About the company
Ramp is a global technology company whose pioneering solutions are revolutionizing the global cryptocurrency payment infrastructure. Its mission is to make exchanging fiat currencies (euros, dollars etc.) for cryptocurrencies (and vice versa) as easy as topping up your phone or logging into your bank account.
We are the bridge between web2 and web3. We strive to bring the infinite possibilities the new world offers to people.
There is a widespread belief that cryptocurrency products are not subject to regulation from governments. That is not true. In order to provide services, Ramp must obtain appropriate licenses and complete regulatory arrangements.
Challenge
The scaleup is committed to completing procedures such as KYC (Know Your Customer) or KYT (Know Your Transaction). These procedures aim to counteract money laundering and prevent terrorism.
Naturally, we meet all the regulatory requirements. At the same time, we also set the bar high for ourselves. We make it a priority to protect the money of our users from fraud and theft. We see it as our responsibility to safeguard the good name of web3. Ensuring maximum safety is paramount.
Ramp creates and develops its products using solutions provided by FOTC, such as Google Cloud and Google Workspace. For instance, Google Cloud Identity serves as the main identity provider for the company’s employees and is a very important element of the startup infrastructure.
The tools provided by Google fulfill all the stringent security and compliance requirements for companies operating in regulated industries.
The rapid pace of Ramp’s development requires the company to constantly change its configuration – especially when implementing new processes. This increases the risk of errors. The Ramp security team regularly verifies the configuration of the Google Workspace console settings, to ensure that the infrastructure complies with the highest security standards.
Solution
To take even better care of your customers’ data and funds, Ramp adopted a two-pronged strategy. First, the company decided to upgrade the Google Workspace suite Enterprise Standard, which gives it wider possibilities in terms of securing instances.
Additionally, the Ramp team conducts regular infrastructure audits to ensure that, despite dynamic development, all security mechanisms have been configured correctly.
Ramp turned to FOTC for both the change to Enterprise Standard and for the Google Workspace security audit.
Each auditor looks at a system from three angles: Prevention – how to protect against what might happen. Detection – how to monitor and notify when something alarming is happening. And correction – how to address potential problems. Google products offer excellent solutions to address the first two aspects. The final one, however, needs operational support that goes beyond tech solutions. That's why cooperation with FOTC, an audit partner who points to potential vulnerabilities we might miss, is a perfect complement to Google services.
Results
FOTC specialists conducted a Google Workspace security audit at Ramp and identified areas that the scaleup team should focus on improving.
Security is at a very high level at Ramp. I believe, however, that there is always room for improvement in any organisation. Our engineers' analysis yielded areas which the Ramp security team should focus on and how to implement tools and procedures that the extended Google Workspace Enterprise console offers.
A thorough verification of all applications and their access levels was a vital component of the audit. It allowed the FOTC team to form recommendations based on best practices. After completing the audit, the FOTC team prepared a detailed list of improvements for the apps and resources in Google Workspace. Their implementation further increased the security level of the entire organization.
Throughout the audit process, and after its completion, the company could count on constant assistance and advice from FOTC.
More than a report
After the audit, Ramp received a detailed report from FOTC, which was made available in both Google Sheet and PDF formats. The report is a highly functional tool, ready to be used immediately.
The Ramp team tracked the changes they made and left comments on the report directly in Google Drive. This way the company was able to implement all the recommendations very efficiently.
Usually after a security audit I received several pages of text. The report I got from FOTC is a spreadsheet with several tabs. The file contains specific recommendations which we could implement immediately as well as a list of priorities. For me, the report is a remarkable thing. I'm sure it was created by someone who spent a lot of time in the Google Workspace console to answer the question: "What kind of report would be the most useful for me?" I think usefulness was the overarching principle for the person designing it. With the FOTC report, I know where I am, I know where I want to get and which route is the best to get there.
Ramp successfully implemented the audit recommendations. The scaleup remains in constant contact with FOTC. The support and expertise of our specialists helps the company to constantly improve its security systems.