Streamlining Corporate Travel Operations in a Secure Cloud

Challenge

Attracting New Enterprise Clients on a Safer, More Secure Cloud Platform

As a way to enhance its business travel platform, TripActions aimed to:

• Accept customer payments directly, without having to use a third-party payment provider
• Track all banking transactions, which are processed through the platform
• Collect and store critical and client-sensitive data in a secure manner

To check these boxes and spur the company’s revenue growth by bringing new enterprise clients, TripActions platform had to be migrated to secure PCI-DSS-compliant infrastructure. As a part of their preparation for PCI-DSS compliance certification, TripActions approached Provectus to upgrade their infrastructure.

Assessing and Enhancing TripActions' AWS Infrastructure in the Cloud

The Provectus team conducted an initial workshop to assess TripActions’ AWS infrastructure. The analysis revealed a variety of network, user access, monitoring & alerting, and CI/CD issues.

Provectus enhanced TripActions’ AWS infrastructure in several stages:

• Access rules, roles, and groups were implemented
• Separate VPC for different environments types and services were created
• Full logging audit, monitoring, and alerting were added

To optimize network infrastructure, Provectus created separate VPC for production, staging, and development environments. Segmented public and private subnets (with NAT gateways) were used to control inbound/outbound traffic and outbound connections.

Amazon Route53, VPN access with two-factor authentication was implemented. Elasticsearch and CloudWatch services were used to develop a central logging solution. CloudWatch and CloudTrail services were implemented to create an effective action audit system. To empower the alerting system, a custom solution that collects metrics from services and EC2 instances was developed.

Provectus created backups for all services, data storage, and EC2 instances. All instances received anti-virus updates, with vulnerability detection software installed in advance. Smooth migration of AWS services, with no downtime, was achieved through the implementation of an innovative migration system.

The solutions to deliver static content to Web App was developed using СloudFront. The content can be instantly delivered using a single URL. Due to the implementation of the solutions and tools as well as content caching, website pages can load instantly, with low latency. This allows to enjoy geolocation-based, scenario-enabled quick and optimal content distribution.

CI/CD pipelines were redesigned and improved, with focus on automatic builds and tests on pull requests. GitHub merge restrictions were enforced. SonarQube, a continuous inspection tool to check code for vulnerabilities or bugs on code compilation, was added.

Enabling Secure Customer Payments on a PCI-DSS Compliant Infrastructure

TripActions migrated their application to new secure infrastructure, which allowed them to comply with PCI-DSS standards.

The company qualified to become legally permitted to directly accept customer payments, track banking transactions, and securely collect and store transaction data, such as credit card details and transaction history.

TripActions managed to considerably improve product quality and optimize IT operations, which spurred business growth and had a positive impact on overall business performance.

Moving Forward

1. Learn more about Provectus Services
2. Explore more customer success stories covering cloud migration: IMVU, Swiftmile, Model N, Blue Bottle Coffee
3. Request AWS Cost Optimization Review to get started