Migrating to Google Cloud Platform Keeps Payments and Transactions Secure
That’s why we decided to migrate to the cloud. It was the best solution for us with the staff we had and the budget we had at the time.
Published Nov. 19, 2019
Since 2004, YellowPepper has been the leader in mobile financial technology throughout Latin America. Providing payment services in Brazil, Mexico, Colombia, Peru, Ecuador, Bolivia, Dominican Republic, Costa Rica and Trinidad and Tobago, they began their journey by simply sending out SMS messages.
The company has evolved from initially providing standardized text banking solutions to supplying nationwide real-time payment systems with switching and processing capabilities. Headquartered in Miami, YellowPepper also has offices in Sao Paulo, Mexico City, Bogota and Quito.
SMS was a good solution in terms of speed and cost for YellowPepper, but then more banks requested this service, and they transitioned from mobile banking services to hosting and managing a national payment system. YellowPepper struggled with a lean staff and massive growth and knew it had to make a decision. Buying and maintaining more hardware was not an option. This would require the company’s IT staff to handle everything internally; this would simply not be sustainable. It was then that YellowPepper decision makers realized they needed to migrate to the cloud, so they wouldn’t be tied to making the upgrades themselves — because with a limited staff, they absolutely could not afford it.
For six months, the YellowPepper team analyzed everything about making the transition to the cloud, including overall cost, what to do with existing hardware and software, how to implement proper processes — and what certifications were required. It was a challenging decision-making process, but they knew moving to the cloud was the only option.
YellowPepper, however, did not believe it could make the transition alone. Leadership knew they needed a partner to help them. With a recommendation from Google, the company was introduced to Onix, a Premier Partner and a nine-time Partner of the Year award winner.
Google Cloud Platform (GCP), the solution they chose, included a lift and shift for their major applications — and a refactor for less important ones. Based on their current on-premise situation, here’s why the company made that decision.
Security is a big deal to YellowPepper. As an organization handling sensitive credit card information, it’s required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). When making the decision to migrate to the cloud, its team weighed all security options, including how the network works, how load balancing works — and how to access virtual machines. Then they looked at how they could protect the working environment. They determined they could accomplish this by placing a firewall inside those security-sensitive projects, and then moving everything to the firewall where it interfaces with the internet.
Culture was another factor. Having physical servers on-site, employees were instructed not to touch them, keeping them somewhat secure, because it was unlikely that anyone would inadvertently disconnect a cable. But in the cloud, there were different ways to protect their assets, for example if an employee was to delete something important.
YellowPepper decided to separate applications by environment, with each application housed in a different project to limit access. With this structure in place, it created a system for access where an employee can log in to see a project, but does not have permission to alter or remove one, adhering to the compliance process. The team also activated two-step authentication, so if someone looks at a web page, accesses the server or VPN, they will need to go through the verification process. These may seem like inconsequential details, but to remain PCI DSS-compliant, they are giant factors when the company is being audited.
Migrating to GCP was a challenge for YellowPepper. It has a complex mesh because their almost 150 applications talk to the bank, third parties and other clients. If they were to refactor everything, they would have had to employ more people to rebuild from scratch, or to simply reconfigure. Working with Onix, the company decided to isolate its core applications and then start moving each individually in order to reduce waste during the migration. Starting with the low-risk-low-impact clients, the migration team ran a test of each one to see what would happen. Once each application had been successfully migrated, they moved on to the next one. Because YellowPepper was migrating close to 100 servers, this process took four months. Then, they refactored FTPs, SMTPs and other services that were not as important.
Almost immediately after moving to the cloud, YellowPepper noticed huge changes in how its business operated. Previously, a developer would request a server; it would take at least two days to fulfill the request. Now, they can easily and quickly provide developers with virtual machines with Kubernetes clusters. If someone needs a server the next day, it’s done with two clicks, saving hours of lost time.
The Google Cloud Console is also making life easier for the operations team at YellowPepper. They have better access to security details like seeing what components and rules are in place. This is integral for their Latin American clients as well. The lag time between Latin America and North America, where YellowPepper is based, is around 75 milliseconds. If that time is increased, it takes longer for something to appear on a screen.
When YellowPepper moved its servers from on-premise to the Google data center in South Carolina, its team worried about what would happen if the lag time increased. They were pleasantly surprised to learn that the processing in the data center was faster. They ended up reducing the time from 3 - 3.5 seconds to 2 seconds for a result to appear on the screen. This made their clients happy, as they also had better application stability.
After their successful Google Cloud Platform migration, what’s next for the team at YellowPepper?
That next effort is Kubernetes. Their biggest client in Brazil needs a bank solution that has to be a non-CDE environment, and it must hold credit card information. They will be using only Kubernetes for this project, because processing for this type of client can grow rapidly, perhaps ten times in two weeks, as well as experiencing down periods where processing is slower. Using Kubernetes will allow the project to expand and contract as necessary.
“We are more than happy with the migration and that’s why we want to continue doing business with Onix, because of the security and how efficiently they coordinated the project. We plan to use them for additional projects we have planned,” said Diego Mendoza, Head of Operations. “If you are going to migrate to the cloud, then you have to have a partner to help you through the process because they have the tools, experience and the right people to plan and complete the migration.”
Watch fintech company YellowPepper discuss their move to Google Cloud Platform.