Arrow down
arrow down
Arrow down
Arrow down
Arrow down
Customer Case Study

Understanding the Network with Mathematical Certainty Helps a Global Payment Processing Company Keep Their Network Secure and Reliable

Download the PDF

The Company

At the forefront of digital payment processing, this multinational company leverages technology to make financial services and commerce more convenient, affordable, and secure. The company has 500 million customers and merchants, and transacts business in 25 global currencies, and has completed over 5.5 billion transactions. Enabling their sophisticated operation requires a lot of complex technology. Each time a new merchant joins the company’s network, application and security teams need to come together to provision an application that securely enables their services. When dealing with other people’s money; reliability and agility are nonnegotiable. It’s also important to ensure that the network is fully modernized and compliant with the myriad of regulations that govern fintech.

The Challenge

The payment processing company’s director of network engineering stressed the importance of an accurate network map and understanding of all possible traffic paths. “Five years ago our network was contained within the walls of the datacenter— and it was complex. Today, with the cloud, there are no physical boundaries, it’s all over the world, the complexity is intense.” As he explained, when you don’t “own your pipes,” you can’t visualize the functional and physical connections to determine why the network is behaving in a certain manner. This lack of visibility was inhibiting efforts to modernize the network. Network maps are the key to helping the company achieve their modernization goals. According to their director, “They say a picture is worth a thousand words; an accurate network map is worth a million words because things are so complex in the cloud.” Furthermore, the company needed to make the network searchable, so they could easily locate the causes of unintended network behavior and fully understand device connectivity, especially when decommissioning old devices.

 

The Solution

The payment processing company turned to Forward Networks to help. Because Forward Enterprise takes regular snapshots of the network and collects configuration and state data for every device, the network team was confident they would always be working from an accurate understanding of connectivity. According to the company’s director of network engineering, “We now understand all network ingress and egress points and possible traffic paths with mathematical certainty and proactively verify that traffic adheres to our security policies. This is invaluable in helping my team keep the network stable and secure.”

The Value of an Always-up-to-date Network Map

One of the key benefits of fully understanding connectivity is the ability to provision new apps more quickly. Every time the payment processing company onboards a new client, the network, security, and application teams need to securely provision a new app which requires multiple tiers of processing and secure network connectivity. The faster the client is up and running, the faster the company (and their customers) can recognize revenue. Historically, this was a manual and time-consuming task. In an effort to streamline the process, the network team created an application that would automatically test paths and generate tickets in the event that firewall changes were necessary. This helped tremendously; however, it was only as good as their assumed network map. If there was undocumented connectivity, the tool results were inaccurate and could lead to performance issues that required manual troubleshooting. Using an API, the company integrated their internal app with data from Forward Networks, which sped up provisioning by a factor of 10 and delivered a greater degree of confidence that they didn’t create unintended connectivity. This also helped them create customized dashboards to monitor network health daily. This data has improved confidence for the team; the company’s Director remarked “We now have an easy way to understand the day-to-day operations of the network and how routes are being propagated with accurate insight into connectivity. We know if the infrastructure is properly connected and the infrastructure zones are connected as intended.”

"We now understand all network ingress and egress points and possible traffic paths with mathematical certainty and proactively verify that traffic adheres to our security policies."
Director of Network Engineering,
Global Payment Processing Company

Back to the Future with Behavioral Diffs

When dozens of people are constantly working on the network, simple mistakes that affect network behavior are a fact of life. Using the behavioral diffs feature in Forward Networks automates the once time-consuming task of locating these mistakes by comparing the network configurations and behavior over time against changes made to the network. Additionally, the team can add a verification check to ensure that if the same mistake happens in the future, it will be proactively detected.

Decommissioning with Confidence

As the global payment processing company modernizes its network, they are faced with decommissioning outdated equipment. It’s critical that they are able to verify, with certainty, that the selected devices to be retired are inactive, no longer transport critical data, and that existing flows (i.e. customer traffic) won’t be impacted. Previously, the team could manually verify that there was no traffic flowing through the devices, but they couldn’t say with 100% confidence that taking them offline would be zero impact. Forward Enterprise helps them automate this process and allows them to take devices offline with confidence that network behavior will not change nor will customers be negatively impacted.

The Value

The company isn’t measuring the value of their digital twin in terms of cost savings or efficiency—though they have achieved both—but rather in terms of things they could not do before. For example, every year in preparation for Black Friday, the IT department would run “holiday checks” to ensure that the network was stable and ready for the onslaught of transactions. This manual process took weeks to complete and required dedicating several engineers to the project full-time. They were manually validating MLAG/VPC stability, Prefix lists, BGP state, and more. Now, with Forward Enterprise, they’ve been able to set custom intent checks that automatically perform this task every night.

Looking Forward

What’s next—integrating with their internal ticketing system to allow a snapshot to be connected to tickets, so engineers know what the network looked like before the issue materialized. This will allow them to share data with people who may not be users of the platform but need access to the same source of truth. The company’s Director recognizes that it’s easier to share information through APIs than to force users to access a new application, which is why he appreciates the inherent API functionality of Forward Enterprise.

Top cross