Bitso

Cloudflare supports Bitso’s rapid expansion with Zero Trust security and performance optimization

Mexico-based Bitso is the largest cryptocurrency platform in Latin America and the region’s first “crypto unicorn,” having secured $250 million in a recent Series C investment round that valued the company at $2.2 billion. Over two million customers use Bitso to buy, sell, send, and receive bitcoin and eight other cryptocurrencies. Bitso has a 95% market share in Mexico and over 60% in Argentina. In 2020, Bitso processed more than USD $1.2B of cross-border payments.

Challenge: Implement Zero Trust security and optimize performance to support exponential company growth

Cyber security must be paramount for crypto exchanges in order to create a transparent and reliable industry. Bitso started operations in 2014, since then, security has been a fundamental part of the business. Bitso started working with Cloudflare in 2016 and it is now a key component of their operation and security strategy.

“We understood that, as a nascent company, we wouldn’t be able to ensure security at a global scale on our own,” recalls Mario A Pérez Alejo, Cybersecurity Lead. “Cloudflare has been a key partner for Bitso since Day 1.”

Bitso initially used Cloudflare’s Web Application Firewall (WAF), Distributed Denial of Service (DDoS) protection, and Content Delivery Network (CDN). As Bitso’s product offerings and customer base expanded, the company upgraded to the Cloudflare Business Plan to access more advanced security features and prioritized customer support.

Cloudflare Business Plan served Bitso’s needs well until 2020, when the company began experiencing exponential growth. It took six years for Bitso to reach one million users, but only 10 more months to reach the next million. In addition to straining its network resources, Bitso’s expansion made the company a very attractive target for threat actors and cyber attacks.

Additionally, during this time Bitso became a fully remote company due to the COVID-19 pandemic, which brought about another challenge: remote access to services and applications through VPN, which became difficult to configure and manage. Plus, performance was not optimal, and it allowed for lateral movement across data and applications, which represented a risk for data loss.

To address these concerns, Bitso upgraded to the Cloudflare Enterprise Plan, which offers the most advanced security, performance and reliability solutions on the market. The company also added Cloudflare Access, which uses a Zero Trust model to help teams secure corporate applications with better performance and security than a VPN; Argo Smart Routing, which detects real-time network congestion and routes web traffic across the fastest and most reliable network paths; and Cloudflare Rate Limiting, which helps protect against DDoS and other automated cyber attacks.

“Cloudflare has given us the ability to route, keep and place in sync all our sites. Also, one of the biggest advantages of Cloudflare, is that it allowed us to handle our Infrastructure as a Code (IaC) with terraform, which led us to scale, maintain and ramp up our systems quickly,” says Zahid Fernandez Rodriguez, DevOps Engineer at Bitso.

Cloudflare Access supports Zero Trust by ensuring the right people have the right level of access to internal resources

Prior to deploying Cloudflare Access, Bitso’s employees used a VPN to connect to internal apps. The VPN was difficult to maintain and had suffered from frequent outages, which limited employee work. Additionally, creating new user accounts took hours, and often more than a day, which further affected efficiency.

It took Bitso only 10 minutes to deploy and integrate Cloudflare Access with its identity provider (IdP). Bitso can now provide access to internal resources within minutes.

“Cloudflare Access was a game-changer for Bitso. It made Zero Trust much easier,” Mario Perez said. “We now manage access to internal resources more efficiently, ensuring the right people have the right level of access to the right resources, regardless of their location, device or network.”

Bitso operates internationally, with collaborators in more than 30 countries around the world. In addition to enhancing efficiency by eliminating the outages associated with VPN, Access has helped to significantly improve their user provisioning procedures, regardless of geographic location and network of new employees.

Cloudflare WAF, DDoS, and Rate Limiting block millions of threats each month

While Bitso is the target of DDoS attacks of different magnitudes and the company often receives malicious requests, Cloudflare has effectively stopped these threats, allowing Bitso to continue servicing its customers without interruption.

“Cloudflare has been there when cyber attacks happen. Not only to help us block attacks, but also to provide the team with useful analytics that we can use to strengthen our security controls,” says Emilio Revelo, Security Engineering Manager at Bitso.

Next, Bitso plans to deploy Cloudflare Bot Management, which uses threat intelligence at scale to help organizations prevent attacks from malicious bots. “Bad bots are getting more sophisticated, and we need a sophisticated solution to mitigate them,” adds Mario Perez.

Argo ensures fast response times regardless of the customer’s geographic location

With 70TB of traffic monthly, Bitso’s bandwidth resources are constantly being taxed. The cryptocurrency trading market is highly competitive, and cryptocurrency traders are extremely demanding customers.

“We’re dealing with people’s money. If our platform is slow, our customers will get very concerned,” Mario Perez explained. “In this industry, a good customer experience is key to building trust, and low latency is key for a good experience.”

After deploying Argo Smart Routing and integrating it with the Cloudflare CDN, Bitso saw an immediate improvement of up to 42% in site speed for users in Argentina, a country that’s notorious for slow internet. In Mexico, Argo improved speeds by 38%.

“In the past five months alone, Bitso’s traffic has doubled, but Argo Smart Routing ensures fast response times for all of our customers, regardless of their geographic location, even in countries with slow internet speeds,” Mario Perez said.

Mario Perez points to the teamwork between Cloudflare and Bitso as a key element of a successful partnership. “Our local customer success team in Mexico is phenomenal. They’ve helped us strengthen our security and optimize performance,” he said. “I’m enormously grateful. Bitso has ambitious goals, and our partnership with Cloudflare is essential in achieving them.”

Bitso
Related Case Studies
Key Results
  • Argo Smart Routing improved response times by 47.24% on average. In Brazil, the response time has improved up to 60%, in Argentina 42%, while in Mexico up to 38%.

  • Cloudflare’s security solutions block over 7.5 million malicious requests to Bitso website each month.

  • By replacing VPN with Cloudflare Access, Bitso provides authorized access to internal resources in a few minutes instead of hours, or even days.

«Cloudflare Access was a game-changer for Bitso. It made Zero Trust much easier. We now manage access to internal resources more efficiently, ensuring the right people have the right level of access to the right resources, regardless of their location, device or network.»

Mario A Pérez Alejo
Cybersecurity Lead

«Cloudflare has been there when cyber attacks happen. Not only to help us block attacks, but also to provide the team with useful analytics that we can use to strengthen our security controls.»

Emilio Revelo
Security Engineering Manager