Customers

Alma Scales Security Fast with Aqua’s CNAPP

Fast growing fintech startup Alma is able to rapidly onboard with Aqua’s CNAPP to scale security and protect across their hybrid/multi-cloud environment

Company Name
Alma Pay
Organization Size
300+
Industry
Finance
Services
Instalment-based Payments
HQ
Paris, France
Founded
2018

Challenges

  • Improving security posture  
  • Scaling security efforts  
  • Integrating security across the Software Development Life Cycle (SDLC) 
  • Attaining and maintaining compliance  
  • Discovering early-stage risks to avoid pushing CVEs into production 
  • Monitoring in runtime  
  • Visibility into real time risks and attacks in runtime 
  • Driving digital transformation and expansion into new environments and infrastructure  

Requirements

  • Runtime Security  
  • Hybrid/multi-cloud workload protection 
  • Full SDLC visibility  
  • Software Supply Chain Security  
  • Financial Regulation Compliance  
  • Software composition analysis (SCA) 
  • Static application security testing (SAST)  
  • Infrastructure as Code (IaC) capabilities 

Solutions

  • Aqua CNAPP (SSCS, CSPM, CWPP) 
Technology Stack
    google cloud
    Google Artifacts Registry
    Github, Github Actions
    Terraform
    Linux

Customer Overview

Alma creates financial products that empower merchants to sell more and help consumers purchase better products while never encouraging them to become over-indebted. The company’s installment and deferred payment solutions are accessible to all and easy to implement, eliminating purchase friction. Alma is the French leader in installment payment solutions. With an omnichannel approach, the company is present in 10 European countries and supports more than 17,500 merchants. 

The Challenge

Alma’s mission is to contribute to the emergence of a new, more conscious form of commerce, by creating an ecosystem of products at the service of merchants. The company’s unique approach is in high demand across Europe and as business scales, the security team at Alma is under substantial pressure to secure a rapidly growing cloud native footprint in a highly regulated industry.  

In mid-2023, Alma’s security team began the search for a solution that provided holistic protection from code to cloud, with a strong focus on software supply chain security. As a startup, they were an agile team and accustomed to working quickly and with flexibility, so they wanted to avoid using too many point solutions or cumbersome legacy solutions with cloud native options bolted on. They were looking for a consolidated solution that could easily scale with their operations, while dramatically improving their security posture. As the company looked to shift left, it was crucial that the cloud native application protection platform they chose could integrate into their workflows, enabling them to reduce risk at every step of the software development life cycle.  

Although Alma was running in Google Cloud, the team believed it was also important that this solution have options to support other cloud native workloads in the future because it is common in startups for roadmaps and strategies to change with shifting business requirements. Compliance was also a concern for Alma. With operations in ten European countries, they needed to ensure they met standards such as for GDPR, and French supervisory authority (ACPR – Autorité de Contrôle Prudentiel et de Résolution) regulations.  

"We didn’t have to jump back-and-forth from several tools, manage logins or deal with conflicting features. Aqua streamlined how we work and empowered our team to react more quickly to security findings."
Rémi Charbonnel, Product Security Engineer

The Solution

Aqua gave Alma full cloud native application protection they needed in one centralized platform. Aqua secures the entire application lifecycle from end to end. Alma can prevent security risks from becoming security incidents by discovering and remediating vulnerabilities, malware, exposed secrets and other risks in their code, build tools, and delivery pipelines. They also have complete visibility into their Google Cloud environment to find and fix misconfigurations and other risks that could leave them exposed. With Aqua’s with real-time threat detection and response, Alma can stop cloud native attacks without disrupting business operations.  

As part of Aqua’s comprehensive cloud native protection, Alma also utilizes Aqua’s Dynamic Threat Analysis (DTA) to dynamically assess container risk by running in an isolated sandbox. By monitoring runtime behavior in a controlled environment before deployment, Alma can identify potential issues early. This pre-emptive strategy allows Alma to address vulnerabilities before they impact the production environment, reducing the risk of security breaches. 

Because Aqua offers a single platform, Alma can incorporate better security measures throughout the SDLC with ease.  Aqua’s comprehensive capabilities and commitment to support cloud and container environments ensure that Alma will be protected no matter what infrastructure the company is running on or what tools they are using. This is important because they have plans to expand to GKE in the near future. 

Aqua’s single platform approach and ability to integrate seamlessly into workflows made it quick and easy for Alma to onboard. Rémi Charbonnel, Product Security Engineer, said Aqua provided substantial, useful insights about their security processes almost immediately. Key features for him are the efficient, easy-to-use user interface and the robust software supply chain capabilities. He also looks forward to enforcing the simple to define and granular security policies at every stage of the SDLC. 

Rémi said that Aqua’s ability to support compliance efforts is important for Alma. The solution enables them to continually audit their security posture and map findings onto compliance frameworks, including GDPR and European regulatory requirements.

"We chose Aqua because it helps fully cover all our needs in cloud native software security. We looked at other solutions, but Aqua was, and clearly remains, the most valuable."
Rémi Charbonnel, Product Security Engineer

Highlights

With Aqua’s CNAPP, Alma was able to quickly onboard to scale security quickly across its cloud native stack and significantly improve security posture. Highlights include:  

  • Unified security across cloud native stack with single interface 
  • Quick and easy implementation proving immediate value 
  • Integration with existing development tools and infrastructure  
  • Protection of code, repositories and delivery pipelines  
  • Support of existing cloud infrastructure with flexibility to expand to other clouds  
  • Reports on security posture for compliance  
  • Runtime protection for Google Cloud Run containers and GKE clusters  
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links