iTom requires customer consent before granting staff access to any customer information on the FGO platform. When this access is granted, it is usually for providing support or another customer-facing function. To provide this functionality, iTom needed to deploy security controls. “Our terms of service specify that our customers own their data,” says Valeriu Filip, chief executive officer (CEO) at iTom. “Our support and assistance services are only allowed to check individual customer information if our customers ask us to.”

The Romanian company initially tried to manage customer access credentials itself, but this proved too time-consuming and complex. “We wanted to use the latest cloud technologies to simplify our administrative tasks and address concerns regarding data leakage and data loss,” says Filip. “We needed to protect customer data to the highest possible level of confidence, and we’ve achieved that using AWS.”

iTom uses AWS Secrets Manager, which helps protect secrets needed to access applications, services, and IT resources, to secure login credentials for its staff. Using AWS Secrets Manager combined with segregated IAM roles and single sign-on (SSO) services, iTom ensures traceability and prevents unauthorized access of customer data. “Our customers’ access credentials are inaccessible to us at iTom,” says Filip. “This helps us to comply with our terms of service and data protection regulations.”

Using AWS, iTom can take advantage of access-monitoring and auditing capabilities that also increase customer confidence. “Our customers tell us they have better peace of mind knowing we have built our product on AWS,” says Filip. “We can choose from 80 different security access controls, and the FGO platform combined with AWS capabilities can keep advanced logs when any action is performed on data. Our customers always know which user has changed their data and when.”

iTom has increased IT staff productivity through overhauling its internal development processes. Before using AWS, the IT team developed and tested updates on a local server and released updates every few weeks. Now, iTom developers use an automated build and deploy process on GitHub with AWS. They can work simultaneously on up to 10 features or bug fixes, increasing the frequency and speed of pushing secure updates into production.

This continuous development and testing process offers the best experience for its customers because the platform is always up to date and provides the latest features. “We can now raise a new infrastructure, develop and test the new software updates, in an automated manner,” says Filip. “This helps us deliver more functionality to our customers in a secure and tested way and we do that with a very fast pace, every day from Monday to Thursday, covering about 10 new features weekly; in a year we release at least 400 new features which by all standards is huge for a business management platform.”

As the popularity of its FGO platform has grown, iTom wants to ensure the login process is as seamless and fast as possible, and that customers have fast access to frequently used resources. It uses Amazon ElastiCache for Redis, an in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications, to help with these tasks.

iTom can now automate tasks such as assigning invoice numbers when multiple users are simultaneously creating invoices, without having to repeatedly query the database. This means FGO can issue invoices in a few seconds and provide a 98 percent SLA guarantee to execute API calls for most operations within 1-5 seconds.

iTom wants to help small businesses automate all aspects of their operational processes, including invoicing, payment and collection matching processes, and security to protect sensitive customer data. Before using FGO, many businesses printed out invoices and receipts and shared them as unencrypted email attachments, which put private information at risk from theft or loss. Similar scenarios existed with bank account statements that were downloaded in pdf or csv format and sent from the business owner to the accountant via email, compromising the financial information contained in transaction details. All this information is now being read automatically by FGO from the banks and securely sent to accountants without concerns about privacy, or can now be read by FGO via PSD2.

FGO uses Amazon Simple Storage Service (Amazon S3) and Amazon Simple Email Service (Amazon SES), which allow iTom customers to easily send and control access to confidential documents. “Amazon SES keeps all important documents in a secure place in FGO, where only the customer’s accountant has access,” says Filip.

As FGO continues to onboard customers, iTom can easily scale up its resources to meet the increased demand, which includes 100x traffic surges during busy times. Building FGO on Amazon Elastic Compute Cloud (Amazon EC2) provides secure and flexible compute capacity for its workloads. Amazon RDS for SQL Server makes it easy for iTom to continue expanding its customer base.

Future plans include migrating to Amazon Aurora, which is designed for high performance and availability at a global scale. “Our ambitions are no longer held back by our infrastructure,” says Filip. “We have the ability to think big and add new customers and capabilities, while knowing our customer data is always secure.”