Otto Group IT
Otto Group IT’s Transformation in Attachment
Handling: A Case Study
Otto Group IT
Client
OTTO Group IT
Industry: E-Commerce
Headquarter: Hamburg
Consultant Activities
The project involved:
- Comprehensive architectural redesign.
- Implementation of two cloud-native services for attachment handling and virus scanning.
- Compliance with GDPR and other legal mandates.
- Compliance with operational standards.
Quantitative Benefits
- Scalability: The Attachment Service is processing well over 100,000 attachments per month.
- Multi-tenant readiness: Already four different clients are utilizing the Attachment Service. Multiple other clients are expected to onboard in a near future.
- Security: Advanced two-layer encryption techniques eradicated vulnerabilities and make the Attachment Service GDPR compliant.
- Availability: As the clients are now decoupled from the proprietary document archive, the whole process has an availability of at least 99.99%.
Introduction to the Customer
Otto Group IT serves as the centralized IT service provider for the Otto Group, an international conglomerate operating in online retail, branded concepts, financial services, and more. The group employs over 41,000 people and has an annual turnover exceeding 16 billion euros. Besides companies like Hermes, bonprix and ABOUT YOU, also OTTO as the largest German online shop is part of the Otto Group.
The Challenge: Original State of Attachment Handling
As the OTTO webshop (otto.de) transitioned to a platform approach, the need to enhance customer support and platform partner interactions emerged, particularly where file attachments like images were concerned. The original architecture had several limitations:
- Customers couldn’t directly attach images or other files via the support contact form.
- The proprietary document archive storing the attachments was occasionally unavailable due to technical restrictions.
- The system lacked a sufficient encryption for attachments, making it non-compliant with legal regulations.
Customer's Assignment
Otto Group IT sought a centralized, GDPR-compliant solution that was consistently available and could overcome the old system’s limitations. Essential features included virus scanning, filetype checking (e.g. JPEG, PNG or PDF), sufficient encryption, multi-tenancy, and adherence to complex operational standards.
Architectural and Feature Highlights
The solution adopted a “Pipes and Filters” modular architecture and used AWS Lambda functions as real-time, event-driven components. Data storage and processing state tracking were managed using AWS DynamoDB and S3. The whole service is fronted by a Spring Boot REST API running on a load-balanced ECS cluster. AWS SQS was used for messaging, AWS KMS for encryption key handling and rotation.
Key Functionality
The Attachment Service provides the following key functionalities:
- Upload: A client can upload attachments. The upload process includes the secure receiving of an attachment followed by some additional security measurements performed on the uploaded attachment asynchronously.
- Checking of Attachment Processing State:While the upload and security measurements are being processed, the client can query the Attachment Service real-time updates on the current processing state of the upload process.
- Download: A client can download an attachment after the initial upload and security measurement processes were completed successfully.
- Metadata Modification: A client can alter the attachment’s metadata after the initial upload and security measurement processes were completed successfully.
- Deletion: When uploading an attachment, a client must specify a retention period for the attachment based on legal or operational requirements. Once their retention period expires, the attachments are automatically deleted.
- Virus Scanning of files: As one requirement states that attachments should be scanned for viruses, the well-known linux-based virus scanning application ‘ClamAV’ was utilized and fronted with a custom REST API to query it programmatically. As this could be of great use for other teams in the future, we build an own service for that instead of just integrating it into the Attachment Service.
Conclusion
The new Attachment Service by Otto Group IT has introduced a future-oriented approach to attachment management. It features a GDPR-compliant, cloud-native, modular architecture that is highly available, scalable, and secure. This resolves the limitations of the original system, offering a future-proof, extendable solution that sets a new industry standard. The project marks a significant advancement in managing, storing, and securing attachments within the OTTO platform ecosystem.