PayNearBy Built up a Highly Secure & Reliable Solution to Keep Their Data Safe & Secure

Incepted in April 2016, Nearby Technologies is a fintech company offering financial/non-financial services to the underbanked and unbanked segments. Nearby Technologies works on a B2B2C model through its various brands – PayNearby, Insure Nearby, BuyNearby, and a few more. PayNearby empowers retailers at the first mile to offer digital services to local communities, thereby boosting financial inclusion in India. Retailer services focus on Aadhaar based banking services, Domestic Remittances, Bill Payments, Card Payments, and insurance services.

PayNearBy, here after referred to as “Customer”.

Customer did the contingency planning for their business along with various operations required for their business & came up with multiple action items internally.

One of the action items was to build a VDI solutions for their internal users so that they should be able to work on their projects in case of any major issue.

Below were the requirements from the customer:

• A highly secure and reliable solution which would keep their data safe & secure from any theft or loss.
• Secure connectivity & access to applications/data deployed in the customer’s own data center.
• User authentication using their centralized identity management system in place at customer’s own data center to track & manage access smoothly.
• The solution should also serve as a contingency plan for their business continuity, in case their premises are not accessible due to some unavoidable reasons.

Our AWS Certified Solutions Architects conducted detailed workshop sessions with the customer to understand their existing setup, challenges, and requirements. In the discovery, we also captured the licensing and software requirements for remote users.

Following the solution, the approach was proposed and implemented with best practices and business continuity principles, and then migrated their production workload to AWS.

1. AWS Workspaces were proposed, as it is a highly reliable managed service and would have minimal operational overhead.
2. A separate network with a combination of VPC/Subnets was created as per the best practices.
3. All the workspaces were launched in private subnet & endpoint accessible through the internet.
4. AWS & Customer Data Centre was connected using AWS site to site VPN tunnel for establishing connectivity required between AWS Workspaces & On-Prem Data/applications.
5. The workspaces were integrated with ON-Prem Active directory for authentication with the AD connector.
6. Workspaces were also hardened according to the requirement of the customer.
7. Office & Anti-Virus packages were provided by the customer & included in the image to launch Workspaces.
8. Installation packages for other agent-based software required were also included in the image.
9. All traffic from the internet has been routed through the site-to-site VPN tunnel to access the internet and applications.
10. Restricted policies applied to prevent any data movement between AWS Workspaces & User machine.
11. Both web-based and client-based applications were configured as part of this setup.
12. AWS CloudTrail will be configured for tracking the API Calls.
13. AWS CloudWatch was configured for monitoring various matrices of the setup.