Zelo Pay Case Study
"When we started the company we had very demanding PCI compliance challenges to overcome and knew we didn’t have the resources to solve them in-house. We got this expertise from base2Services. Not only did they build a compliant environment very quickly, they also implemented a high degree of automation to maintain continuous compliance"Robert Owens, Chief Solutions Officer & Co-Founder
A bit about Zelo Pay
Zelo Pay is a B2B early payments platform that aims to take the headache out of getting paid on time while increasing earnings and creating immediate cash flow and administrative relief for its customers.
Zelo’s cloud-native SaaS offering provides an easy-to-configure payment platform that enables businesses to create a digital wallet, configure invoice automation, add supplier profiles and automate and incentivize early payments, as well as many other payment capabilities.
The Fintech start up relies on Amazon Web Services (AWS) to ensure their software can be deployed and used anywhere, by anyone, on any device.
What Zelo Pay needed
Any SaaS application that deals in finance needs to be reliable, relevant, and above all else, secure.
As a payment platform, Zelo has to comply with the Payment Card Industry Data Security Standard (PCI DSS), a global information security standard for companies dealing with major credit cards. Achieving this compliance requires Zelo to have highly secure, regularly monitored systems and networks that enforce vigorous access controls.
Zelo knew it wanted to deploy on AWS, but it lacked the technical resources to meet production readiness and its explicit cloud goals with certainty. They needed to add cloud platform and security expertise to the team to let developers focus on product functionality but without incurring significant costs for hiring new engineers so that they could:
- Ensure its rigorous PCI DSS security requirements could be met in a highly scalable and available environment
- Take its Kubernetes application deployment workflow from on-prem into the cloud
- Implement DevOps processes, pipelines and automation leveraging AWS
- Accelerate time to market
- Receive ongoing management of the environment
By teaming up with base2Services, Zelo gained a partner who extended their team with expertise spanning the AWS platform and that provides ongoing cloud, security, DevOps and automation support as the business grows.
How base2Services delivered
From the beginning of Zelo’s journey, base2Services has been the partner of choice. The collaboration ensures that each of Zelo’s security, compliance, deployment and quality assurance goals are met, and that the company has a trusted partner to continuously manage their cloud security and DevOps automation as they grow.
Zelo Pay’s most immediate concern was rapidly achieving and continuously maintaining PCI DSS compliance so they can do business using the services of major global card brands like Visa, Mastercard and American Express.
As part of Zelo’s DevOps as a Service plan, base2Services architected a secure and highly automated cloud dev, test and production environment that was PCI compliant using multiple AWS services in conjunction with base2Services’s open source software and tools. More specifically:
- base2Services built Zelo a managed Amazon Elastic Kubernetes Services (EKS) platform and the pipelines to build and deploy their applications into it. The containerized workloads enable clustered security, high availability and quick access to new updates from AWS. The environment also makes it easy for Zelo to build and deploy microservices to Kubernetes, providing them with a production-ready Platform-as-a-Service to build applications and microservices on top of.
- As another major requirement for Zelo Pay was to be able to continuously integrate and continuously deploy their software to the cloud, base2Services implemented a Jenkins CI/CD automated pipeline to Zelo’s Elastic Kubernetes Services through which their software is developed, updated, tested and committed to production securely and without error.
This service also makes use of base2Services’ extensive Jenkins shared library functions. The workflow ensures that nothing reaches the production environments without administrator approval and without being tested first.
- Several AWS managed cloud security services were also orchestrated and automated by base2Services to meet the Fintech start up’s PCI DSS requirements. This included the design of Amazon’s GuardDuty, AWS Cloudtrail, AWS Key Management Service (KMS), Amazon CloudWatch and AWS WAF cloud security services into a configured, coordinated suite of controls that manages intrusion detection; governance, compliance and auditing; encryption; monitoring and alerting; and frontline attack prevention.
These AWS configurations are complemented by base2Services’ proven applications and tools for source code version control, database backups and other dev-essential automation tools, as well as a key PCI DSS intrusion detection system, OSSEC.
Introducing the underlying systems and policies to achieve compliance is complicated, time consuming and expensive for companies that do not already have explicit IaaS technical skills in-house.
Having base2Services’ as a partner for AWS cloud deployment, management and security means Zelo Pay is able to maintain continuous PCI DSS compliance, gain access to the latest cloud services and make big savings by not having to hire new IaaS technicians or divert the focus of existing staff.
The innovations base2Services has brought to the partnership enable Zelo Pay to do business securely and rapidly. As an extension of Zelo’s team, base2Services designs and manages the cloud and security infrastructure in direct collaboration with Zelo’s engineers. As part of DevOps as a Service, base2Services will continuously enhance the delivered solution, provide new capabilities as Zelo’s needs change, and provide global 24/7 support across the whole environment.
See the impressive results
- Built and implemented a PCI DSS compliant environment 3x faster than if done on their own
- Fully operational AWS Elastic Kubernetes Service along with CI/CD pipelines to enable faster time to market
- Partnership replaces need to hire 2 full-time cloud engineers, providing savings of ≥$200,000 a year
- Cloud cost savings of 53% on dev and test environments due to base2Services’ flexible AWS spot instances configuration
- Enabled them to go from ideation to a customer-facing product (production) in less than 3 months
- PCI DSS Compliant Environment Built 3x Faster
- $200,000 Savings in Staffing Costs
- 53% Cost Reduction for Dev/Test Environment
"In starting a business it’s important we work with people who believe in what we believe in. Strong relationships and cooperation are crucial and we have that, at every level, with base2. They believe in our business and embrace what we are trying to achieve."Charles Wong, CEO & Co-Founder