Building a Modern Fintech Platform for Quantum Lending Solutions
Quantum Lending Solutions (QLS), is a recognized leader in the American fintech sector, with a mission to support small and medium-sized enterprises.
The company specializes in providing capital to businesses often overlooked by traditional banks. Due to its dynamic growth, QLS faced the need to modernize its technology platform.
Industry: Fintech / Insurtech
Challenge: The need to evolve a mature, monolithic application whose architecture posed a challenge to future scalability, maintenance, and innovation. The lack of modern DevOps practices and deep observability was a barrier to further growth and complicated the path to SOC 2 certification.
Solution: Designing and implementing a new, cloud-native foundation for the platform in AWS, based on containerization (Kubernetes), IaC and GitOps practices (Terraform, ArgoCD), and the implementation of advanced application observability (Datadog APM & Tracing).
Key Results:
Reduced incident resolution time (MTTR): The Mean Time To Resolution for critical incidents was reduced from several hours to under 30 minutes.
Increased deployment frequency: Deployment frequency increased from monthly to several times a week, significantly accelerating the delivery of new features.
Achieved availability above 99.95%: The Multi-AZ architecture ensured the level of availability required for critical financial applications.
100% auditability of changes: The implementation of IaC (Terraform) and GitOps (ArgoCD) allowed for full automation and auditability of infrastructure changes, which significantly simplified the SOC2 audit process.
Increased agility and security of deployment processes and the construction of a solid technological foundation that enables the company to achieve its business goals and pass SOC2 audits.
The importance of resilience in Fintech
Quantum Lending Solutions operates in the fintech sector, where trust and security are currency. The platform processes sensitive financial data, and its availability is directly linked to the company’s reputation and its ability to attract business partners who require compliance with strict standards like SOC 2. Any failure is not just about lost transactions but also risks reputational damage and regulatory issues. Resilience is the foundation that allows the company to pass audits and build trust in the market.
The Challenge: Accelerating growth while maintaining compliance
The impetus for transformation at Quantum Lending Solutions was a strategic decision to evolve its application platform. The existing solution, which had served the company well in its earlier growth stages, required modernization to meet new business ambitions and rising market standards. Five key strategic goals were defined:
Ensure high availability: One of the main goals was to create a high-availability infrastructure that could withstand failures without affecting users. This required a resilient architecture, such as deploying databases (RDS) and the Kubernetes cluster (EKS) across multiple Availability Zones (Multi-AZ). The architecture’s resilience had to be proactively validated through business continuity plan tests that simulate failure scenarios.
Strengthen system resilience through observability: There was a need to shift from reactive problem-solving to proactive optimization. This involved implementing advanced tools (APM, transaction tracing) to give developers insight into application performance at the code level. Gaining such deep visibility would allow the team to identify and fix potential issues before they reached production, thereby increasing the application’s robustness. This also laid the groundwork for a formal Disaster Recovery Plan (DRP).
Accelerate the innovation cycle: The goal was to transition to a modern architecture that would enable the development team to deploy new features quickly and securely, instead of focusing on maintaining complex code.
Design with SOC 2 certification in mind: A key business objective was to build an architecture prepared from the ground up to meet the stringent requirements of a SOC 2 audit, which is essential for collaborating with large, regulated partners.
Introduce modern DevOps practices: The aim was to fully automate deployment processes (CI/CD) and manage Infrastructure as Code (IaC) to increase the speed, security, and consistency of all environments.
The Solution: Building a comprehensive cloud platform
After defining these goals, Quantum Lending Solutions entrusted Tenesys with the task of building the new infrastructure and implementing modern DevOps processes. The project was carried out in close collaboration with the client and included the following steps:
Infrastructure as Code and containerization: The entire cloud environment in AWS was defined using Terraform. The heart of the application became an Amazon EKS (Kubernetes) cluster, managed in a GitOps model using ArgoCD, which ensured consistency and auditability of deployments.
Automated deployments (CI/CD): Fully automated CI/CD pipelines were implemented using GitHub Actions, enabling the fast and secure delivery of new software versions.
Deep application observability: The Datadog platform was implemented with a focus on tools crucial for developers: APM and distributed tracing. This provided unprecedented insight into application performance at the code level, and centralized logging streamlined event analysis. Additionally, basic SIEM mechanisms were launched as a foundation for the SOC 2 certification process.
Security and foundation for SOC 2 compliance: The entire infrastructure was secured (e.g., placed behind Load Balancers), and access was controlled using AWS Identity Center with the principle of least privilege applied.
Strict resilience objectives, crucial in the financial industry, were also defined and documented as part of the technical assessment:
RPO (Recovery Point Objective): Below 5 minutes.
WHY: In fintech, losing even a few minutes of transactional data is unacceptable. A low RPO is crucial for maintaining the integrity of financial data and client trust.
RTO (Recovery Time Objective): Below 30 minutes.
WHY: Due to regulatory requirements and partner expectations, the system must be able to return to full functionality within a maximum of 30 minutes. This is a key indicator that is verified during SOC 2 audits.
The Results: Unlocked potential and measurable business benefits
The new architecture brought not only technical improvements but, most importantly, unlocked the company’s business potential.
Empowering and accelerating developer work: Thanks to the implementation of Datadog APM and tracing, developers gained a powerful tool for analyzing application performance in real time. The time needed to diagnose and resolve bugs was radically shortened, allowing teams to focus on creating new business value.
Increased agility and security of deployments: Fully automated CI/CD pipelines led to an increase in the frequency and reliability of releases. Development teams can now deploy changes faster and with greater confidence.
A Solid foundation for SOC2 audits: The new, well-documented, and secure infrastructure provides a solid foundation that allows the company to smoothly go through the SOC2 audit process. This, in turn, opens the door to collaboration with key, regulated partners in the market.
Future-ready and scalable: The modern, Kubernetes-based platform provides the resilience and flexibility to handle growing traffic and dynamically plan for further expansion without concern.
“Overhauling our core platform and aligning it with SOC2 requirements was a huge challenge. Tenesys proved to be not just a vendor, but a true partner in this process. They delivered a modern, scalable architecture that gives our developers the freedom to operate, and gives us the confidence and security essential in our industry.”
Chad Rhyner, Senior Engineering Manager at Quantum Lending Solutions