Contact Us

Modernizing a Cloud-Native Security Platform at Scale

This case describes our work on a converged operations platform designed to centralize and automate physical security operations for organizations with complex access-control needs

  • 30% faster

    Overall platform performance

  • >25–40% ops

    Lower day-to-day maintenance effort

  • 50+ integrations

    Reusable components for new devices

About Project: Why We Stepped In

At the time our developers joined the project, the solution already existed as a group of interconnected services, including an AI-powered analytics and detection platform, rule-processing services are responsible for ingesting and evaluating events from physical devices, and a frontend service.

We stepped in to implement new features and conduct large-scale technical modernization of the platform.

The original system was built using a mix of Python, TypeScript / Node.js, and Golang, deployed on Google Cloud Platform, with Google Cloud Spanner as the primary database.

The platform is used by organizations that need to control access to facilities, manage vehicle entry and movement on secured territories, and correlate events from multiple physical security systems in real time.

About Project: Why We Stepped In

Client’s Requests: Modernization & Database Migration

  • Migrating Core Services

    from Python to Golang for performance and operational consistency.

  • Migrating the Database Layer

    from Spanner to PostgreSQL.

  • Building a New Identity-Enrichment Service

    to augment incoming events with identity data.

  • Creating and Unifying Swagger / OpenAPI

    documentation across services written in different languages.

  • Extending Existing Services

    to support new types of physical devices generating events.

  • Adding New REST Endpoints

    and advanced filtering capabilities to existing APIs.

  • Implementing Request-Level Caching

    to reduce load and latency.

  • Optimizing Service Performance

    under increasing event volume.

  • Migrating the Entire Solution

    from GCP to AWS.

  • Replacing Pub/Sub

    with Kafka for event streaming.

  • Integrating Temporal

    for workflow orchestration.

  • Migrating CI/CD

    from Google Pulumi to Terraform.

  • Simplifying the Frontend Service

    by removing backend-like responsibilities.

Client’s Requests: Modernization & Database Migration

Challenges We’ve Tackled

Challenges We’ve Tackled

Working on this project involved several non-trivial challenges:

  • Legacy Codebase Across Multiple Stacks

    The platform included legacy services written in TypeScript, Python, and Node.js, each with different architectural assumptions and tooling.

  • High Entry Cost for Domain Understanding

    Before implementing changes, we had to deeply understand the existing security workflows, data models, and event lifecycles across multiple services.

  • Local Integration Testing

    Reproducing realistic end-to-end scenarios locally required significant effort due to the number of interconnected services, external integrations, and asynchronous workflows.

  • Infrastructure and Platform Migration

    The transition from GCP to AWS, Spanner to PostgreSQL, and Pub/Sub to Kafka required careful planning to avoid downtime and data inconsistencies.

Solutions We’ve implemented

  • Service Migration and Refactoring

    Critical services were gradually rewritten in Golang. This helped to improve performance, predictability, and operational simplicity. Shared patterns for logging, configuration, and error handling were standardized across services.

  • Database Migration Strategy

    We migrated from Spanner to PostgreSQL with careful schema redesign, query optimization, and explicit handling of transactional boundaries that differ between the two databases.

  • Identity Enrichment Service

    A new dedicated service was introduced to enrich raw security events with identity context. This reduced coupling between services and made enrichment logic reusable and easier to evolve.

  • Unified API Documentation

    Swagger / OpenAPI generation was standardized across services, despite different implementation languages. This significantly improved collaboration between backend, frontend, and integration teams.

  • Caching and Performance Optimization

    We implemented request-level caching for high-traffic endpoints and optimized database access patterns. This reduced response times and backend load.

  • Event Streaming and Workflow Orchestration

    Kafka replaced Pub/Sub to support more flexible event processing, while Temporal was integrated to orchestrate complex, long-running security workflows reliably.

  • Infrastructure as Code Migration

    CI/CD pipelines and infrastructure provisioning were migrated from Pulumi to Terraform, improving transparency, reproducibility, and cross-cloud consistency.

  • Frontend Simplification

    Backend-like logic was removed from the frontend service, reducing complexity and clarifying responsibility boundaries between client and server layers.

Solutions We’ve implemented

How The System Works

How The System Works

Here’s how the platform operates when handling real-world security events:

  • Event Сollection

    Physical security devices, like card readers at building entrances, cameras in parking lots, or sensors on gates, generate events whenever something happens. For example: "Card #12345 scanned at North Entrance at 8:47 AM."

  • Event Streaming

    These events flow into Kafka, which acts like a high-speed pipeline that can handle thousands of events per second. Kafka ensures no events are lost and makes them available to multiple services simultaneously.

  • Identity Enrichment

    The identity enrichment service picks up each event and adds context. It looks up who owns Card #12345 and adds information like: "John Smith, Engineering Department, authorized for North Entrance access."

  • Rule Processing

    Rule-processing services evaluate each enriched event against configured security rules. For example: Is this person authorized for this entrance? Is this access happening during allowed hours? Is there an unusual pattern (like entering the same building twice without exiting)?

  • AI Analytics

    The AI-powered analytics platform looks for patterns across many events. It might detect unusual behavior like when a vehicle repeatedly circling the parking lot, multiple failed access attempts in a short time, or access patterns that don't match someone's normal schedule

  • Workflow Orchestration

    When security rules are triggered or anomalies are detected, Temporal manages the response workflow. For example, it can send an alert to the security team, lock down a specific entrance, or require additional verification for the next access attempt. Temporal ensures these multi-step workflows complete reliably, even if they take hours or span multiple shifts.

  • Dashboard and Management

    Security operators use the web dashboard to view real-time security events as they happen, see analytics and statistics about access patterns, and manage user permissions and access rights. The dashboard also allows to investigate incidents and review historical data and configure rules and response workflows. All of this happens in real-time, processing events within seconds of when they occur at physical devices.

Technologies We Used

  • Python

  • Golang

  • OpenAPI

  • Swagger

  • PostgreSQL

  • Kafka

  • Temporal

  • AWS

  • Terraform

Key Outcomes Included:

Key Outcomes Included:

  • Performance Improvements

    Services became about 30% faster overall. Individual services that we migrated improved by 25–40%, depending on their specific workload. This means security events are processed faster, and the system can handle more organizations.

  • Clearer Architecture

    Each service now has a well-defined responsibility, making the system easier to understand and modify. Changes to one service are less likely to break others.

  • Reduced Operational Work

    Day-to-day operational effort decreased by 25–40% thanks to consistent tools and patterns across services. Teams spend less time on maintenance and more time on new features.

  • Faster Developer Onboarding

    New developers understand the system about 70% faster thanks to unified documentation and consistent structure. Each service has detailed documentation explaining what it does and how it works.

  • Easier Integrations

    We added about 50 reusable integration components and created a standard approach for connecting new physical devices. Organizations can now add new card readers, cameras, or sensors much more easily.

Key Outcomes Included:

Related Services We Provide

  • Mobile App Development

    Design and build highly responsive mobile apps that are easy for users to navigate and enjoy.

    Learn more

  • MVP Development

    Validate and launch your product vision with seamless user flows and accessibility across platforms.

    Learn more

  • AI Software Development

    Custom AI development services for maximum accuracy, efficiency, and tangible business impacts.

    Learn more

Collaboration Summary

We modernized the platform by migrating to newer technologies, improving performance by 30%, and making the codebase easier to maintain and extend.

The result is a faster, more reliable platform that’s easier to operate and ready to grow with the client’s expanding customer base. This project demonstrates our ability to work on large-scale, security-critical systems.

Our team understands complex existing platforms quickly and delivers meaningful improvements without disrupting the ongoing operations, which is one of the most important things for companies we work with.

Collaboration Summary image 2
Contact Us
Computer Vision Software for Manufactories
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Marketing

This website uses the following additional cookies:

  • Google Ads
  • Microsoft Clarity
  • LinkedIn Insight Tag
  • Twitter/X Pixel
Powered by  GDPR Cookie Compliance