Aqua Secures the “Entrepreneur Economy” at Neat Commerce

Neat, headquartered in Hong Kong, is a fintech company that provides secure payment capabilities for international entrepreneurs. With Neat, you can send and receive money from around the world. You can also stay in control of your spending and manage your corporate cards online. Neat believes in making international business a reality for entrepreneurs around the world.

Cloud native from the start, Neat understood the benefits of introducing agile processes for software development and delivery. When it initially launched, Neat was just using AWS for hosting its applications. As its needs and business requirements grew, Neat expanded its cloud native expertise. This included using microservices and containers to build and deploy applications and Kubernetes for improved management and scalability.

As a financial technology (Fintech) scaleup business, Neat provides multi-currency wallets and corporate cards for small and medium-sized enterprises. But as you’d expect in a highly regulated financial business, its corporate card application requires Payment Card Industry Data Security Standard (PCI DSS) compliance.

“Meeting all policies and controls required for PCI DSS was our highest priority.”

Jack Lau, Software Architect, Neat

This presented an immediate challenge for Jack Lau, software architect at Neat, as PCI DSS regulations applied not only to Neat’s containerized apps, but also included VMs — so finding one solution to cover containers, Linux VMs, and Windows VMs was a bit of daunting task. To make the challenge even bigger, Neat also needed security that could seamlessly work within its existing development pipeline using registries, CI/CD tools, and collaboration tools such as GitHub, CircleCI, AWS ECR, Argo CD, and AWS EKS.

The team at Neat began its search for a security solution by looking into Aqua, as well as a couple of other high-profile competitors. Each company seemed to provide the requisite tools and services that Neat needed, but it quickly became clear that Aqua Security was the only one that met all of its needs. Aqua provided a solution to secure applications from development to deployment — and at any scale. But most importantly, the Aqua platform could protect Neat’s entire stack across VMs and containers to satisfy PCI DSS requirements.

With installation help by Aqua’s local distributor Systex Information (HK) Ltd., the complete installation took around one month. Neat appreciated the combined efforts of Aqua support and Systex to resolve any open issues quickly. As a result, the team at Neat was able to deploy Aqua in its CI/CD to secure container and VM development and production environments — and is now used to support three full development teams and six discrete applications.

Neat apply Aqua’s vulnerability scanning to detect vulnerabilities in its images, reduce its attack surface, and find embedded secrets during the development cycle. Neat also appreciate using Aqua’s runtime policy feature — using a policy-driven approach and granular controls ensure that its applications are deployment-ready without delaying delivery. The solution from Aqua also enforces the immutability of Neat’s applications in runtime, establishes zero-trust networking, as well as detecting and stopping suspicious activities — including zero-day attacks.

As Neat’s applications handle financial data, it is, of course, regularly subject to audits for compliance using PCI DSS security standards. Now, Neat routinely leverages the Aqua solution to positively validate and prove its customer data protection capabilities.

“After a successful roll-out, we’re now planning on adding Aqua Security to other non-PCI related areas of our business.”

Jack Lau, Software Architect, Neat

Aqua provides a detailed level of control and visibility to keep track of applications from the early stages of development to production. Since successfully deploying Aqua for PCI DSS compliance, the security team at Neat plans to institute additional compliance checks in its CI/CD pipeline and expand Aqua coverage to all other non-PCI scope applications.

Aqua enables Neat Commerce to:

• Embed security and compliance checks early in the development cycle
• Gain visibility into the security posture of applications from development to production
• Scan container images in the CI/CD pipeline and registries for known vulnerabilities
• Enable application development on containers, as well as Linux and Windows VMs
• Ensure control over deployed applications with drift prevention
• Deliver auditors detailed data for PCI DSS compliance
• Satisfy the demands of internal and external stakeholders