Have Kubernetes questions? Attend our Office Hours, June 13th at 12:30P PT. Sign up here!

Case Study | Hedge

Fintech Startup Leverages Secure, Scalable Platform to Build Trust With Customers

Founded in 2016, Hedge is a leader in scalable, programmatic deployment of staking infrastructure.

Providing secure wallets with proprietary best in class distributed cold storage practices, the company’s platform reduces the complexity of managing keys and interacting with networks.

Hedge provides institutional investors and crypto platforms with the liquidity, custody, and security to support the growth of the digital asset community.

Hedge was acquired by Bitgo in 2019.

"We needed to stay focused on delivering customer value as quickly as possible with minimal hand-holding. SuperOrbital was a trusted partner that came on board quickly and got the job done. They were absolutely perfect."

Challenges
  • Creating a secure and useable infrastructure without distracting from development of the core product
  • Complex security needs
  • Small team
  • Start-up budget
Value Created
  • Secure platform trusted by customers
  • Automated core infrastructure
  • Simplified key processes
  • Increased encryption and security
Solutions
  • DevOps best practices and strategy
  • Embedded engineers
  • Subject matter expertise

Ready to get started?

Schedule an introductory call

Download a PDF version of this case study.

Co-founded by four close friends in 2016, Hedge faced the same challenges as many tech startups around the world: how to ship a compelling software product without being distracted by the groundwork required to configure and secure the underlying infrastructure.

The Hedge team, which is composed of experienced blockchain developers, entrepreneurs, and Fintech executives, knew they had to leverage their time and efforts wisely or they could put their entire venture at risk. According to Bob Rutherford, CEO, “We needed to stay focused on delivering customer value as quickly as possible with minimal hand-holding.” Spending time learning how to configure and secure the various AWS and Hashicorp products would be a strategic mistake that could put the entire venture at risk.

BUILDING A SECURE, SCALABLE FOUNDATION

Hedge approached SuperOrbital with a simple request to build a foundation they could manage, and that their customers would trust.

Understanding that it’s crucial to understand a problem deeply before jumping into execution, SuperOrbital spent the beginning of the engagement embedded within the Hedge team. As part of the discovery process, they discussed the company’s products and solutions, customers, security concerns, and personal skill sets.

Three things immediately stood out.

  1. Hedge was deeply knowledgeable about crypto tech and blockchain
  2. The company had a powerful product that large financial institutions were ready to buy, and because of their customer base and market, their security needs were far beyond a normal startup
  3. Hedge needed to operate like a bank, but with the budget of a startup

SuperOrbital created a roadmap for deploying a minimal framework that would scale with the start-up. The primary focus was placed on creating the basic building blocks of Vault, the application servers, and a bastion station. A plan was discussed for configuring monitoring and logging, and encrypting all internal traffic.

The implementation included:

  • Automating all the infrastructure through the industry standard tool, Terraform. Treating infrastructure as code allows for quick updates in tense situations, and repeatable deployments for Disaster recovery, Staging, Development, and QA.
  • Utilized Packer to repeatably produce hardened machine images without SSH access or egress. Known as “immutable infrastructure,” this produces systems that are much more predictable and manageable than traditional Chef and Puppet based approaches.
  • Deployed the infrastructure into separate AWS accounts to simplify access management and reduce the blast radius of a breach.
  • Used the recently launched AWS PCA service to encrypt all internal traffic with a full and valid certificate authority chain.
  • Secured the Vault cluster above and beyond the stringent best practices guidelines recommended by Hashicorp.

“SuperOrbital was a trusted partner that came on board quickly and got the job done. They were absolutely perfect,” said Bob.

"We’ve seen other companies make the mistake of using AWS like the traditional infrastructure they’re already used to. SuperOrbital steered us toward cloud-native techniques that made AWS simple, easy to maintain, resilient to failure, and incredibly secure."

Daniel Hoffmann, Co-founder

SEAMLESS DEPLOYMENT SETS THE STAGE FOR LAUNCH OF CORE APPLICATION

“SuperOrbital steered us toward cloud-native techniques that made AWS simple, easy to maintain, resilient to failure, and incredibly secure,” said Daniel Hoffmann, Cofounder.

The infrastructure work was completed just as the Hedge team was ready to deploy its core application. Everything was thoroughly documented including the implementation, design decisions, usage, and future improvements. This was followed by a hand-off call with the team to walk them through the system. Throughout the following weeks, SuperOrbital was available to answer questions while the Hedge team explored the new infrastructure.

“I’ve never worked with a partner that was as dedicated to our success as SuperOrbital.” said Chris Metcalfe, Co-founder. “At every step of the way they took great care to make sure we were moving in the right direction and that their solutions matched our needs. They documented the system so thoroughly that the hand-off was effortless.”