VinID – Cloud Comrade – Cloud Solutions on AWS, GCP, MS Azure, and Alibaba Cloud

Google Cloud Results:

Stores their secrets and other sensitive data in a highly secured vault
Provides the team with hassle-free day-to-day operations
Deploys Hashicorp Vault on Google Cloud Platform with zero downtime and minimal cost

About VinID

VinID originated as the Vietnam largest loyalty program of Vingroup. VinID follows the model of a Fintech company to become an online ecosystem, focus on customers’ behaviour and experience, develop technology as a foundation. With the mission of building a world-class modern application, serving all needs of Vietnamese, VinID application brings magnificent experiences to customers.

In January 2019, VinID cooperated with VinMart to launch Scan&Go, allowing users to purchase through multi-channels and pay-on-app via e-wallet. Along with the launching of e-wallet, VinID will not only support daily shopping and become a convenient payment tool but also apply technology to improve financial activities.

The challenge

VinID was looking for a secure, store, and tightly controlled access to tokens, passwords, certificates, encryption keys to protect their infrastructure secrets and other sensitive data in the Google Cloud Platform.

Solution

Cloud Comrade worked very closely with Google and the Hashicorp team in coming up with a solution. Cloud Comrade proposed 3 environments – a staging, production, and disaster recovery with automated failover. Cloud Comrade assisted VinID in the Hashicorp deployment. As a Premier Partner of GCP, Cloud Comrade offered assurance to deploy Hashicorp Vault on the Google Cloud Platform with zero downtime and minimal cost.

The entire solution was automated using terraform scripts and some of the key features of the implementation is that the Vault cluster was deployed in high availability mode with the secrets data transferred and stored in Google Cloud Storage. With the data transfer services, VinID can schedule incremental syncs to enable disaster recovery for apps, to meet your recovery goals.

“The encrypted storage backend and the authentication method for user access provided the operations team with hassle-free day to day operations,” says Pham Anh Liem, Head of Cyber Security at VinID

The Vault cluster was provisioned in its own VM’s in a dedicated GCP project that is provisioned dynamically at runtime.

Results

Cloud Comrade along with Google Cloud and Hashicorp ensured that the solution was implemented in high availability and highly secured mode. The encrypted storage backend authentication method for users provided the operations team with hassle-free day to day operations. Now with the transformation in place, the VinID is able to store their secrets and other sensitive data in a highly secured vault.

The Project started in May 2020 and went live on June 2020