Reward360 Global Services is a premier Loyalty Technology and Solutions Company. It wanted to develop a PCI-DSS compliant rewards management platform for banks in the country.
THE BUSINESS CHALLENGE
To design and build a loyalty management platform on the public cloud that would not only comply with stringent auditing requirements but also be scalable to other businesses
TECHNOLOGY COMPONENTS
Linux, Apache/Nginx/PHP/NodeJS, MySQL/MongoDB, Redis Cache, Application Load Balancers, Web Application Firewall, Application and host level Logging – ELK Stack, OSSEC, Security Incident Event Management – OSSEC, Cloud API log – AWS CloudTrail, Alert notification – AWS Simple Notification Service, IP whitelisting – AWS VPC Security Group, Layer 7 – Web Application Firewall, Host level firewall – iptables Vulnerability assessment – VAPT (OpenVAS + Nessus), Data in Transit encryption HTTPS – SSL Certificates
THE APPROACH
- Suggested and implemented a templatized cookie cutter model for predictable deployment on AWS Cloud due to the repetitive nature of audit requirements with the banking business
- Made significant changes to the application architecture to accommodate compliance controls at various layers of the platform and to facilitate platform scalability
- Leveraged a combination of various AWS services, open source solutions, and third party solutions to achieve the necessary compliance
- Redesigned and redeployed the environment on AWS
TRANSFORMATIONAL EFFECTS
- Reduced deployment time from 12 weeks to one week
- Highly scalable environment
- Option to deploy the platform as is for clients similar to banks in a cookie cutter mode