Creating a Five-Layer Defense Strategy Using AWS Shield Advanced with Voatz

The election startup began as a bold experiment that was aimed at developing an innovative voting system, which later became a viable solution for real-world elections. Brothers Nimit and Simer Sawhney developed the solution at a hackathon competition that was focused on futuristic architecture. “Growing up in India in the 1980s and having experienced some unfortunate events, we wanted to build a system to prevent voter coercion in extreme scenarios,” says Nimit Sawhney, cofounder and CEO at Voatz.

The brothers won the competition and founded Voatz. Within 1 year, Voatz began using AWS after participating in an accelerator program. Voatz’s first election involved 20 US voters, and as the startup expanded, it began using AWS regional hosting and subaccounts to meet data residency laws. Voatz then expanded its voting solution internationally to be used in Canada. On its AWS architecture, it could continue managing compliance details and different election protocols across jurisdictions.

In 2023, Voatz won the bid to provide the first online voting solution for overseas Mexican citizens who want to vote in the 2024 federal elections. After the company created the system to support Mexico’s 10 million overseas voters, officials requested a contingency plan in case security concerns interrupted in-person voting. As scalability, security, and optimization needs grew, AWS became a bigger part of Voatz’s infrastructure. “The challenge was achieving constant security in this high-stakes space with multiple layers of protection,” says Sawhney. “We used AWS to optimize and scale our solution to be used by 100 million people.”

Voatz used AWS to create a five-layer defense strategy for its voting solution so that no single point of failure could bring the system down. The first line of defense involved Lambda@Edge, a feature of Amazon CloudFront, which securely delivers content with low latency and high transfer speeds. The company also adopted AWS Shield Advanced, which provides additional detection and mitigation against large and sophisticated distributed denial of service (DDoS) events. By detecting and blocking evolving threats that might bypass the outermost defenses, Voatz was able to run a full-scale DDoS simulation without disrupting the system.

Voatz also hosts application-level infrastructure defense on AWS serverless services. The company runs its Linux servers on Amazon Elastic Compute Cloud (Amazon EC2)—which provides secure and resizable compute capacity for virtually any workload—with over 750 instances. Protections include applying encryption to sensitive voter data files, which is supported by AWS Key Management Service (AWS KMS) to create and control the keys used to encrypt or digitally sign data. Furthermore, Voatz uses biometric login, multi-factor authentication, captchas, and heuristic checks, in addition to identity verification, before election days.

Using AWS encryption services, Voatz adopted a verifiability protocol so that each voter could verify cryptographically and mathematically that their vote had been counted. Voatz used Amazon Simple Queue Service (Amazon SQS), a fully managed message-queuing service, to handle the encrypted data. “Ahead of the election, we hadn’t used Amazon SQS to improve the performance of ballot encryption and tabulation,” says Sawhney. “But the documentation was incredibly clear, and we were able to implement it within a couple of months without needing a major re-architecture of our core solution.”

Following its defense-in-depth strategy and using the combination of AWS services, Voatz detected and mitigated 28 million malicious actions—including a 50 Gbps DDoS attempt—throughout the federal elections. The company also used queuing architecture to reduce vote-tallying time from 18 hours to 21 minutes, helping process encrypted data at a national scale. Moreover, Voatz can maintain its full functionality while saving 80 percent on costs. “Elections don’t happen frequently,” says Sawhney. “Traditional infrastructure incurs costs all year round, but using AWS scalable infrastructure, we pay for resources only when we need them.”

In Mexico’s 2024 federal election, the turnout of overseas voters increased by more than 50 percent compared with the previous federal election, and Mexico elected its first female president. Now, Voatz is focused on automating more of the process for handling paper ballots, which still make up the majority of voting. “Mail-in ballots often arrive mutilated and need to be manually reproduced, which is hugely time-consuming,” says Sawhney. Election officials can save up to 80 percent of ballot correction time by implementing Amazon Rekognition, which companies use to automate and lower the cost of image recognition and video analysis with machine learning.

“It’s simple to scale our solution using AWS,” says Sawhney. “Having the expertise of the AWS team was invaluable in setting up the right parameters.”