Intouch Development is a software development company based in San Jose (Costa Rica) specialized in the development of payment and booking tokenization solutions with whom we have had the opportunity to deploy a PCI-DSS environment on AWS (Amazon Web Services) from scratch with security as our top priority.
Since Daniel Alvarado (CEO of Intouchdev) contacted us for the first time and proposed us the challenge of helping them to set up a payment gateway in the Cloud including security from the beginning, at A2SECURE it was clear to us that it was a great opportunity to try to take advantage of the new security features that Cloud environments make available to us and to design an
infrastructure oriented to protect the card data flows traveling through it.
Isolating critical environments
As in any PCI-DSS compliance project, A2SECURE analyzed our client’s needs and understood the card data flows through the future platform. We chose to isolate all those systems in charge of transmitting and/or processing card data from the rest of the
transmitting and/or processing card data from the rest of the systems by creating a specific AWS account and separated the internal and external services into two different VPCs.
At this point, we had a clearly defined scope where we could deploy all the necessary security controls to comply with PCI-DSS regulations with maximum guarantees.
Leveraging Cloud services
One of Daniel’s main requests was that the payment gateway be deployed on AWS. Thanks to the work done in previous projects by our team of consultants and QSA auditors in similar environments, it was clear to A2SECURE that exploiting the security services that AWS makes available to its customers was key to the success of the project. In this sense; we took advantage of the easy management of ACL’s and Security Groups to further restrict incoming and outgoing traffic to the platform, we configured the IAM to ensure the “zero trust privilege” and we integrated CloudTrail logs with the deployed SIEM solution to monitor the environment at all times.