Use case

Boosting Performance and Security with Optimized Logging

About the Customer

BrightPay revolutionizes online payment card management with its card-on-file solution, enabling users to effortlessly save and update their payment cards across various online accounts and subscriptions. By centralizing card updates, users can conveniently manage their payment information without leaving their preferred platforms. This seamless integration benefits merchants and banks by providing them enhanced control over the card-on-file process, driving increased card usage, spending, and transaction volume from the outset.

Customer Challenge

BrightPay was facing significant challenges related to its logging and monitoring practices, which negatively impacted both system performance and data security. The inclusion of unnecessary logs, such as the health check ( /status/isAlive) logs, in Grafana Loki led to high memory and CPU usage, affecting the performance of their read services. This issue caused operational inefficiencies and increased costs.

Additionally, unmasked sensitive data, such as PCI and personally identifiable information (PII), was present in both Lambda and application logs, posing a serious security risk. Failure to mask this sensitive information could lead to data breaches, non-compliance with regulatory standards, and reputational damage.

Solution

IAMOPS partnered with BrightPay to revamp their logging and monitoring approach, enhancing system performance and data security.

Optimizing Log Storage:

  • IAMOPS modified the Fluent Bit Docker image to prevent unnecessary logs like health check (/status/isAlive) from being sent to Grafana Loki. This adjustment optimized memory and CPU usage, significantly reducing resource consumption for the read services in Loki.

Data Protection for CloudWatch Logs:

  • A data protection policy was configured for BrightPay’s CloudWatch log group, masking PCI and other sensitive data. This ensured that sensitive information was protected and compliance with regulatory standards was achieved.

Application-Level Log Masking:

  • IAMOPS assisted BrightPay development team with log masking at the application level using .logback.xml for PCI and sensitive data in application logs. This configuration ensured that sensitive information was not exposed, further strengthening BrightPay’s data security posture.

Throughout the project, IAMOPS provided support during both the pre- and post-implementation phases, ensuring a smooth transition to the new logging practices. Regular assessments were conducted to ensure the ongoing success of the solution.

Results & Benefits

BrightPay saw immediate improvements in system performance and data security following the implementation:

  • Log Storage Optimization: A 30% reduction in memory and CPU usage was achieved for Loki’s read services, significantly enhancing system efficiency and reducing operational costs.
  • Improved Application Log Masking: With 99% accuracy in masking sensitive data in application logs, BrightPay ensured that no PII or PCI data was inadvertently exposed, bolstering trust with customers and stakeholders.
  • Enhanced Security: 100% of sensitive data was masked in CloudWatch logs, ensuring compliance with security and privacy regulations, and greatly reducing the risk of data breaches.

About IAMOPS

IAMOPS is a full DevOps suite company that supports technology companies to achieve intense production readiness.

Our mission is to ensure that our clients’ infrastructure and CI/CD pipelines are scalable, mitigate failure points, optimize performance, ensure uptime, and minimize costs.

Our DevOps suite includes DevOps Core, NOC 24/7, FinOps, QA Automation, and DevSecOps to accelerate overall exponential growth.

As an AWS Advanced Tier Partner and Reseller, we focus on two key pillars: Professionalism by adhering to best practices and utilizing advanced technologies, and Customer Experience with responsiveness, availability, clear project management, and transparency to provide an exceptional experience for our clients.

Looking for a dedicated DevOps team?