Migration to Secure Infrastructure
TripActions enables secure customer payments with a PCI-DSS compliant cloud infrastructure
TripActions is a corporate travel management organization that helps control costs of business travel and incentivize employees via easily accessible business travel opportunities.
To enable secure banking transactions without 3rd-party services, TripActions needed their infrastructure processes to be automated and compliant with PCI-DSS standards
Provectus designed and built a new secure infrastructure in compliance with PCI-DSS standards and prepared the documentation for PCI-DSS certification
TripActions received a new PCI-DSS compliant infrastructure, which allowed to process payments & transactions with no 3rd-party involved
35% reduction in TCO
40% shorter release cycle
3% reduction in customer expenses
PCI-DSS compliance readliness
Enchanced product performance
As a way to enhance its business travel platform, TripActions aimed to:
- Accept customer payments directly, without having to use a third-party payment provider
- Track all banking transactions, which are processed through the platform
- Collect and store critical and client-sensitive data in a secure manner
To check these boxes and spur the company’s revenue growth by bringing new enterprise clients, TripActions platform had to be migrated to secure PCI-DSS-compliant infrastructure. As a part of their preparation for PCI-DSS compliance certification, TripActions approached Provectus to upgrade their infrastructure.
The Provectus team conducted an initial workshop to assess TripActions’ AWS infrastructure. The analysis revealed a variety of network, user access, monitoring & alerting, and CI/CD issues.
Provectus enhanced TripActions’ AWS infrastructure in several stages:
- Access rules, roles, and groups were implemented
- Separate VPC for different environments types and services were created
- Full logging audit, monitoring, and alerting were added
To optimize network infrastructure, Provectus created separate VPC for production, staging, and development environments. Segmented public and private subnets (with NAT gateways) were used to control inbound/outbound traffic and outbound connections.
Amazon Route53, VPN access with two-factor authentication was implemented. Elasticsearch and CloudWatch services were used to develop a central logging solution. CloudWatch and CloudTrail services were implemented to create an effective action audit system. To empower the alerting system, a custom solution that collects metrics from services and EC2 instances was developed.
Provectus created backups for all services, data storage, and EC2 instances. All instances received anti-virus updates, with vulnerability detection software installed in advance. Smooth migration of AWS services, with no downtime, was achieved through the implementation of an innovative migration system.
The solutions to deliver static content to Web App was developed using СloudFront. The content can be instantly delivered using a single URL. Due to the implementation of the solutions and tools as well as content caching, website pages can load instantly, with low latency. This allows to enjoy geolocation-based, scenario-enabled quick and optimal content distribution.
CI/CD pipelines were redesigned and improved, with focus on automatic builds and tests on pull requests. GitHub merge restrictions were enforced. SonarQube, a continuous inspection tool to check code for vulnerabilities or bugs on code compilation, was added.
TripActions migrated their application to new secure infrastructure, which allowed them to comply with PCI-DSS standards.
The company qualified to become legally permitted to directly accept customer payments, track banking transactions, and securely collect and store transaction data, such as credit card details and transaction history.
TripActions managed to considerably improve product quality and optimize IT operations, which spurred business growth and had a positive impact on overall business performance.