Developing a cloud-native application in AWS with a secure-by-design approach

Accelerating modern app development in the cloud with CI/CD and simplifying application security and operations with cloud-native tooling.



  • Delivered a scalable, modular, and secure microservices-based HR management application in AWS.
  • Adopted a secure-by-design approach to ensure that the application can securely handle the PII of employees.
  • Accelerated solution delivery using modern and automated CI/CD pipelines and cloud-first toolset.
  • Aligned the application with AWS Best Practices and optimized it for rollout in other geographies.


Bata, a global leader in footwear and apparel, is headquartered in Lausanne, Switzerland, and operates 5300+ shops in over 70 countries. They wanted to develop an HR management system (HRMS) to support internal operations. The application would be deployed in a South-East Asian market, following which, it would be rolled out in other geographies.


They wanted to develop a secure and scalable HRMS application that would support employee operations in various geographies. Because this application would store and access the Personal Identifiable Information (PII) of various employees, ensuring data security was a key requirement:  

  1. Develop a scalable and secure cloud-native HRMS application that would empower employee operations.
  1. Ensure that the application is protected from various threat vectors like brute force, SQL Injection (SQLI), and Man-in-the-Middle (MITM) attacks.  
  1. Enable easy application and security operations and deliver an agile and flexible solution with cloud-first foundations.

This application would be deployed in other countries once enriched features and more functionalities are added.  


Bata engaged Velocis to build and deploy the cloud-based HRMS application. Velocis’s team delivered a modular, containerized application running on AWS Elastic Kubernetes Service (EKS), Amazon EC2, and Aurora Serverless. The application leverages Amazon GuardDuty for threat protection, and CloudWatch for monitoring and alerting.

Here are the key highlights of the deployed solution:

  1. Architecture: Developed a microservices-based application and deployed it with AWS EKS on m5a AMD processors to run the app logic. The client’s VPC spans two Availability Zones (AZs) with two public and private subnets, of which the server running the app logic is hosted in one of the public subnets.  
  1. Security and operations: Configured AWS WAF to monitor and scan the application traffic for suspicious activity. This is complemented by GuardDuty, which prevents threat actors from extraditing data outside the application environment. In addition, Amazon CloudWatch is configured to monitor application performance and alert the right personas when alarms are triggered. CloudTrail is configured to log console actions and Security Hub powers other security capabilities.  
  1. Automated Delivery: The application delivery is powered by an Amazon EC2-based Jenkins CI/CD pipeline, which automates the code-to-release cycle. AWS EKS pulls docker images from the AWS Elastic Container Registry (ECR) and deploys them to the EKS node.

Business outcomes

The cloud-native application delivered by Velocis meets the security, scalability, and performance requirements of the Bata. Here are the key benefits that they realized through this solution:

  1. The cloud-native application is modular and scalable, and it can be evolved and rolled out in other geographies.
  1. The application leverages strong security capabilities which are implemented using cloud-first tooling offered natively by the platform.
  1. Highly optimised application architecture and simplified application operations minimise the management overheads for the client.
  1. Rapid delivery using cloud-native development tooling and CI/CD automation speeds the time from code to deployment.


Get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.