Security Assessment for German fintech

We helped a fast-growing German fintech to identify potential vulnerabilities in their cloud environment. This assessment strengthened their security posture, ensuring the safety of their sensitive data.

Finance
Banking
FinTech
AWS
Security Assessment for German fintech

About the company

German SME that provides financial services for African credit unions.

No. of Credit Unions
200+
No. of clients
200K
Accounts managed
400K

The challenge

As any startup, there have been many things implemented and put in-place under time-pressure. During this period of a business, they usually put security a little bit behind on the priority list. Even though the company felt they have room to improve their security posture, they didn't have the necessary competencies to effectively carry out an assessment like this and that's where they asked us to help with it.

Solution

We did the security assessment on the client's AWS cloud account which we conducted over the span of a couple of days and found several things where their security posture could be improved.

Overall, we classified the findings into 4 severity classes:

  • Critical
  • High
  • Medium
  • Low

The Critical issues were like open ports for some services, IAM improvements and so on. The High category included issues like expired certificates, privilege escalation possibilities and many more.

We suggested the client to tackle the findings systematically and only focus on Criticals and Highs first. That closes down the majority of their vulnerabilities for good and improves their security posture tremendously.

"They've been a joy to work with so far. They are enthusiastic and knowledgeable in developmental expertise. They respond very well to constructive criticism and have delivered consistent results within the budget."
Avatar for Spencer Bray
Spencer Bray
Head of Engineering @ Financial Services Company
5.0Logo

Results

Overall we identified 1000+ issues on the client's AWS infrastructure across the 4 categories. That number might seem like a lot but it's quite normal for a startup.

The client has also asked us to help with improving their security posture based on the assessment we've done for them. The majority of the issues have already been solved in a matter of weeks.

Our customers are already growing their businesses in the cloud.
Now it's time for you.