Client

Founded in 2013, Zegal is the fastest growing Legal Tech company operating across the Asia Pacific and Europe, with more than 20,000 business users. Today, these users and lawyers across the globe trust Zegal’s software to solve legal problems in an affordable and efficient way. Zegal.com is a legal software solution for businesses and law firms running as a multi-tenant SAAS application.

Challenge

As a start-up growing at breakneck speed, Zegal’s AWS infrastructure and application code was hand provisioned into a single account. This account hosted both development and production environments which created potential security issues since developers needing access to the dev environments could easily get access to production resources as well. Reliability of deployments was also sub-optimal due to the amount of manual work involved. Zegal contacted Airwalk Reply to review and advise on the possible remediation and conduct a thorough review of the application architecture considering the 5 pillars of the AWS Well Architected Framework.

Solution

Airwalk Reply conducted a series of workshops with Zegal’s infrastructure team as part of a discovery exercise. Airwalk Reply also conducted its own review of the account using read-only credentials, with a deep focus on security in-line with best practice.

Following this, Airwalk Reply created a report which advised on the current gaps in the architecture and the steps required to fix them. This included creating separate AWS accounts for development, test, production and audit log environments while using AWS Organisations to ensure there is a single bill at the end of the month.

The segregation of environments ensured that the production applications remained separated from development. Also, by leveraging repeatability of environments, Airwalk Reply helped Zegal to automate the provisioning of resources for disaster recovery testing and to speed the creation of accurate development environment replicas to provide separate work areas for a growing team of developers. Airwalk Reply identified resilience risks in the existing single-master, KOPS-based Kubernetes deployment and helped move Zegal towards the more managed EKS.

Other services were also made AZ-resilient, Airwalk Reply helped Zegal to implement a deployment pipeline to make the deployment of application code to their EKS clusters faster and more reliable.

Airwalk Reply also recommended and implemented CloudTrail for all accounts under the organisation for auditing and troubleshooting, feeding logs into a separate audit log account. The use of MFA was promoted to provide an additional layer of security for all developers and administrators of the accounts. Airwalk Reply provided a secure
password policy and guided the setting up of a phone app based MFA for all users.

Outcome

External validation of Bravura’s solution architecture and security design allowing the commercial teams to structure their multi-year wealth management platform negotiations with confidence, backed by Airwalk Reply’s financial services and cloud expertise.