Global Food and Beverage Software Provider Modernizes Application Security with AWS Cognito



Business Challenges

  • Architectural Complexity – Product Development was under extreme pressure to support rapid development of application functionality. This would require spending less time on shared services and architecture and more time on net new end-user feature development
  • Rapidly Growing Customer Base – A rapidly growing customer base and innovative competitors were putting increased pressure on a growing Product Backlog and Product Management, driving a need for the organization to move and innovate faster
  • Reduce Security Attack Surface – Increasing pressures on the CFO and COO to achieve SOC2 certification resulting in the need to implement companywide security policies and procedures with Application Security (AppSec) as a major focus


  • Amazon Cognito – After evaluating a number of options that would help the organization innovate rapidly, in a high-quality economical way it was decided to gradually move the application to a serverless architecture. Amazon Cognito was chosen as the User Authentication solution to handle Identify and Access Management for the application:
    • Amazon Cognito User Pools were used to provide a more secure user directory that could scale to support millions of users
    • Leveraging the out of the box capabilities the organization was able to support authentication using social platforms such as Apple, Google, and Facebook while also supporting enterprise single sign-on providers
    • Amazon Cognito provides increased security is certified to be compliant with HIPAA, PCI DSS, SOC, ISO/IED 27001, ISO/IED 27017, ISO/IEC 27018, and ISO 9001


  • Reduction of Custom Code – reduced development costs and decreased time to marketing by eliminating 1000’s of lines of custom code.
  • Increased Application Security – eliminating custom code, leveraging security certified service, excluding sensitive data from company-maintained databases
  • Increased Focus on Feature Development – Remove burden for IAM from Engineering team, reduce size of code base, leverage serverless architecture, free up product development to work on value added end-user features