Lawpath is a leading legal software platform used by both individuals and businesses. It provides a range of features spanning from hiring lawyers and creating legal documents, to starting a new business with all the compliance requirements handled by Lawpath. 4 million Aussies are accessing Lawpath for legal help every year.
Summary
Lawpath leveraged PolarSeven’s p7-SecurityFoundation service to migrate to a multi-account AWS environment with Single Sign-On. Developers quickly adopted the new processes with commensurate improvements in the reliability of their continuous deployment.
The Challenge
Lawpath’s revenues have been doubling, year-over-year, and the startup has just passed the milestone of 230,000 regular users. Lawpath has recently raised $7.5 million in an oversubscribed funding round, as it strengthens its position in the Aussie market, and strives to democratise access to legal advice for small and medium-sized businesses.
As Lawpath seeks to double its development team and scale up capacity and offerings, it became important to ensure that their environments grow securely while maintaining compliance. Future change and enhancements made in the environments need to be done in a disciplined and consistent manner to maintain reliability of their continuous deployment pipelines.
PolarSeven Solution
After conducting a Well-Architected Review, PolarSeven recommended a solution based on their p7-SecurityFoundation offering. This includes a Landing Zone created by AWS Control Tower and account separation using AWS Organizations to evolve security and security management.
It supports a more disciplined and hence streamlined continuous deployment pipeline, so developers can focus on their specific tasks. Single Sign On was configured with G Suite as the identity provider. This simplified providing more granular access for developers to environments and removing access when required.
Once the new environment was configured, existing resources were migrated into the appropriate accounts in the new landing zone. Infrastructure as Code using Sceptre on top of CloudFormation was used to ensure deployments from one environment to the next, non-prod, to staging and ultimately to production was consistently well managed - and with zero downtime.
AWS Security Hub was implemented providing a security and compliance dashboard.
Results and Benefits
In the words of the Lawpath CTO Vincent Alcantara:
“Since the introduction of the recommended steps from the PolarSeven review, our devs have adopted the new processes of accessing the different environments and we've seen more reliability in our continuous deployment moving away from CircleCI.”
Using AWS Security Hub, Lawpath now demonstrates their security posture with regard to their AWS resources and users. They can continue to scale up with the assurance that their secure environment will grow with them without taking additional time and effort to manage.