Horangi Warden helps Wallex improve their security game.
Operating out of Singapore and Indonesia, Wallex Technologies Pte. Ltd. provides B2B forex cross-border payments solutions for businesses. Wallex offers SMEs a single platform for all their international payments, transactional FX, collections, and other services in 40+ currencies and in 180 countries around the world.
In order for Wallex to fulfil their mission of offering financial solutions to help SMEs focus on growing their business, Wallex needs to have a secure cloud infrastructure while needing to comply with a number of financial regulations set by local regulators such as MAS, and that is what Andrew Marchen, CTO at Wallex, looked to Horangi Warden to help him improve their security posture while achieving compliance.
The Business Challenge
Andrew leads the IT team, which is responsible for Wallex’s cybersecurity as well as managing their cloud infrastructure on Amazon Web Services (AWS). His team needs to ensure that the internal and external security operations are secure, while making sure that customer transactions are secure and compliant with the various compliance frameworks that apply to a financial institution such as Wallex.
Specifically in Singapore, Wallex is governed by the Payment Services Act and regulations set by the Monetary Authority of Singapore (MAS), including MAS Technology Risk Management (MAS-TRM) guidelines and MAS Cyber Hygiene notices.
Even though they have a strong internal IT and tech team, Andrew notes that they can always get an extra hand from an external partner who specialises in cybersecurity. That is why they reached out to potential vendors to partner with, to help them improve their security and achieve compliance.
Why Horangi and Warden
In 2019, Wallex was looking at cybersecurity vendors to partner with. High on their list was to work with trusted vendors who actually understood their problem and those who can help them solve these problems. While looking at cybersecurity services, he saw that Horangi offered a Cloud Security Posture Management (CSPM) tool in Horangi Warden and noticed that this might help his team improve the security of Wallex’s cloud infrastructure while helping them achieve compliance under MAS Cyber Hygiene and MAS-TRM.
As part of the demo, the Horangi team helped Andrew to integrate his company’s AWS account with Warden. Once integrated, Andrew saw that Warden was able to scan Wallex’s AWS environment to see what issues they have with their account configuration in terms of security and potential misconfiguration risks. The demo also showed him how Warden could help with compliance, specifically how these issues in their AWS environment map against their MAS compliance requirements.
In terms of remediation Horangi Warden provided Andrew’s team steps on how to fix and remediate these security and compliance issues. Andrew noted that once these issues were identified, his team was able to execute their own fixes with step-by-step instructions from the Warden platform itself. “We didn’t need to engage another third party security vendor to remediate these issues, which is helpful,” he added.
When Wallex started with AWS two years ago, his team leveraged AWS Lambda in line with the latest development around serverless. After his demo scan with Horangi Warden, the scan helped identify some problems that he could fix to improve Wallex’s security posture.
With their AWS Account integrated with Warden, Wallex runs Horangi Warden on a daily basis to improve the security posture and to check for any cloud misconfiguration on their AWS account. This allows Andrew to improve Wallex’s security posture. He said,
In terms of product development, Wallex has now added a check on Warden as part of their developer standard of practice for the product development process. “Our developers will check on Warden while they develop the product so new features are secure,” said Andrew.
In addition to their production environment, Warden also continuously monitors their development and testing environments for any issues, which allows the engineers to identify issues before pushing any new features live. This enables Wallex to manage risk and ensure that their product development process is completely secure. Andrew noted: “Warden helps our tech team maintain a secure environment by following AWS best practices more easily, while letting the developers be creative”.
Compliance with Warden
One of the big reasons for Andrew and Wallex to go ahead with their decision to purchase was how Horangi Warden can help them with compliance. Warden maps its checks from a client’s AWS environment against compliance frameworks such as MAS-TRM and Cyber Hygiene, which then helps highlight any compliance violations. Andrew said, “Horangi has spent a lot of time going through association and mapping to compliance standards, including MAS compliance.”
Warden has become a tool that helps them get compliant. “It was useful to allow us to export a checklist specifically for MAS-TRM and MAS Cyber Hygiene and that helped us identify the issues to achieve compliance,” added Andrew.
Another best practice that Andrew will be looking at his team for the future is to ensure compliance under the AWS Well-Architected Framework. Another framework that is mapped and supported by Warden, Andrew will be using the Warden in the future to ensure compliance with AWS Well-Architected Framework to ensure that their workload is built using architectural best practices.
The Horangi Experience
Andrew noted that during the buying process, implementation phase and even the post-sale, his team received excellent service from his dedicated Horangi Customer Success Manager. Andrew said, “Normally when you buy a product, you buy it as is, and it just becomes a Q&A with the vendor’s support team. But Horangi takes a proactive initiative to support us to ensure success for our goals as well as to come up with a project success plan for Warden.”
As part of the implementation, Andrew mentioned that his Horangi Customer Success Manager came up with a project plan that aligns with his business goals, while helping them prioritise on the issues to focus on to achieve a better cloud security posture, achieve compliance faster, and maximise the value of buying the product.
In addition, he was surprised at how the feedback he gave to improve the product was actually implemented as a product enhancement. His team wanted the ability to see the changes to their rules and resources, and he provided that feedback to his Horangi Customer Success Manager. Horangi saw the value of this and launched “Change History”, which records the changes to rules and resources over a period of time. Now his team could see the changes to their account’s rules and resources over a period of time, including new issues and when past issues have been resolved. “Normally when you provide product feedback, you normally don’t hear about it. I was surprised to find out that the Horangi team listened and implemented my suggestion as a product enhancement! Customer-centric is a value that I truly see from Horangi,” said Andrew.
As a testament to his great customer experience with Horangi and Warden, Andrew and Wallex will be assessing Horangi for their future cybersecurity services needs.
His final note was that he would recommend Horangi Warden to all FIs and fintech startups around Southeast Asia who have to comply with financial regulations such as Singapore’s MAS requirements, or even Malaysia’s Bank Negara Malaysia Risk Management in Technology (BNM-RMIT) requirements to help these companies achieve compliance.