Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance
- Networks & Connectivity - Gateways
- Platform as a Service (PaaS) - Application Development Platforms
- Cement
- Construction & Infrastructure
- Quality Assurance
- Construction Management
- Infrastructure Inspection
- Cloud Planning, Design & Implementation Services
- Testing & Certification
TripActions, a corporate travel management organization, faced a significant challenge in enabling secure banking transactions without the need for third-party services. The company aimed to accept customer payments directly, track all banking transactions processed through the platform, and securely collect and store critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure. However, the existing infrastructure had several network, user access, monitoring, alerting, and CI/CD issues that needed to be addressed. The company approached Provectus to upgrade their infrastructure as part of their preparation for PCI-DSS compliance certification.
TripActions is a corporate travel management organization that aims to control the costs of business travel and incentivize employees through easily accessible business travel opportunities. The company sought to enhance its business travel platform by accepting customer payments directly, tracking all banking transactions processed through the platform, and securely collecting and storing critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure.
Provectus designed and built a new secure infrastructure in compliance with PCI-DSS standards for TripActions. The process began with an initial workshop to assess TripActions’ AWS infrastructure. Provectus enhanced TripActions’ AWS infrastructure in several stages, implementing access rules, roles, and groups, creating separate VPC for different environments types and services, and adding full logging audit, monitoring, and alerting. To optimize network infrastructure, separate VPC for production, staging, and development environments were created. Public and private subnets were segmented to control inbound/outbound traffic and outbound connections. Amazon Route53, VPN access with two-factor authentication, Elasticsearch and CloudWatch services were implemented. Backups for all services, data storage, and EC2 instances were created, and all instances received anti-virus updates. CI/CD pipelines were redesigned and improved, with a focus on automatic builds and tests on pull requests.