How to build a secure & scalable Fintech platform in a fast paced environment!
If it is 2am and you're reading this blog, you are a true techie!!
Welcome to the “All About Tech” blog series where we will share our experience of building a revolutionary fintech trading platform.
When we started with our mission to provide instant non-dilutive growth capital to the companies with predictable recurring revenue, the first problem that came to us was how fast can we build the trading platform that will be the powerhouse for our Subscription based Financing services. At the same time, we had to deliberate about building a secure application architecture as our system will have to deal with multiple financial complexities and data sources. We were also worried about how quickly we scale and how seamless that process would be.
We started discussing, reading about successful tech organisations and spent a considerable amount of time on how efficiently and effectively we can put answers to the questions dwelling upon us.
After healthy and enriching brainstorming sessions, we were able to bring to life the core foundation of our engineering the 3S: “Speed, Security and Scale”. While identifying the core foundation was not an easy task, the bigger challenge was laying out the team structure and processes over these principles.
One of the easiest metrics to track but equally difficult to implement. Few key steps that we took into consideration while building an agile development culture were as follows:
- Adapting the Scrum process from Day 1 - In the nimble footed startup world, the only way to outspeed the business plans is to organise the way our engineering team works. The Scrum framework is a powerful tool to build agility and is highly recommended for adoption from Day 1. We adapted the Sprint rituals a few months later into our journey and have clearly seen improvement in our velocity. To solve for ad hoc but high priority problems, we always had planned some bandwidth during every sprint..
- Don’t reinvent the same wheel - Leverage technologies and frameworks for already solved problems and utilise this bandwidth to solve core business problems.
- Design configurable applications - Iterating fast and rebuilding MVPs are important for a successful startup, so we need to design our applications in such a way that they can be easily destroyed and rebuilt.
- Focus on Developers Productivity - Develop a robust core framework and coding guidelines, automate your build and testing process. This helps our developers focus completely on the features they are building.
- Choose between Managed & Self-managed Services wisely - While managing everything through your cloud service provider can be a costly affair, managing all services on your own will eat up your bandwidth and impact the system's reliability. Based on your team’s skill set and criticality of the service, the services should be subdivided.
In a Fintech Company, evaluating financial eligibility and performance of the companies, one will have to deal with confidential financial data. Thus, security becomes the most essential aspect to be considered in your architecture.From infrastructure to data, we need to ensure that we are applying the right set of principles for security.
- Develop a Secure Auth framework - Who can access your application & what can they access are 2 principles that help in securing Data in motion. Building a common auth framework is very important which sometimes we realise later and it then requires a month long project to build a robust authentication mechanism.
- Secure Your Business Critical Data - Don’t secure data because of any regulations, secure data by putting yourself in the user's shoes and what would have been your reaction has the data leaked. Follow practices like (not limited to) controlled user access, data encryption, data transmission over VPN to secure user data.
- Adapt InfoSec practices in early days - Adapting InfoSec policies from early days can help organisations develop a secure product without compromising on agility. Implementing GitLeaks/Synk for SAST, running VAPTs on quarterly basis, adding automation tests for Security testing are some of the ways that helped us to build secure coding practices.
- Build a secure deployment architecture - Virtual clouds have made our lives easier by giving most of the infrastructure components as service. Publicly accessible S3 buckets, no data encryption, allowing HTTP traffic, exposing databases and APIs in public VPCs are some of the most common mistakes we make. Also, changing the application architecture of a deployed application is not easy. Therefore pay special attention to building a secure deployment environment and protecting your critical infrastructure under private VPCs.
Engineering mindset crunches existing user data to plan for scalability of the new application that we develop. In a startup environment, the user scales to 30-40x in no time. Hence the usual formula for scaling wouldn’t work and we need to devise our application for the best scenario after 2 years.
- Never leave a latency problem unheard - Slow DB queries, too many API calls, no caching at CDN are few common mistakes we make while setting up our application. Install a framework like NewRelic to understand your application latency and always keep a tap on your application’s latency. Solving latency problems after a while can require a lot of refactoring, design changes. Therefore we advise to solve the latency problem as it occurs even for 1 user.
- Design your database interactions carefully - Scaling of your application is directly proportional to performance of your database queries. Complex read queries, multiple DB updates, designing DB model basis frontend needs can put you in a problem when you operate at scale. Design your database model very carefully and do a lot of brainstorming before finalising the schema.
- Focus on High Quality & Lean Coding Principles - Writing if-else for each condition, duplicating code for extending same functionalities, pushing code without code reviews are some habits that cost you at scale. An exhaustive coding guidelines along with thorough code reviews can help us build systems that don’t break at scale. Using best practices of a coding language helps you write lean and high quality code. As a developer, put your quality stamp on your code commit. Feel bad for the bug you introduced even when no one is looking at you.
- Design your microservice architecture - It is acceptable to build a monolithic service when developing the MVP for your product.
As soon as you realise that the concept is working, break it down into microservices basis separation of concerns. Neither building too many microservices nor putting everything together in a monolithic architecture is an art. This art can be mastered after thorough reading of microservice concepts, brainstorming & challenging your architecture and adapting best practices from the best-in class organisations.
We touched upon the concepts very briefly and the idea of this discussion was to help our fellow engineers avoid some common mistakes while building for a fintech startup. In the next series of our tech blogs (“All About Tech”), we will discuss more in depth about engineering and will talk about some of the interesting engineering problems we solved.