Creativity and innovation are greatly valued by business leaders; the former allows you to detect uncommon patterns and identify possibilities, the latter to turn possibilities into results. Both pieces may be absolutely critical to the growth of a business, but for Bitbuy CIO Andrew Park the power to innovate depends first and foremost on good security.
“We exist in a space where there hasn’t been a lot of regulation,” he said. “But that’s changing. What we want to do is form part of a baseline in Canada – a higher standard.” Although for Park, committing to regulatory standards such as those put in place by IIROC is essential – “it comes with the territory” – it is but a small part of what is required. The customer, he says, is and must remain central to everything they do.
Thorough and Consistent
“Every one of our customers must have that absolute assurance of a safe journey,” he said. “A person who buys and sells crypto coins must have it. Without that essential trust that we’re wholly committed to their security, the arrangement quickly falls apart.”
Every organization may have their own unique twist on keeping their network secure, but for Bitbuy IT must be two things: thorough and consistent.
Download free report: “Profiles in Innovation Series: Financial Services”
“We go from the bottom level of our platform up to the API level, examining and testing every security check and balance in place,” said Park. “And we do that pretty much nonstop, on a continual basis, to ensure our customers can have that full assurance of safety – that, for example, their crypto balance is 100 per cent protected at all times.”
Bitbuy has chosen AWS as its preferred cloud provider, said Park, and has taken all necessary measures to ensure everything they are building and using on top of AWS is secure.
Usual Versus Unusual
“At the platform level we monitor all activity, without exception. Our sightlines are such that for every single incident that occurs, we have the ability to go back and see what happened at the platform level.”
Bitbuy uses Amazon GuardDuty, a highly intelligent service that works on the idea of baseline “usual” activity versus activity that qualifies as being “unusual.”
“From VPC DNS activity to cloud trail to all other info coming in, GuardDuty gives a clear view of what’s ‘usual’ and what’s not. While we have had opportunities to see these mechanisms in action, in each case it had to do with the misuse of services by staff unfamiliar with our environment than anything malicious. But we have the capability, so if something does occur we’ll be able to catch it and resolve it quickly.”
Going Into the Dirty Areas
Park said innovation can and does come in the form of certain “outside the box” practices and protocols in ensuring security is not just tight but airtight.
“On account of the business we’re in, in which you see a lof of wealth change hands on a daily basis, you have to go that extra mile to make sure things are as tight as they can be” A customer with any connection to the dark web can trip an “unusual activity” flag. Bitbuy’s verifications and compliance team has a requirement to venture into the dark web to verify customers’ presence and, if necessary, business in the dark web.
“We have a dark web monitor,” said Park. “The job our verifications team has in verifying the nature of a customer’s dark web presence can involve visiting some, shall we say, interesting websites.”
Going into shady areas of the dark web can be a risky enterprise on its own.
“What we did was carve out a specific network dedicated to this kind of browsing,” said Park. “Using Amazon AppStream 2.0 our verification team can launch a Tor browser based on the AWS isolated network. Whatever happens to that network, it’s isolated and has nothing whatsoever to do with the rest of our environment and business.”
Always Moving, Always Improving
Park cannot stress enough the importance of constant review of security protocols, and having that ability to separate out normal activity from even slightly abnormal.
“When security is one of your key differentiators, and sets you apart from others, you’re not just talking about how good your security is – you’re pursuing it on a continual basis. Anyone looking at our system would say it’s easy to trip alarms; this is the way it should be when you’re talking about thousands and even millions of dollars per transaction.”
But Bitbuy’s “always moving, always improving” approach spills over into all facets of its operations. “We want to be number one in Canada,” said Park. “Customers are forever looking for new features, support for more types of coins, et cetera. We currently support nine types of coins but have plans to add more in 2022. But as we move forward, offering people more security will remain unquestionably remain top priority. It’s the foundation stone of what we do and what we offer.”
Download free report: “Profiles in Innovation Series: Financial Services”