§ 00·0x00/CASE STUDY / ENERGY & CLIMATE
No security theater. Just meaningful protection.
“I don’t have a lot of patience for tools that don’t meaningfully improve the actual underlying security.”— JOHN BARTON, CTO, AMBER ELECTRIC
§ 01·0x01/WATCH / THE STORY
John Barton on picking CipherStash.
Amber’s CTO on evaluating vendors, why the cryptographic solution integrated cleanly with their AWS + TypeScript stack, and what it unlocked for international expansion.
§ 02·0x02/ABOUT / THE COMPANY
Climate-focused energy, now going global.
Amber Electric started in Australia by giving residential customers direct access to the wholesale energy market. What began as a bet on a fairer, greener grid has grown into a platform that puts real-time pricing and clean-energy choice in the hands of everyday households.
Amber is now expanding internationally, which means handling more of their own data and significantly more customer data across divergent regulatory regimes, including the GDPR. Each new market brings a new compliance bar, and Amber needed a foundation that could scale with that reality rather than slow it down.
§ 03·0x03/REQUIREMENTS / THE BRIEF
Three constraints, one solution.
01
No security theater
When John Barton, CTO at Amber Electric, ran vendor selection he was explicit about what he did not want: security theater. He needed tools that meaningfully improved the actual underlying security posture of the product, not boxes to tick for a questionnaire. At the same time, the solution had to satisfy the external compliance asks coming from enterprise clients and partner security teams.
02
Multi-regulatory compliance
As Amber expands internationally, customer data obligations multiply. GDPR is the most visible requirement, but each new jurisdiction comes with its own rules about how personal information is stored, accessed, and audited. Amber needed a data protection layer that could meet the bar of each regulatory regime as they hit it, without re-platforming every time.
03
Fits the existing AWS + TypeScript stack
Amber runs a modern AWS stack, with most of their application code deployed as Lambda functions written in TypeScript, backed by Postgres and DynamoDB. Any encryption solution had to drop into that stack natively and stay out of the way of the product team's day-to-day workflow.
§ 04·0x04/DECISION / WHY CipherStash
One SDK. Two databases. Zero proxy hop.
Amber adopted the CipherStash Encryption SDK, called directly from their TypeScript Lambda code at every read and write boundary against both Postgres and DynamoDB. Sensitive customer fields are encrypted on the way in and decrypted only in the right context on the way out — no separate proxy hop and no change to how Amber operates their databases.
A signed authentication context is posted everywhere data is touched, which produces a clear, provable audit trail of when and where individual customer data is accessed, and by whom. That audit trail is not a bolt-on log pipeline — it is a cryptographic property of how the data is accessed. For Amber’s compliance conversations with clients and regulators, that shifts the discussion from “trust our logs” to “here is the cryptographic evidence”.
“There’s kind of an elegance of the cryptographic solution and its integration with AWS that meant in the ordinary development workflow, these things were really, really transparent to the developer experience.”— JOHN BARTON, CTO, AMBER ELECTRIC
§ 05·0x05/OUTCOME / DELIVERY
Tough timelines, hit anyway.
Adopting CipherStash let Amber hit tough timelines. They delivered new tenant solutions for overseas clients, satisfied the security teams asking hard compliance questions, and did it with minimal impact on the core product team’s roadmap.
As Amber continues to expand globally, CipherStash meets the need of each compliance regime as they hit it — rather than forcing a fresh security project for every new market.
2
Databases protected (Postgres + DynamoDB)
GDPR+
Multi-jurisdiction compliance
∞
Customer data audit trail
“Security and agility has historically been a tradeoff. There are some really good vendors, and CipherStash is one of them, for having that kind of startup, agility-friendly, secure base.”— JOHN BARTON, CTO, AMBER ELECTRIC
§ 06·0x06/NEXT / YOUR STACK
Build the same guarantees.
If you are running regulated workloads on AWS Lambda against Postgres or DynamoDB, talk to us. Every CipherStash deployment starts with a single encrypted field and scales from there.