P2PGlobal: Empowering Secure and Seamless Peer-to-Peer Communication Solutions
Presidio & Aws Help P2P Global Launch a Secure Marketplace That Connects Technology Solution Providers to Solve Customer Challenges
The Challenge
P2P Global is bringing together a collaboration marketplace for IT solution providers to expand their business by connecting with other partners. It is the first marketplace of its kind that allows solution providers to create and respond to complex IT projects, find the perfect match to fill skill gaps, and manage all IT needs by building an ecosystem of on-demand expertise.
In this self-serve marketplace, P2P Global’s members are becoming their own ‘ecosystem orchestrator’ by leveraging an effective platform to solve for skill gaps. As an ecosystem orchestrator, members are scaling their ‘trusted advisor role,’ increasing their competitiveness and providing even more value to their end user clients.
P2P Global created this new marketplace in an industry that is constantly evolving. In this context, it needed to be equipped to develop fast and adjust on the fly to new requirements. Its goal was to build an application that could scale to achieve a ‘network effect,’ where the value of the marketplace increases as it adds more members. P2P Global desired a minimum viable product (MVP) within months of raising initial capital, with an intuitive user experience that would attract membership and the flexibility to change according to the feedback received from members. In fact, the platform is constantly evolving, incorporating member feedback and expanding use cases. Ultimately, it needed to build a modernized system to bring its product to market faster, while ensuring that security and quality assurance best practices are incorporated throughout the software development lifecycle (SDLC).
Now with a proven track record as a premier ecosystem management platform and clear industry leader for P2P collaboration, the company is aggressively scaling membership by leveraging blue-chip partnerships and preparing for expanded use cases; inclusive of technology partners sponsoring their channel partners, integrating skills-based training catalogs, and private label offerings. With this planned growth, security remains highest priority.
The Solution
Presidio was engaged by P2P to become their software development team. They leveraged AWS to build out a Centralized Cloud Infrastructure and revenue lifecycle services to manage large streams of data Coming from P2P Global’s customer base and make that data available to operational and application intelligence solutions.
Presidio established a software lifecycle process and delped choose the right technologies and services for the secure cloud-native applications. The SDLC process improvements Included:
- Creating and advising on security standards and practices in alignment with P2P Global security policies and compliance requirements.
- Selecting technologies with which to build secure cloud-native applications
- Implementing Peer Team Reviews and escalating sets of approvals.
- Implementing controls via DevSecOps automation patterns, code and design reviews, and static code analysis
Meanwhile, each technology decision was based on the following guiding principles:
- Highly available infrastructure built on AWS Well Architected Principles
- Ability to capture user experience data to understand overall user behavior and continue to improve the experience by capturing usage analytics.
- An application architecture that utilizes services that automatically scale such as Amazon S3, Amazon CloudFront, Amazon Auto Scaling, and AWS Lambda.
- Ability to integrate with WordPress, Vimeo, Stripe, ActiveCampaign & HubSpot
Presidio performs bi-monthly production releases, delivering new feature implementations and enhancements to existing modules. This highly dynamic platform continually receives platform feedback, so a regular release schedule requires rapid resolution. Throughout, security is a major design consideration for each new and expanded use case
Multiple Environments Ensure Member Data is Confidential
Each new feature implemented on the P2P platform goes through three levels of processing – DEV, QA, and UAT environments – before being deployed into the production marketplace: This ensures that member data is not only secure but kept confidential. The design ensures that the development team does not have access to production level data. For the development team to gain access to production level data, it requires P2P Global executive exception approval for specific issue resolution and is limited to a designated named software engineer
The three-tiered workflow is as follows:
DEV – The first line of defense for developers to test and identify bugs at the code level. Qualified and approved code is then moved to the next level.
QA – At this level, Quality Assurance analysts perform full-fledged scenario testing and identifies any bugs to report back to the developer. This process is iterated until the build is ready for the final state.
UAT – The latest changes are moved to this environment upon receiving Quality Analyst approval. The Presidio team then provides a features document to P2P, at which point both Presidio and P2P perform User Acceptance Testing. Any bugs or bottlenecks identified by either party will be validated and sent back to the developers for fixing.
Immediately after deploying a Full-Grown version of the UAT build and receiving a go-ahead from P2P approvers, the Presidio team initiates migration to the Production environment. Presidio then awaits feedback on Production from P2P, as Presidio’s QA and development team do not have access to the Production marketplace environment.
Security Services – Secure Role Based Authentication
P2P Global members are the owners and employees of an ecosystem of highly skilled IT solution providers that deliver enterprise capabilities to all market segments. It includes professionals and subject-matter experts on almost any IT-related topic, with new members joining the platform daily.
P2P Global’s marketplace application contains 3 roles:
- P2P Admin
- Member Admin
- Member (non-Admin)
Since the application contains multiple roles, a role-based access control was required to ensure users can get to the resources they need to do their jobs, while preventing them from accessing others that do not pertain to them.
Presidio executed this by using Amazon Cognito identity pools to assign authenticated users a set of temporary, limited privilege credentials to access AWS resources.
In addition, P2P Global needed three instances of the application: Production, UAT, and Development. All member data resides exclusively in the Production environment and is accessible only by the members and the P2P Admin roles. No others, including Presidio developers, have access to member profile or opportunity data. Strict security guidelines are implemented across each environment.
Security Services – Integrating Third-Party Services for Compliance
Using AWS Config, Presidio can continuously monitor and record AWS resource configurations, and automate the evaluation of recorded configurations against desired configurations. This functionality allows P2P Global to evaluate third-party solutions and test their compliance.
Using the Rule Development Kit (RDK) and AWS services such as AWS Config, AWS Secrets Manager, and AWS Key Management Service (KMS), Presidio orchestrated this effort with a single repository for compliance evaluation.
P2P Global has more than four third-party integrations using REST as their data layer. Custom Rules were created using RDK and API Credentials were stored in KMS. This implementation helped Presidio securely store credentials in AWS Secrets Manager and authenticate against third parties. It also pulls that information into AWS Config and leverages features such as “Configuration History” to track compliance of a resource over time.
In addition to these Security Services process improvements, Presidio also enabled:
- Usage of AWS Key Management Service and AWS Secrets manager to store DB credentials and S3 Bucket RDS encryption keys
- AWS WAF help protect public AWS API Gateway & Cloudfront
- Encryption of all Internet-facing endpoints at transit using Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
- AWS CloudTrail in all AWS Regions and log file integrity validation.
- CloudTrail logs are protected from accidental deletion using MFA Delete
- Secure coding best practices, team tenets, and SLO/SLAs on how security issues and tech debt would be prioritized for disposition
- Unit tests for functionality, abuse, and security requirements. Unit tests and coverage reporting was incorporated into CI/CD workflows
Services / Technology Used
AWS Identity and Access Management (IAM), AWS CloudTrail, Amazon CloudWatch, AWS CloudWatch Events, AWS Lambda, AWS Key Management Service, AWS WAF, AWS Secrets Manager, AWS Certificate Manager, Amazon Cognito, AWS Athena, Amazon S3, Amazon EC2, AWS Lambda, Amazon RDS, Amazon Route 53, Amazon VPC, Amazon SES, AWS Batch, AWS Code Build, Amazon QuickSight, Amazon API Gateway, Amazon CloudFront, JIRA, SonarQube
Results / Benefits
Presidio empowered P2P Global to avoid undifferentiated heavy lifting by leveraging the AWS Cloud and its platform services to reduce the amount of development needed for the newly launched marketplace. Presidio and AWS enabled P2P Global to get to market quickly with security engineering as its base.
This successful rollout of the P2P Global marketplace, on time and on budget with the desired functionality, was delivered complete with a state-of-the-art cloud security infrastructure and hardened SDLC processes to protect the platform as it grows.
Presidio has helped accelerate P2P Global’s product release timeline without compromising on security, including the seamless integration between seven third-party applications, communicating with, and receiving events and transactions from the marketplace application.
P2P Global now can track a user’s journey through the application – from landing on the public site to signing up to becoming a paying customer benefitting from the application. An administrator-level dashboard allows P2P Global to manage captured company information, user information, subscription, and all opportunities within the marketplace. Additionally, a help desk has been configured to collect issues and enhancement requests from P2P Global members.
Dan Fobes
P2P Global CEO
“Combined With Presidio’s Rapid Development Offering and Rightstart for AWS, We Went From Idea to Production in Months, Designing, Developing, and Deploying a World-class Marketplace Application,” Said P2P Global CEO and Founder John Guido..”
About P2P Global
P2P Global is a collaborative marketplace for top technology solution providers. It’s the first marketplace where members can create and respond to complex IT projects—finding that perfect match to fill skill gaps. Members can manage all of their client’s IT needs by building an ecosystem of on-demand expertise
For more information, please visit P2P Global.
About Presidio
Presidio is a leading global digital systems integrator developing innovative technology solutions to help clients digitally transform their business. We specialize in simplifying IT by modernizing data, applications and infrastructure. Our full lifecycle model of professional and managed services power resilient cloud, security, infrastructure modernization and workforce transformation solutions for 7,000 middle market, enterprise and government clients.
With an industry-leading 3:1 ratio of engineers to salespeople, we are uniquely positioned to develop and manage world-class business solutions at consumer speed. Partnering with Presidio allows organizations to capture new digital revenue streams while focusing on their core business. We handle the technical complexity and match spend to business value through flexible payment and consumption solutions.
Partners
For more information on how we connect IT of today to IT of tomorrow, visit: www.presidio.com
