce its carbon footprint. “With a serverless architecture, the solution scales automatically, and you can sleep well, knowing the services work together,” says Ledune. “It would be very difficult to reproduce this kind of architecture on premises.” Its infrastructure is fault tolerant and is deployed across three different AWS Regions, which is a benefit the company can share with regulators and auditors. “Because we don’t need to worry about the underlying low-level technical constraints, we can focus on delivering value to customers,” says Bernales.

ekonoo SA provides customers with a steady and consistent delivery cycle. It updates its applications every 2 weeks, which is possible because the solution doesn’t need as much downtime as it would using an on-premises solution. Using AWS CloudFormation, an infrastructure-as-code service that organizations use to model, provision, and manage AWS and third-party resources, it can put a deployment in production in around 1 hour and automatically roll out a new version of the solution. If there’s an issue, the deployment rolls back automatically so that customers don’t experience any downtime. “The time it takes to release a patch for a module in production is greatly reduced and automated,” says Bernales. “We don’t have the kinds of issues that we would have with a standard infrastructure.”

ekonoo SA is honored to be the first cloud-native financial technology company to receive approval from the CSSF. ekonoo SA hopes to inspire other companies in Luxembourg to embrace cloud solutions as well. “We’ve proven that it’s possible to offer a cloud solution in the financial sector, and we’re able to say we’re a pioneer of the movement,” says Ledune.