Founded in 1985, Naranja is Argentina’s largest credit card issuer, with over six million customers. The bank, which primarily services consumers, also offers loans and insurance products through 200 branches and commercial offices covering all provinces in the country.
Naranja had been running legacy infrastructure from two on-prem data centers, but over the past three years, it has experienced tremendous growth. The company needed scalability, flexibility, and the ability to implement modern technologies, such as smart analytics, mobility, and contactless payment so that it could continue providing valuable consumer solutions while simultaneously enhancing its value proposition. On-prem infrastructure was no longer meeting Naranja’s needs.
The company embarked on a company-wide digital transformation project that involved moving all of its systems and data to the cloud. The company’s leadership did not want to be tied down to any particular cloud vendor; they wanted to build a multi-cloud environment that would give them the flexibility to run the right workloads, in the right place, at the right time. They decided to move most of their workloads to AWS and put some of them in Microsoft Azure.
Naranja’s next step was to select a cloud-hosted solution that would enable them to maximize the security of their AWS and Azure environments while achieving maximum performance and value.
After evaluating a number of performance and security solutions from a variety of vendors, Naranja chose Cloudflare. They liked that Cloudflare’s solutions were cloud host-agnostic and cloud-native, and they appreciated that Cloudflare had a local presence in Argentina, which meant that their team could work closely with Cloudflare’s engineers throughout their cloud migration process.
“We see Cloudflare as a valuable entry point to the cloud,” explains Gabriel Balastegui, Cloud Networking Engineer. “Cloudflare is our first line of security perimeter defense. They’re a key partner that allows Naranja to run workloads in the cloud of our choice, as we see best.”
Naranja first implemented Cloudflare DNS and Load Balancer, later adding Page Rules, WAF, rate limiting, and CDN. The Cloudflare global network reduced egress traffic to its AWS deployment by 80%, which resulted in significant cost savings, as well as enhanced reliability and fewer outages.
“We’ve seen some of the greatest tangible benefits from the Cloudflare network,” Balastegui says, “but perhaps the greatest tangible benefit is the visibility Cloudflare gives us into our traffic, security policies, and security incidents. We had some visibility before, when we were running on-prem solutions, but Cloudflare has considerably improved it.”
Balastegui reports a very positive experience with Cloudflare’s security suite. In one 72-hour period, Cloudflare WAF blocked over 730,000 attempted attacks across five highly trafficked domains. “We value the visibility and threat mitigation that Cloudflare provides. The user interface is very user-friendly. We have WAF turned on at a very high level and are using most of the features of the firewall rules. We use them quite a bit for geo-blocking, so that we can block traffic from countries that do not have AWS instances. It’s been extremely useful in finding issues at the app level, which allows us to modify the code and mitigate them.” Tarjeta Naranja is also in the process of integrating Cloudflare’s security logs with its Splunk deployment.
Cloudflare has also enabled Naranja to automate IaaS deployment and configuration by using Cloudflare APIs with platforms such as Terraform. When the company originally implemented Cloudflare’s solutions, they used Cloudflare’s DNS service in a C-NAME configuration on their most critical domain. “Over time, we gained a lot of confidence in Cloudflare’s solutions, and we’re looking to migrate this domain to a full setup going forward,” says Balastegui.
Naranja is also very satisfied with Cloudflare Argo. After using Argo Smart Routing, they saw a 20% to 30% improvement in load times. Currently, Naranja is starting to use Argo Tunnel and is moving more of its on-prem workloads to Cloudflare to obtain greater visibility and enhance the security of its legacy apps. They are also testing using Argo Tunnel as an intermediate connectivity layer with their VPN and WAN to connect their datacenter with their cloud instances, and they are performing testing on planned use cases for Cloudflare Workers, including header manipulation.
Cloudflare CDN reduced egress traffic from Naranja’s AWS environment by 80%
Argo Smart Routing improved load times by up to 30%
In one 72-hour period, Cloudflare WAF blocked over 730,000 attempted attacks across five highly trafficked domains
“Cloudflare is our first line of security perimeter defense. They’re a key partner that allows Naranja to run workloads in the cloud of our choice, as we see best.”
Cloud Networking Engineer