Scorpion Five Technologies logo featuring a stylized geometric scorpion in shades of green above the company name, with “SCORPION FIVE” in bold dark green uppercase letters and “TECHNOLOGIES” below in bright lime green.
Get in Touch

clever–tenacious–precise

Client Success Story
Featuring
Alessa Inc. logo - a modern design representing a company specializing in anti-money laundering software that is a client of Scorpion Five Technologies.

Legacy System Modernization: Empowering Multi-Tenant SaaS Architecture Development at Alessa

How Scorpion Five Technologies (S5T) helped modernize Alessa’s cloud distributed systems engineering approaches to increase profitability, technical capabilities, and drive customer value to new heights

Quick Stats

  • 1

    Comprehensive Analysis of Infrastructure as Code approach to harden systems an increase cloud infrastructure automation capabilities

  • 2

    New security technologies to facilitate multitenant isolation and security: implicit deny service meshes, Kubernetes Pod admission policy enforcement

  • 1

    Extensible mono repo capable of supporting localized development of several dependent microservices that closely simulates the target architecture to spot security violations in dev

  • 100%

    Empowerment of senior developers to architect and develop efficient, powerful, and secure multitenant containerized systems orchestrated by Kubernetes

We recently engaged Scorpion Five Technologies to support our team at Alessa on our journey to modernize our cloud operations and elevate our cloud‐engineering practices, and the experience has been outstanding.

From the outset, S5T brought exactly the kind of expertise and insight you hope for when embarking on a multi-phase cloud transformation. For organizations on a similar path, looking to modernize their cloud infrastructure, strengthen cloud ops, and build internal, I would recommend Scorpion Five Technologies. Their balanced combination of technical depth, business acumen, and enablement mindset makes them a strong partner for this kind of journey.

Modernizing cloud operations is never trivial, especially in an organization with a mix of legacy, advanced, regulatory demands, and growth ambitions. S5T provided the right mix of guidance, hands-on delivery, and internal team enablement that made this effort successful.

Holly Sais Phillippi

CEO, Alessa

The Challenge

Alessa’s advanced Anti-Money Laundering (AML) Compliance software empowers its customers with a comprehensive 360-degree view of client risk, covering everything from identity verification, to watchlist, sanction, and transaction monitoring.

Alessa SaaS services provide AML compliance support to a wide range of industries, including banks, casinos, FinTech firms, insurance companies, crypto, and much more.

Like most modern SaaS providers, Alessa must fight several tech battles at once. Cloud infrastructure has brought just as much cost increase as it has capability enhancements and cyber threats grow more intense with every passing day. What’s more, the needs of Alessa’s clients for advanced AML compliance capabilities have also increased dramatically, as money laundering schemes have exponentially advanced in technological sophistication.

⚠️ Key Obstacles

Despite the power and sophistication of Alessa products’ internal business logic, the architecture that supports that logic was built during a pre-cloud era and then later adapted to the cloud. In that era of development, monolithic architectures were the norm, as the benefits of shared resources provided by containerization and microservices architectures did not yet outweigh the costs of developing them for at least most systems and applications.

Furthermore, it is exceptionally difficult at an organizational level to support rearchitecting a system that customers are not only using, but who are employing the capabilities at a large scale. The senior developers and systems admins that deeply understand the product simply have their hands full. The moment you try to divert your attention to architecting the next generation system, the legacy system pulls your attention right back.

Alessa needed a way to architect a new multitenant system that could share resources, while still providing exceptional service to existing customers and keeping up with their growing AML demands.

Our Solution

Driven by a commitment to innovation and future-ready technology for their clients, Alessa engineers had already made valiant efforts to modernize their systems and work towards multitenancy. Despite the difficulty of doing so, progress was being made. Alessa engineers are hardy and tenacious, but they needed more hands. That’s where S5T comes in.

What We Delivered

  • ☁️

    Cloud Engineering

    Using our experience engineering hyper-secure cloud systems deployed using automated provisioning and configuration management techniques, like Infrastructure as Code (IaC) and Configuration as Code (CaC), S5T provided Alessa with:

    • A comprehensive cybersecurity review of their existing IaC code
    • A roadmap to increasing the cybersecurity posture of their existing code, complete with exact technical steps to take
    • System modeling for an improved "version 2" of their automated cloud infrastructure that increases stability and security, decreases complexity, and decreases hosting costs
    • A greater understanding of how to achieve multitenant, multi-cluster, containerized architecture with a global footprint using fully open-source Kubernetes container orchestration technologies
  • 💾

    Legacy System Modernization

    Alessa's business logic is robust and well developed, and only suffers from being monolithic in nature. Therefore the consult we provided was:

    • Focus on a refactor approach over a rewrite
    • Modularize the code under the auspices of SOLID software principals to better-prepare for containerization
    • Design interfaces for the modularized capabilities such that consumers of a module enjoy abstraction from the inner workings of a given module, better-preparing individual capabilities to function as microservices
    • Dispense with the notion that replacing an existing piece of aged architecture with a slightly newer version of the same thing constitutes a modernization—e.g., simply migrating an application from using an old on-premise database engine to a newer engine available in the cloud is not cloud modernization, it's procrastination

  • Microservice Development

    Alessa engineers were certainly not ignorant of microservice development, and had already managed to develop a few key services for their new architecture. S5T simply empowered them further by creating a model system in a mono repo for their inspection in a fully-local environment that demonstrated how to:

    • Establish a universal, programming language agnostic, data contract between services using Protobuf and gRPC
    • Deploy stateless applications using high availability (HA) paradigms to support robustness, service availability, and rolling updates that avoid service interruption
    •  Perform asynchronous, multistep calculations that employ design patterns such as the Operator Pattern, the Sidecar Pattern, and the Workflow of Workflow pattern
  • 🔐

    Multitenant Cybersecurity Hardening

    The most important aspect of the work S5T has done to empower Alessa engineers is that of multitenant hardening.

    Although the resource sharing provided by containerization and Kubernetes-based container orchestration dramatically reduces cloud hosting costs compared to monolithic architectures, you must reproduce the complete separation of data and network traffic between clients' systems that monolithic architectures naturally provide. To endow Alessa with this capability, S5T taught their engineers how to:

    • Create implicit-deny service meshes inside their Kubernetes systems to isolate traffic at the tenant level
    • Use the proxy sidecar pattern to perform advanced traffic filtering at the individual microservice level
    • Activate and enforce Pod Admission Policies that reject workloads whose security does not meet minimum baselines
    • Harden container images at build time to limit the attack vector
    • Run individual services with the least-required privilege at both the container and kernel access levels
    • Create and manage Kubernetes Role Based Access Control (RBAC) configurations to further enforce the principal of least privilege at the service level

Results and Impact

We can sum up the impact S5T had on Alessa with a single word: empowerment. Alessa did not need S5T to teach them how to engineer advanced software—they have been doing that for years! What they needed was a clear roadmap to maximizing the power of their software using modern, containerized multitenant architecture in the cloud in a way that is cost effective.

  • 🚀

    Enhanced Cloud Engineering Practices

    Significantly enhanced cloud engineering capabilities to not only solve the modernization problems of today, but to engineer cloud capabilities for Alessa's future AML capabilities.

  • 🤝

    Expert Guidance for Legacy System Modernization

    Experience-based insights that allow existing capabilities to modernized, made extensible, and continue to provide value.

  • Sophisticated Microservice Capabilities

    Understanding of how to best-leverage the benefits of containerization modularity in distributed cloud architectures.

  • 🛡️

    Secure Multitenancy

    Advanced capabilities that allow for the costs savings provided by containerization and compute resource sharing, while also providing strict tenant isolation.

Ready for Your Own Digital Transformation?

Let’s discuss how S5T can help your business achieve similar results through strategic, consultative partnership.
Contact Scorpion Five Technologies

What Clients Say About S5T

View More Cases Studies

  • Logo for Prime MD Aesthetics and wellness, the S5T client that is the focus of this case study.

    Digital Transformation in Healthcare: Prime MD’s Journey Toward a Sophisticated Digital Enterprise

    How Scorpion Five Technologies (S5T) helped a premium med spa escape vendor lock-in, modernize their digital marketing strategies, create operational efficiencies, and begin building a HIPAA-compliant digital enterprise

how would you like to connect with us?

Email Us
Book a Consultation

Use the button below to open our booking page and select a time that works for you. 

Open the Booking Page

Privacy Policy

This Privacy Policy (“Policy”) applies to scorpionfivetech.com, and Scorpion Five Technologies (“Company”) and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to the Company include scorpionfivetech.com. The Company’s website is a business site. By using the Company website, you consent to the data practices described in this statement.

Collection of your Personal Information

We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.

Sharing Information with Third Parties

The Company does not sell, rent, or lease its customer lists to third parties.

The Company may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services tothe Company, and they are required to maintain the confidentiality of your information.

The Company may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the Company or the site; (b) protect and defend the rights or property of the Company; and/or (c) act under exigent circumstances to protect the personal safety of users of the Company, or the public.

Automatically Collected Information

The Company may automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, access times, and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding the use of the Company’s website.

Security of your Personal Information

The Company secures your personal information from unauthorized access, use, or disclosure. The Company uses the following methods for this purpose:

SSL Protocol

When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet that are beyond our control; and (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed.

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

Delete your personal information from our records; and

Direct any service providers to delete your personal information from their records.

Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:

Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, and provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

Debug to identify and repair errors that impair existing intended functionality;

Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

Comply with the California Electronic Communications Privacy Act;

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

Comply with an existing legal obligation; or

Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Children Under Thirteen

The Company does not knowingly collect personally identifiable information from children under the age of 13. If you are under the age of 13, you must ask your parent or guardian for permission to use this website.

Email Communications

From time to time, the Company may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication.

Changes to This Statement

The Company reserves the right to change this Policy from time to time. For example, when there are changes in our services, changes in our data protection practices, or changes in the law. When changes to this Policy are significant, we will inform you. You may receive a notice by sending an email to the primary email address specified in your account, by placing a prominent notice on our Scorpion Five Technologies, and/or by updating any privacy information. Your continued use of the website and/or services available after such modifications will constitute your: (a) acknowledgment of the modified Policy; and (b) agreement to abide and be bound by that Policy.

Contact Information

The Company welcomes your questions or comments regarding this Policy. If you believe that the Company has not adhered to this Policy, please contact the Company at:

Scorpion Five Technologies

Louisburg, North Carolina 27549

Email Address: privacy@scorpionfivetech.com

Effective as of May 24, 2024

Let's Talk