The Company is a corporate travel management organization that helps control costs of business travel and incentivize employees via easily accessible business travel opportunities.

The Company was looking to securely process customer banking transactions without third-party services involved. That could be achieved only if their infrastructure processes were automated and compliant with PCI-DSS standards.

Squadex built a new automated infrastructure in compliance with PCI-DSS standards. Specifically, the team changed the networks, implemented logging and notifications, set up VPC, as well as assisted the Company in preparing the documentation required by PCI-DSS.

The Company obtained a PCI-DSS certificate that allowed to accept direct and secure payments from the Company’s customers using bank cards.

3%

Cost Saving for Customers

35%

Cost of Ownership

40%

Shorten Release Cycle

Squadex DevOps Consulting Services

Infrastructure Processes Automation

Security Protocols Configuration

About the Company

The Company is a travel management organization for businesses and business travelers. An end-to-end solution, it features booking technology, an inventory of travel options, 24/7 customer support, and an employee incentive program designed to save the Company’s funds. Travel can be booked and managed on the web or via a smartphone.

All functionality, including administrative travel management, is also accessible via the Company’s web application. Users have the ability to book travel, modify reservations, check travel plans, chat with travel agents, receive real-time travel notifications, and expense trips by contacting support for help across multiple devices.

PROBLEM

The Company wanted to accept customer payments directly, without having to rely on third-party services. They also needed to track all banking transactions processed through the platform and to securely collect and store client-sensitive data, such as credit card details and transaction history. To enable these capabilities, the Company needed to upgrade their infrastructure and development processes to be able to undergo a PCI-DSS certification.

The Company’s AWS-based solution architecture was not compliant with PCI standards: no proper access limitations, no separate networks for different environments and services, and other security leaks. Fault tolerance and monitoring were not implemented, too. The Company required immediate assistance to rework their infrastructure to comply with PCI-DSS requirements.

SOLUTION

Squadex upgraded the Company’s AWS infrastructure to comply with PCI standards by implementing access rules, roles and groups; implementing separate VPC for different environments types and services; implementing full logging audit, monitoring, and alerting.

The company’s network architecture was optimized, which included separate VPC for Production/Staging/Development environments, use of segmented Public/Private Subnets, NAT gateways for outbound connections, and control of inbound and outbound traffic.

VPN access with a two-factor authentication was implemented allowing for a new network domain in the Amazon Route 53 service. The central logging solution based on AWS Elasticsearch and CloudWatch was implemented. The action audit system based on CloudWatch and CloudTrail was created. The solution that collects metrics from services and EC2 instances was developed, along with the alerting system based on these metrics.

Backups for all services, data storage, and EC2 instances were developed. From the security standpoint, anti-virus and vulnerability detection software on all instances was installed and updated. The system allowing for smooth migration of all the AWS services to the new infrastructure without downtime was proposed and implemented.

СloudFront was used for the delivery of static content to the Web application (images, templates for emails, etc.) using a Single URL. The implementation of geolocation-based, scenario-enabled quick and optimal content distribution. Due to the use of those solutions & tools and well-thought content caching, website pages could be delivered to users with low latency.

The current continuous integration and continuous deployment pipelines were enhanced. Automatic builds and tests on pull requests to code were added. GitHub merge restrictions were enforced; that is, it is required to receive at least one approve from reviewers and run tests successfully. Also, SonarQube, a continuous inspection tool to check code for vulnerabilities or bugs on code compilation, was added.

AWS Products Used

Results

The Company has obtained a PCI-DSS certificate and become legally permitted to securely process and store banking transactions’ data of their clients. That allowed to improve customer experience and eliminated the costs associated with third-party payment systems, which the Company had to use for payment processing. Additionally, due to the adjustment of the Company’s infrastructure to PCI-DSS standards, they gained fault-tolerant and data theft-protected infrastructure to secure both their own and their clients’ data.

Testimonials

We needed to transition to AWS because our total cost of ownership was extremely high. It didn’t help that our deployment time was too long either because of some work we did manually. Squadex helped us automate the processes that were previously done manually and smoothly transitioned Model N to AWS while keeping us compliant. This saved us money we wasted due to inefficiencies, improved our development process, and, to top it off, we are now able to deliver quality applications to our users at a lower cost.

Yuri Yaport, Director of IT at Model N

Looking to Improve Your IT Operations?Schedule Free Consulting Session