Otto Group IT

Otto Group IT’s Transformation in Attachment
Handling: A Case Study

Otto Group IT

Client

Logo Otto Group IT

OTTO Group IT
Industry: E-Commerce
Headquarter: Hamburg

Consultant Activities

The project involved:

Quantitative Benefits

Introduction to the Customer

Otto Group IT serves as the centralized IT service provider for the Otto Group, an international conglomerate operating in online retail, branded concepts, financial services, and more. The group employs over 41,000 people and has an annual turnover exceeding 16 billion euros. Besides companies like Hermes, bonprix and ABOUT YOU, also OTTO as the largest German online shop is part of the Otto Group.

The Challenge: Original State of Attachment Handling

As the OTTO webshop (otto.de) transitioned to a platform approach, the need to enhance customer support and platform partner interactions emerged, particularly where file attachments like images were concerned. The original architecture had several limitations:

  1. Customers couldn’t directly attach images or other files via the support contact form.
  2. The proprietary document archive storing the attachments was occasionally unavailable due to technical restrictions.
  3. The system lacked a sufficient encryption for attachments, making it non-compliant with legal regulations.

Customer's Assignment

Otto Group IT sought a centralized, GDPR-compliant solution that was consistently available and could overcome the old system’s limitations. Essential features included virus scanning, filetype checking (e.g. JPEG, PNG or PDF), sufficient encryption, multi-tenancy, and adherence to complex operational standards.

Architectural and Feature Highlights

The solution adopted a “Pipes and Filters” modular architecture and used AWS Lambda functions as real-time, event-driven components. Data storage and processing state tracking were managed using AWS DynamoDB and S3. The whole service is fronted by a Spring Boot REST API running on a load-balanced ECS cluster. AWS SQS was used for messaging, AWS KMS for encryption key handling and rotation.

Key Functionality

The Attachment Service provides the following key functionalities:

  1. Upload: A client can upload attachments. The upload process includes the secure receiving of an attachment followed by some additional security measurements performed on the uploaded attachment asynchronously.
  2. Checking of Attachment Processing State:While the upload and security measurements are being processed, the client can query the Attachment Service real-time updates on the current processing state of the upload process.
  3. Download: A client can download an attachment after the initial upload and security measurement processes were completed successfully.
  4. Metadata Modification: A client can alter the attachment’s metadata after the initial upload and security measurement processes were completed successfully.
  5. Deletion: When uploading an attachment, a client must specify a retention period for the attachment based on legal or operational requirements. Once their retention period expires, the attachments are automatically deleted.
  6. Virus Scanning of files: As one requirement states that attachments should be scanned for viruses, the well-known linux-based virus scanning application ‘ClamAV’ was utilized and fronted with a custom REST API to query it programmatically. As this could be of great use for other teams in the future, we build an own service for that instead of just integrating it into the Attachment Service.

Conclusion

The new Attachment Service by Otto Group IT has introduced a future-oriented approach to attachment management. It features a GDPR-compliant, cloud-native, modular architecture that is highly available, scalable, and secure. This resolves the limitations of the original system, offering a future-proof, extendable solution that sets a new industry standard. The project marks a significant advancement in managing, storing, and securing attachments within the OTTO platform ecosystem.

MORE BUSINESS CASES

You want to learn more?

Scroll to Top