Provectus Case Studies Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance

Edit This Case Study Record

	Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance Provectus

Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance

Provectus

Technology Category	Networks & Connectivity - Gateways Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries	Cement Construction & Infrastructure
Applicable Functions	Quality Assurance
Use Cases	Construction Management Infrastructure Inspection
Services	Cloud Planning, Design & Implementation Services Testing & Certification
Challenge	TripActions, a corporate travel management organization, faced a significant challenge in enabling secure banking transactions without the need for third-party services. The company aimed to accept customer payments directly, track all banking transactions processed through the platform, and securely collect and store critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure. However, the existing infrastructure had several network, user access, monitoring, alerting, and CI/CD issues that needed to be addressed. The company approached Provectus to upgrade their infrastructure as part of their preparation for PCI-DSS compliance certification. Read More
About Customer	TripActions is a corporate travel management organization that aims to control the costs of business travel and incentivize employees through easily accessible business travel opportunities. The company sought to enhance its business travel platform by accepting customer payments directly, tracking all banking transactions processed through the platform, and securely collecting and storing critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure. Read More
Solution	Provectus designed and built a new secure infrastructure in compliance with PCI-DSS standards for TripActions. The process began with an initial workshop to assess TripActions’ AWS infrastructure. Provectus enhanced TripActions’ AWS infrastructure in several stages, implementing access rules, roles, and groups, creating separate VPC for different environments types and services, and adding full logging audit, monitoring, and alerting. To optimize network infrastructure, separate VPC for production, staging, and development environments were created. Public and private subnets were segmented to control inbound/outbound traffic and outbound connections. Amazon Route53, VPN access with two-factor authentication, Elasticsearch and CloudWatch services were implemented. Backups for all services, data storage, and EC2 instances were created, and all instances received anti-virus updates. CI/CD pipelines were redesigned and improved, with a focus on automatic builds and tests on pull requests. Read More Log in to view content
Contents

Technology Category

Networks & Connectivity - Gateways

Platform as a Service (PaaS) - Application Development Platforms

Applicable Industries

Cement

Construction & Infrastructure

Applicable Functions

Quality Assurance

Use Cases

Construction Management

Infrastructure Inspection

Services

Cloud Planning, Design & Implementation Services

Testing & Certification

Challenge

TripActions, a corporate travel management organization, faced a significant challenge in enabling secure banking transactions without the need for third-party services. The company aimed to accept customer payments directly, track all banking transactions processed through the platform, and securely collect and store critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure. However, the existing infrastructure had several network, user access, monitoring, alerting, and CI/CD issues that needed to be addressed. The company approached Provectus to upgrade their infrastructure as part of their preparation for PCI-DSS compliance certification.

About Customer

TripActions is a corporate travel management organization that aims to control the costs of business travel and incentivize employees through easily accessible business travel opportunities. The company sought to enhance its business travel platform by accepting customer payments directly, tracking all banking transactions processed through the platform, and securely collecting and storing critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure.

Solution

Provectus designed and built a new secure infrastructure in compliance with PCI-DSS standards for TripActions. The process began with an initial workshop to assess TripActions’ AWS infrastructure. Provectus enhanced TripActions’ AWS infrastructure in several stages, implementing access rules, roles, and groups, creating separate VPC for different environments types and services, and adding full logging audit, monitoring, and alerting. To optimize network infrastructure, separate VPC for production, staging, and development environments were created. Public and private subnets were segmented to control inbound/outbound traffic and outbound connections. Amazon Route53, VPN access with two-factor authentication, Elasticsearch and CloudWatch services were implemented. Backups for all services, data storage, and EC2 instances were created, and all instances received anti-virus updates. CI/CD pipelines were redesigned and improved, with a focus on automatic builds and tests on pull requests.

Impact #1	The migration to the new secure infrastructure allowed TripActions to comply with PCI-DSS standards. The company became legally permitted to directly accept customer payments, track banking transactions, and securely collect and store transaction data, such as credit card details and transaction history. This significant upgrade not only improved product quality but also optimized IT operations. The successful migration spurred business growth and had a positive impact on overall business performance. The company managed to enhance its business travel platform, attract new enterprise clients, and spur revenue growth.

Impact #1

The migration to the new secure infrastructure allowed TripActions to comply with PCI-DSS standards. The company became legally permitted to directly accept customer payments, track banking transactions, and securely collect and store transaction data, such as credit card details and transaction history. This significant upgrade not only improved product quality but also optimized IT operations. The successful migration spurred business growth and had a positive impact on overall business performance. The company managed to enhance its business travel platform, attract new enterprise clients, and spur revenue growth.

Benefit #1	35% reduction in Total Cost of Ownership (TCO)
Benefit #2	40% shorter release cycle
Benefit #3	3% reduction in customer expenses

Benefit #1

35% reduction in Total Cost of Ownership (TCO)

Benefit #2

40% shorter release cycle

Benefit #3

3% reduction in customer expenses

Download PDF Version

Overview

Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance

Operational Impact

Quantitative Benefit