Securing 10 million personalized promotions

Evolving from retail checkout to the bank account

Vietnam has undergone a monumental transformation in the last several decades and now has one of fastest growing economies on the planet — thanks in part to companies like One Mount and Vingroup.

The latter, which started as a dried foods producer in the early 1990s, has blossomed into a sweeping conglomerate comprising 48 subsidiaries spanning every market from real estate and health care to education, retail, and financial services. Vingroup’s financial services arm operates under the VinID banner, a customer loyalty and daily discount app that facilitates billions of dollars in financial transactions each year for more than 10 million registered users.

While the app found instant popularity and has grown by leaps and bounds since its launch, doing so didn’t come with its share of challenges and risks. “The sheer volume and sensitivity of the information exchanged on the app makes ensuring the safety and security of every bit of data that it processes our top priority,” says Liem Pham, director of cybersecurity for One Mount Group, the subsidiary that manages VinID. “Our previous methods and strategies were inefficient and not robust enough to help us secure the various systems, connections, and data stores spread across our organization and needed to be enhanced or replaced with something scalable and ready to take on the challenges we face in today’s cyber landscape.”

Massive footprint needs smarter way to address potential vulnerabilities

Since its launch, millions of users have flocked to VinID for instant, reliable access to thousands of discount codes from reputable and familiar brands and to facilitate purchases across various shopping channels with pay-on-app capabilities via an e-wallet.

Tracking individual users’ buying habits enables the company to better target new discount offers and promotional opportunities to customers, execute the transactions directly within the app, and keep all that data within a single ecosystem. VinID relies on an extensive mix of cloud and on-premises systems to manage this massive volume of information and to deliver a consistently excellent digital customer experience. But securing the platforms, connections between systems and databases, and the private personal information of its users became increasingly challenging because of the company’s mostly manual controls.

“An ecosystem this big isn’t just a matter of securing user logins and bank information from unauthorized access, it’s also about ensuring that non-human connections between different clouds, databases, and the frontend are reliably secure as well,” Liem explains. “We historically managed all the secrets for these different transactions manually across multiple teams, but as our environment continued to grow, it became nearly impossible to keep rotating keys and digital passcodes to keep it all safe and prevent a domino effect if one system happens to be breached.”

Liem says that manually managing thousands of secrets by hand was not only inefficient and time-consuming for an already overwhelmed support team, but also error-prone. And it increased the risk of breaches and potential impact on the app’s overall performance.

“We needed a standardized way of managing secrets across the organization and our different properties,” Liem says. “Every new feature release or version update required the DevOps team to take time away from their primary job to focus on one-off secrets management issues. It often impacted the app’s performance, inhibited our ability to deliver new features to users faster, and unnecessarily increased the cost of doing business.”

VinID is using HashiCorp Vault to automate dynamic secrets management across various cloud and on-premises systems and networks, enabling a richer, more secure, and engaging user experience.