Designing and Deploying a Secure B2C Public Cloud Platform
One of the leading mobile apps based gifting merchants wanted its services to be compliant with PCI-DSS for users to make the purchases confidently using their credit cards.
Business Challenge
The challenge was to design, build and deploy a mobile application with stringent security features for both Android and iOS platforms that are PCI-DSS compliant.
Technology Components
Application level de/encryption – AWS KMS
Encrypted database table data – AWS RDS
Application and host level logging – ELK Stack
File Finger printing – OSSEC
Security Incident Management (SIM)/ Security Information and Event Management (SIEM) – OSSEC
Cloud API logging – AWS CloudTrail
Cloud infrastructure change audit trail – AWS Config
Alert notification – AWS Simple Notification Service
IP whitelisting – AWS VPC Security Group
Layer 7 – Web Application Firewall
Host-level firewalls – IP tables
Patch management – Spacewalk
Vulnerability assessment – VAPT (OpenVAS + Nessus)
Data in Transit encryption HTTPS – SSL Certificates
Approach
Designed and deployed the cloud environment leveraging several Amazon Web Services (AWS) security services alongside multiple open source solutions to achieve PCI compliance.
Engaged Business and Technology teams of the client – from initial audit to multiple re-audits.
Implemented a complete CI/ CD pipeline to ensure that a blue green deployment can be achieved.
Completed the engagement end-to-end from design to go-live in 16 weeks.
Enforced a targeted approach for the public cloud deployment due to the nature of the platform.
Transformational Effects
AWS services that are PCI compliant are used to set up infrastructure.
Application as well as its environment are PCI-certified.
Created a secure application that can be trusted by customers to use their credit cards.