Cyber liability portal for a global insurance provider

Cyber liability portal for a global insurance provider

Itransition delivered an educational cyber liability portal to help the customer provide great experiences to both existing and potential clients.


Our customer is an international specialty insurance company offering a wide range of solutions worldwide. They wanted to nurture their existing clients by providing them with a new cybersecurity learning portal.

The customer wanted the portal to teach users about cyber liability threats and how to avoid them with the help of:

  • Personalized content and learning management features to provide end clients with 360-degree cyber security training which includes articles, tailored tips, interactive exercises, and phishing simulations
  • Content management capabilities to enable their employees to efficiently create and manage content
  • Cloud-based architecture to continue the customer’s digital transformation journey and ensure the solution’s maintainability and scalability

Additionally, the customer expected the portal to grow over time and include more customer-specific information, such as identified cybersecurity exposures and policy information.

The customer selected Itransition as a software development partner as they were impressed with our expertise in delivering content management and learning solutions. Moreover, they took into account our extensive insurance software development expertise and the rich domain knowledge we accumulated.


Itransition developed a web-based cyber liability portal for the customer’s clients that we later extended to also cater to the new clients’ needs. For the portal, our team developed a neat UX/UI design and set up an AWS-based microservices infrastructure.

Content & learning management

Our team discussed with the customer how the new portal would fit into their current client nurturing processes and educational initiatives. We suggested utilizing a ready-made content management system as it would meet all the customer’s business needs and decrease the time and resources spent on developing the portal.

Having explored content management systems available on the market, Itransition suggested utilizing Strapi, a low-code headless CMS. It aligned perfectly with business and technical requirements and brought  the following benefits to the portal:

  • Future-proof — with the headless CMS, the frontend is independent of the backend, meaning that our team could leverage the latest frontend frameworks
  • Customizable — Strapi’s out-of-the-box functionality is highly customizable, ensuring the solution can be easily expanded
  • Less computing power — the headless CMS generates the frontend as static pages, which decreases resource utilization in the cloud

To ensure the portal has great educational potential, Itransition integrated it with our customer’s internal system responsible for generating personalized cyber risk reports for each client. Even though the customer had a ready-made API for automatic file retrieval, our team adapted it to be used on the platform. We also enabled admins to manually upload risk reports to user profiles in case additional reports become available.

Admins can also link the identified issues from the report with the content pieces on the portal to direct users to the most relevant articles and training courses and help them fill in their knowledge gaps. Thus, we made the portal a one-stop shop for users’ cyber security needs.

As for learning management, our team enabled the portal’s integration with Wizer, a cyber liability learning platform with training courses, phishing simulations, and gamified exercises. Since our customer and their clients were already familiar with Wizer through their learning projects, we decided it would be best to integrate the portal with it rather than build a new LMS.

UX/UI design

In this project, the UX/UI design part played a crucial step in the portal’s success, as it was important to ensure users would find the platform enjoyable and user-friendly. To create the portal’s design, we used Ant Design, a React-based library and UI framework with ready-made components and elements to accelerate the portal’s front-end development. Itransition developed the design in line with our customer’s brand book, preserving the look and feel that the customer has across their other IT solutions. Apart from the style guidelines, the customer granted a high degree of freedom to our UX/UI designers, trusting their expertise and experience in creating online portals.

Making the portal public

The customer initially aimed to create the portal for existing clients only. But, impressed with the intermediary results delivered by our team, they decided to use the portal to attract new clients.

Having discussed the customer’s ideas and objectives, our team suggested introducing a more nuanced system of accessing the portal’s content to increase its marketing potential.

Initially, all the articles were made available to the user once they logged into the portal by following the invitation link sent to their corporate emails by the portal’s admins. But with the portal becoming public, our customer wanted to restrict certain content only to their existing end clients. Thus, Itransition developed visibility parameters (private, public, public unlisted options) and enabled them for the articles.

However, since the portal’s frontend is made up of static pages that are pre-generated, the web application cannot check via an API if a user has suitable permission to access an article or if the visibility parameter has changed. Thus, we suggested introducing incremental builds into the customer's infrastructure to create a more tailored content access system.

With the incremental builds, the portal’s backend registers when admins change the article and checks if it should launch a new incremental build with the applied changes. If yes, then the system generates new updated pages with static content and deploys them to the cloud, granting users public access to the previously private article.

Technology & tools

For the frontend, we utilized Gatsby, a static site generator, and Strapi, a headless open-source CMS. The portal’s backend was created on the Node.js platform, with MySQL as a database. Our team set up CI/CD processes with Jenkins to securely and efficiently deliver product increments.


Itransition suggested utilizing to maximum advantage the existing AWS cloud setup and practices to focus team efforts on developing new features that extend the portal’s capabilities. To realize the portal’s architecture on microservices, Itransition leveraged the following AWS services:

The solution’s microservices architecture

The solution’s infrastructure is split into two parts, with one part processing static frontend-related traffic, and another — the dynamic backend traffic. Amazon Route 53 contains DNS records that allow matching domains and requests with AWS. AWS Application Load Balancer is forwarding dynamic API requests to the services in private subnets based on target groups. Amazon CloudFront is responsible for retrieving static content (HTML web pages) from S3 buckets, caching it, and delivering it to portal users.

Amazon CloudFront distribution is split into frontend, backend, and content upload with Amazon S3 buckets and has similar data segmentation to ensure the services would request and use only the data indispensable for their operations. Our team added AWS Lambda between the frontend Amazon CloudFront and the related S3 bucket to establish a link between them by adding an html index to content stored in S3 buckets.

When designing the solution’s architecture, Itransition focused on data security, since the portal stores sensitive information about the customer’s end clients. To ensure data protection, our team set up private subnets with limited and minimized interservice communication as advised by AWS best practices. Private subnets are accessible via the Application Load Balancer that is located in the public subnet to receive incoming traffic and distribute it among target groups. We also added Amazon SNS which allows users to set up multi-factor authentication via their mobile phone for accessing the portal.

Application Load Balancer triggers Amazon ECS that stores rules and templates for configuring computing capacity in the EC2 instance. Our team added an Auto Scaling group to ensure the infrastructure would react to varying traffic loads, creating or terminating Amazon EC2 instances for optimal capacity. To enhance security and data protection, we heavily restricted access with edit rights to S3 buckets, ensuring that only a very limited number of users would have access to the customer’s sensitive data.

We leveraged Amazon RDS for MySQL to manage database resources in the cloud. Itransition also added a private Amazon ECR to store docker images. To provide full transparency into the AWS configuration, our team added Amazon CloudWatch for monitoring and logging cloud resources.


The team included a project manager, a tech lead, a business analyst, and UX/UI design, software engineering, DevOps, and QA professionals. We leveraged Scrum as the project management methodology, delivering the solution in increments and conducting necessary ceremonies. Our team worked in two-week sprints, demoing the results to stakeholders.

We suggested utilizing a Time & materials pricing model with a budget cap and a fixed deadline. The model provided the customer with great visibility into the project’s budget and end date, while also providing our team with enough agility to develop the project most efficiently.

To ensure transparency, Itransition prepared detailed project progress reports, allowing the customer to assess project progress at any level of granularity, from overall resources available/spent to individual velocity charts.

At the project’s start, we defined its scope and, before each sprint, prioritized backlog items in close collaboration with our customer’s director of product management — the main stakeholder who performed a product owner’s role. With them, we set project priorities, clarified the requirements, and discussed feature ideas. Additionally, our team synced up on the technical aspects with IT stakeholders to ensure the portal would seamlessly fit into the customer’s existing systems.


Itransition delivered a cyber liability portal with content management and learning capabilities which serves as a one-stop shop for all cyber security education and training. We set up an AWS-based microservice infrastructure and created the portal’s design to ensure a great user experience for the customer’s existing and future clients.

  • 2,000 active users (last 90 days)
  • About 100 content pieces on the platform
  • Less than 1 hour for deployment