FOTC
  • Products
    • Google Workspace
    • Google Cloud
  • Services
    • Cloud engineering as a service
    • Cloud Infrastructure Strategy Roadmap
    • Google AI
    • Landing Zone
    • Security audit
    • Technical support
  • About us
  • Startups
  • Resources
    • Case studies
    • Blog
    • Partner programme
  • Careers
Contact
ro pl hu en
  • Privacy policy
Ramp

Ramp

Google Workspace security audit in a revolutionary scaleup

Duration of cooperation: 03/2022 - now

About the company

Ramp is a global technology company whose pioneering solutions are revolutionizing the global cryptocurrency payment infrastructure. Its mission is to make exchanging fiat currencies (euros, dollars etc.) for cryptocurrencies (and vice versa) as easy as topping up your phone or logging into your bank account.

We are the bridge between web2 and web3. We strive to bring the infinite possibilities the new world offers to people. Kamil Starski, VP of Engineering, Ramp

There is a widespread belief that cryptocurrency products are not subject to regulation from governments. That is not true. In order to provide services, Ramp must obtain appropriate licenses and complete regulatory arrangements.

Challenge

The scaleup is committed to completing procedures such as KYC (Know Your Customer) or KYT (Know Your Transaction). These procedures aim to counteract money laundering and prevent terrorism.

Naturally, we meet all the regulatory requirements. At the same time, we also set the bar high for ourselves. We make it a priority to protect the money of our users from fraud and theft. We see it as our responsibility to safeguard the good name of web3. Ensuring maximum safety is paramount. Mariusz Jacek Kondratowicz, Information Security Officer, Ramp

Ramp creates and develops its products using solutions provided by FOTC, such as Google Cloud and Google Workspace. For instance, Google Cloud Identity serves as the main identity provider for the company’s employees and is a very important element of the startup infrastructure. 

The tools provided by Google fulfill all the stringent security and compliance requirements for companies operating in regulated industries.

The rapid pace of Ramp’s development requires the company to constantly change its configuration – especially when implementing new processes. This increases the risk of errors. The Ramp security team regularly verifies the configuration of the Google Workspace console settings, to ensure that the infrastructure complies with the highest security standards.

Solution

To take even better care of your customers’ data and funds, Ramp adopted a two-pronged strategy. First, the company decided to upgrade the Google Workspace suite Enterprise Standard, which gives it wider possibilities in terms of securing instances.

Additionally, the Ramp team conducts regular infrastructure audits to ensure that, despite dynamic development, all security mechanisms have been configured correctly.

Ramp turned to FOTC for both the change to Enterprise Standard and for the Google Workspace security audit.

Each auditor looks at a system from three angles: Prevention – how to protect against what might happen. Detection – how to monitor and notify when something alarming is happening. And correction – how to address potential problems. Google products offer excellent solutions to address the first two aspects. The final one, however, needs operational support that goes beyond tech solutions. That's why cooperation with FOTC, an audit partner who points to potential vulnerabilities we might miss, is a perfect complement to Google services. Mariusz Jacek Kondratowicz, Information Security Officer, Ramp

Results

FOTC specialists conducted a Google Workspace security audit at Ramp and identified areas that the scaleup team should focus on improving.

Security is at a very high level at Ramp. I believe, however, that there is always room for improvement in any organisation. Our engineers' analysis yielded areas which the Ramp security team should focus on and how to implement tools and procedures that the extended Google Workspace Enterprise console offers. Marcin Wodziński, Technical Leader (Google Workspace), FOTC

A thorough verification of all applications and their access levels was a vital component of the audit. It allowed the FOTC team to form recommendations based on best practices. After completing the audit, the FOTC team prepared a detailed list of improvements for the apps and resources in Google Workspace. Their implementation further increased the security level of the entire organization.

Throughout the audit process, and after its completion, the company could count on constant assistance and advice from FOTC.

More than a report

After the audit, Ramp received a detailed report from FOTC, which was made available in both Google Sheet and PDF formats. The report is a highly functional tool, ready to be used immediately.

The Ramp team tracked the changes they made and left comments on the report directly in Google Drive. This way the company was able to implement all the recommendations very efficiently. 

Usually after a security audit I received several pages of text. The report I got from FOTC is a spreadsheet with several tabs. The file contains specific recommendations which we could implement immediately as well as a list of priorities. For me, the report is a remarkable thing. I'm sure it was created by someone who spent a lot of time in the Google Workspace console to answer the question: "What kind of report would be the most useful for me?" I think usefulness was the overarching principle for the person designing it. With the FOTC report, I know where I am, I know where I want to get and which route is the best to get there. Mariusz Jacek Kondratowicz, Information Security Officer, Ramp

Ramp successfully implemented the audit recommendations. The scaleup remains in constant contact with FOTC. The support and expertise of our specialists helps the company to constantly improve its security systems.

Our customers are already growing their businesses in the cloud. Now it's time for you!

Talk to an expert
Services
  • Cloud Infrastructure Strategy Roadmap
  • Landing Zone
  • Training
Products
  • Google Workspace
  • Google Cloud
  • Google Workspace for Education
Industry
  • Education
  • Gaming
  • Government
  • Healthcare
  • Retail
  • Small and medium businesses
Knowledge
  • Blog
  • Case Studies
  • NIS2 directive
Company
  • About us
  • Career
  • Contact
  • Partner programme
  • Google Workspace Support
  • Privacy Policy
  • Regulations
Copyright © 2014 – 2024 Fly On The Cloud sp. z o.o. KRS: 0000500884, NIP: 8971797086, REGON: 022370270