Fonix Mobile - Mobile & Billing System Security in Amazon Web Services (AWS)

While Alert Logic has been working with companies in Europe for years, with the opening of our new office in the United Kingdom, we’re meeting and working with more European companies than ever before.

One interesting company we’ve had the pleasure to start working with recently is Fonix Mobile. Fonix is a hot new startup made up of industry veterans in the mobile interactive business. Fonix delivers SMS messaging and mobile payment billing solutions using an Amazon Web Services (AWS) platform. When chatting with the chief technology officer, Marcus Kern, he described what they provide is a service to companies that would like to engage with customers via SMS messaging. The example I thought of was how you can text to vote for your favorite contestant on American Idol, but it sounds like Marcus and the team at Fonix can enable even more interesting and engaging SMS communication.

In talking to Marcus about what they’re doing in AWS, a few interesting topics came up: how they decided to use AWS for their infrastructure, how they determined they needed additional security solutions, and how they selected Alert Logic as their security partner.

Selecting Amazon Web Services
Marcus described his background as having similar roles with similar types of organizations in the past, so had a good idea about infrastructure options for Fonix. Co-locating at a datacenter was a possibility, though that came with more up-front costs and commitment they would have with a public cloud provider.

Public cloud providers brought some concerns, like whether data privacy would be an issue. These concerns were put to rest in no time with AWS once Marcus and team spent time learning what AWS provides for securing their infrastructure.

Additional Security Requirements
As a relatively new startup, and one that would managing some sensitive data like mobile numbers and data for billing customers, the Fonix team decided to pursue ISO 27001 certification to both ensure they had strong security processes in place and also to show the world (or at least their customers) that they were serious about security.

ISO 27001 is a broad framework and it will take time for Fonix to go through the complete process. One of the initial requirements that came out of their ISO 27001 work was the need for intrusion detection and vulnerability scanning, both to ensure nothing malicious infiltrates their network and to be on the lookout for potential weaknesses. For Fonix, these technologies made sense both to help them on their journey to certifications, but also and more importantly, to protect their mobile applications and their customer’s data.

Alert Logic as a Security Partner
I won’t share all the details about why Fonix selected us as a security partner but please check out the success story if you’re interested. One of our favorite points was that Marcus found Alert Logic in the AWS Marketplace and it was important to him to work with a partner who was committed enough to AWS to have done to work to ensure our solutions work natively in the AWS cloud.  We’ve worked hard over the past year and half to make all our products available in the Marketplace and it’s nice to see organizations like Fonix finding us there.