PANGO USA

Case Studies

Pango Mobile Partners with AllCloud to Build a Secured, PCI-DSS Compliant System on Amazon Web Services

ABOUT PANGO

Pango Mobile Parking Ltd., established in 2006, is a leading developer and provider of smart parking solutions for municipalities, parking garages and drivers. The company operates in USA, Brazil, Poland and Czech-Republic. The company’s vision is to provide an ecosystem of simple, convenient and safe solutions for connecting drivers with their parking and driving environments. Solutions such as driving planning, find parking places, access to the parking garages, location based benefits and payments. The Pango technology is being used by more than 1 million drivers worldwide generating millions of transactions every year. Further information could be found at: www.mypango.com

CHALLENGES AND SOLUTIONS

Compliance & Regulation

Payment card data security is an ongoing concern for applications that rely on credit card purchases to maintain their livelihoods. Due to malicious traffic and security vulnerabilities lurking in every corner of the web, posing threats to sensitive data, the PCI DSS has established strict regulations regarding cardholder information. This all encompassing data security regulation is aimed at preventing, detecting and properly reacting to security threats and events at every step of the purchasing process.

This challenge was met in the design phase of Pango’s security structure, requiring it to be incessantly compliant with PCI DSS. Building a complex environment atop a layered security infrastructure requires the appropriate cloud-ready IT security solutions and tools that will support all regulations at a reasonable cost for project deployments as well as ongoing management.

Solution

AllCloud’s acclaimed best practices entail securely constructing enterprise cloud architecture and have supported Pango’s security design process, implementing a number of crucial operations to increase protection. By means of Amazon Virtual Private Cloud (VPC) and Sophos Unified Threat Management (UTM), Pango now enjoys the peace of mind that accompanies utilizing an isolated and controlled virtual network.

What’s more, the Sophos UTM platform has equipped the network with a firewall to enable secure access, including VPN and SSL, as well as detect suspicious activity. Sophos UTM collaborated with Snort to support network security intrusion detection and prevention whilst supporting file changes and data integrity via Ossec. Additionally, operating system hardening is used to continuously update all of the system’s components, further removing as many risks as possible.

Other precautionary measures that are taken to ensure security include auditing, anti-virus protection, identity access management, foolproof authentication, and monitoring. Auditing entails streamlining all security component event logs to Splunk, where the log repository is then analyzed in real-time and saved to forecast trends. Accordingly, every piece of data is archived for seven years, in line with the PCI DSS regulation rules. Respectively, anti-virus protection must be deployed and maintained on all of the hosts according to PCI DSS, as well. In addition, in order to maintain access and identification control, AllCloud utilizes Microsoft Active Directory along with AWS Multi Factor Authentication (MFA) and Duo Security for identity management, authentication and authorization of the network and VPN. Identity access management is maintained by means of password rotation policies and individual based access restrictions. A unified dashboard enables Pango to have complete real-time visibility, with centralized alerts and notifications based on Splunk logging and Nagios.

High Availability

Uptime management is crucial to all modern applications, especially those handling global distribution. Every second of downtime translates into a lost customer that eventually leads to sub-par reputation. It is for that reason that a robust backup strategy is imperative for Pango’s rapidly growing amount of data and digital assets.

Solution

AllCloud has set up a number of reliable courses of action to ensure Pango’s system steers clear of hardships and continuously remains up and running. Data is synchronized based on MSSQL mirroring, in efforts to eliminate redundancy between continents. Additionally, all of the synchronized data is encrypted and backed up to AWS S3 storage, then tested as a precautionary measure, and continually monitored on all of the data fronts.

Global Distribution

While many companies strive to distribute their products or services, those that have accomplished a significant presence around the globe are faced with the interrelated challenges of providing high performance services in multiple regions and optimal system operations, concurrently.

Pango’s infrastructure provides paid parking services across the globe, deepening the already difficult challenges of adhering to regulatory compliance (PCI DSS), efficiently maintaining control of the application, and avoiding system latency for all three interfaces.

Solution

AllCloud employed a single, multi tenant central system that is deployed in two geographic locations (US and EU). The system’s principal components include one central database, a single session border control (SBC), as well as consolidated monitoring and auditing, as mentioned above, for improved maintenance efforts.