OSL Ensures Global Compliance by Building Its SaaS Solutions on AWS
2020
By building its SaaS solutions on AWS, OSL ensures compliance with strict global financial standards and 98 percent uptime. OSL provides interoperable brokerage, exchange, custody, and SaaS solutions to professional investors and institutions. The company uses AWS Config to monitor technical compliance, AWS Identity and Access Management for fine-grained access control to its system, and AWS Global Accelerator to optimize SaaS performance for clients abroad.
AWS has the tools to automate many of the tasks required to run our infrastructure, including monitoring, and this helps tremendously in managing compliance and associated costs.”
Eugene Tan, Head of Technology Operations, OSL
Promoting Digital Asset Adoption
OSL is an institutional platform for digital assets that provides interoperable brokerage, exchange, and custody services to professional investors and institutions. OSL’s services can be customized and offered as a package or as standalone software-as-a-service (SaaS) solutions.
As a member company of the BC Group, which is listed on the Hong Kong Stock Exchange, OSL had been operating its services through collocated data centers. However, when it launched its SaaS solutions in 2019, the company required a flexible cloud service provider that would enable it to rapidly go to market and scale on demand. OSL chose to run its SaaS on the Amazon Web Services (AWS) Cloud because of the mature, worldwide presence of AWS and the breadth of modern technology it offers.
“OSL is a leading-edge company in the technology space, and we believe AWS is as well,” says Eugene Tan, head of technology operations at OSL. “We were keen to collaborate with AWS because it shares our innovative and entrepreneurial mindset as well as our commitment to performance, security, and compliance.”
Automating, Monitoring, and Compliance
Automation, auditing, and compliance are at the core of OSL’s business model. The company uses AWS CloudTrail to monitor access activity for auditing and relies on AWS Config to ensure the consistent configuration of its AWS resources.
“AWS has the tools to automate many of the tasks required to run our infrastructure, including monitoring, and this helps tremendously in managing compliance and associated costs,” says Tan. “The agility that comes with such automation enables OSL to quickly and securely onboard SaaS clients. Those who have completed the onboarding process can start operating an exchange or our proprietary OSL Request for Quote SaaS in 30 days or less, in line with our company’s SLA.”
Leveraging Cloud-Native Security Services
As a global operator, OSL ensures the highest security standards for its products. In Hong Kong, it was the first FinTech company to apply for licenses under the Securities and Futures Commission’s new regulatory framework for virtual asset trading platforms, which was publicly announced in November 2019.
The AWS infrastructure used by OSL is compliant with SOC 2 and ISO 27001, which are widely recognized security standards that are part of the criteria for obtaining such licenses from the Securities and Futures Commission. OSL uses various security tools, including AWS Key Management Service (AWS KMS) for encryption and AWS Identity and Access Management (IAM) for fine-grained access control to its system. “We can leverage each of these globally consistent, cloud-native AWS services to improve our overall IT security,” Tan says.
Building CI/CD Pipelines to Spur Innovation
OSL considers its employees to be technical experts and several team members have completed AWS certification courses, with plans for more employees to become certified in the future. Some OSL engineers have also undergone one-on-one courses with AWS Certified Solutions Architects for hands-on lab training when implementing new AWS services.
Currently, every member of the engineering team can independently deploy on the AWS Cloud to quickly bring new features to market. The company’s Know Your Customer (KYC) module, for example, can be safely released every day with a single-click process.
When building its OSL Exchange SaaS, the company recognized the need to accelerate its use of DevOps practices and set up continuous integration/continuous delivery (CI/CD) pipelines. OSL had adopted DevOps methodology but wanted to enrich its capabilities to launch the exchange solution. Engineering teams now regularly consult best-practice CI/CD templates and the AWS online community to validate ideas and new approaches for building and deploying on the AWS Cloud.
Experimentation is a core component of the CI/CD agile methodology, and engineers continuously aim to adopt new products as they are introduced to the AWS catalog. “The pace of innovation at AWS matches our own and allows us to quickly leverage new services at a fraction of the overhead it would cost if we were to build these services on our own,” Tan says.
Maximizing Usage, Minimizing Spend
Tan and the management team regularly engage with their dedicated OSL AWS account representative to explore how they can maximize AWS usage while minimizing total spend. The team takes advantage of Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instances and AWS Savings Plans to control costs as cloud consumption rises with new client onboarding. As Tan attests, if left unattended, infrastructure costs can quickly soar 20–30 percent for a rapidly expanding business.
And “rapidly expanding” accurately describes OSL’s SaaS trajectory. One of its SaaS customers grew from an initial user base of 300,000 to more than a million users in the past six months. OSL uses the AWS Well-Architected Framework and AWS Trusted Advisor to periodically review, fine-tune, and revise its architecture to optimize costs.
Consistent Performance across the Globe
OSL has relied on consistent uptime and platform availability from the AWS global network as its SaaS offering has grown. It is using AWS Global Accelerator to improve SaaS performance for users abroad.
“Customers can access our services, with excellent and reliable service quality, no matter where they are based,” Tan says. “This benefits OSL’s customers and global partners, because they can connect via multiple AWS Availability Zones.” OSL promises an uptime SLA of 98 percent to customers, however, Tan says the internal bar is set higher than that.
Recently, OSL joined the AWS Partner Network (APN) to begin selling its SaaS solutions on the AWS Marketplace. “The future is bright,” Tan said. “Our collaboration with AWS has proven to be reliable and AWS has the best infrastructure to support our rapidly growing global customer segments.”
To learn more, visit aws.amazon.com/global-accelerator.
About OSL
OSL is one of Asia’s leading digital asset platforms for professional and institutional investors. With a presence in Hong Kong, Singapore, and the Americas, OSL offers interoperable exchange, brokerage, and custody services as well as SaaS solutions that are compliant with the highest regional and global security standards.
Benefits of AWS
- Complies with SOC 2 and ISO 27001 standards
- Protects financial data with encryption and access control
- Maintains 98% uptime for SaaS platform
- Automates monitoring and compliance tasks
- Controls costs with architecture reviews
- Encourages experimentation with DevOps and CI/CD approach
- Scales to handle 3x increase in user base in 6 months
Get Started
Companies of all sizes across all industries are transforming their businesses every day using AWS. Contact our experts and start your own AWS Cloud journey today.
AWS Services Used
AWS CloudTrail
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS Identity and Access Management
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
AWS Global Accelerator
AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. It provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances.