Driving an Efficient, Secure, and Compliant AWS Infrastructure for PayForward

PayForward is an emerging leader in the financial and healthcare technology space, providing reward incentives, fast money transfers, and customized engagement solutions for its consumers. The PayForward platform enables members to earn instant cash by shopping at participating merchant partners and later allocating the cash through instant rebates and points to shop further or donate to charitable events. Starting in 2022, PayForward entered into agreement with more than 20 health care providers and expanded its health care platform to support Commercial, Medicaid, Affordable Care Act, Rewards and Incentives, Federal Employee Program and other Medicare Advantage Plans through its health care partners across 20 states in the US.

With the recent expansion of its platform, PayForward’s AWS infrastructure had to be enhanced to meet some of the stringent PCI, HIPAA, HiTrust and other health care compliance requirements. In addition, to meet the growing member base and feature requests, we had to adopt best practices in performance optimization, cost management, security, and compliance. They sought an experienced AWS-managed services provider to recommend and implement effective cloud management strategies and AWS services, thereby boosting business efficiency.

As an AWS Advanced Consulting Partner with over 100 AWS certifications, Ibexlabs has a proven history of delivering AWS-managed services to many clients, including Fortune 500 companies, government agencies, and startups.

Onboarding PayForward

Ibexlabs began by thoroughly assessing PayForward’s compliance requirements, existing AWS infrastructure, costs, performance metrics, and security posture. The assessment helped Ibexlabs scope the current and the future needs to support PayForward’s fast-paced growth and demand. Ibex identified underutilized or over-provisioned resources and bottlenecks in security and performance. Ibexlabs realized that striking the right balance between performance and budget constraints was a constant challenge for PayForward. In addition, achieving and maintaining compliance was critical for their business continuity.

Based on PayForward’s unique challenges, Ibexlabs tailored a comprehensive solution suite adhering to industry standards and AWS best practices. Ibexlabs utilized several best-in-class partners and AWS services to address PayForward’s multifaceted security, performance, and compliance challenges.

1. Cost Management

Ibexlabs recommended leveraging Reserved Instances (RIs) and Savings Plans through their partner Archera to right-size PayForward’s resources. Together with Archera, Ibexlabs offered intelligent insights and recommendations. By analyzing historical usage patterns and adjusting instance types, PayForward could match capacity to actual demand.

Ibexlabs also utilized AWS Cost Explorer to provide insights into spending patterns, identify cost drivers, and optimize resource allocation. Additionally, AWS Trusted Advisor was introduced to identify underutilized resources, eliminate idle instances, and optimize costs. This optimization and right-sizing effort reduced PayForward’s AWS expenses by 5%.

2. Audit & Compliance

Ibexlabs assessed EC2 instances using AWS Inspector for vulnerabilities, security issues, and compliance deviations. Utilizing the AWS Well-Architected Framework to identify and address gaps, Ibexlabs was able to implement the following services:

• AWS Security Hub to centralize security findings. 
• AWS Config to monitor resource configurations for compliance.
• Trusted Advisor compliance checks to ensure PCI DSS and HIPAA adherence.
• CloudTrail to log API activity.
• AWS Health for regular health checks to address issues and maintain operational continuity.
• AWS Cloudwatch for logging, monitoring and setting up alerts in real-time

3. Security Measures

Ibexlabs ensured that PayForward’s data, both at rest and in transit, were protected by robust encryption protocols. Beyond traditional passwords, Ibexlabs mandated multi-factor authentication to enhance security for all users accessing PayForward’s AWS resources. Ibexlabs restricted permissions to the minimum necessary level by configuring fine-grained access controls, which minimized the risk of unauthorized actions.

Properly configured security groups and network access control lists (ACLs) helped secure network traffic and prevent unauthorized communication. Ibexlabs established resilient backup and disaster recovery processes to ensure data availability and business continuity. Ibexlabs utilized Amazon EC2, S3, RDS, Elastic Beanstalk, Lambda, and API Gateway to host, manage, and secure PayForward’s application infrastructure. 

4. Performance Optimizations

Ibexlabs set up continuous monitoring and customized alerts for anomaly detection. This proactive approach allowed swift action in response to critical events. Ibexlabs optimized resource utilization by fine-tuning resource allocation and monitoring performance metrics using AWS CloudWatch. 

Ibexlabs integrated Opsgenie as an incident management tool. This streamlined incident response and ensured timely resolution of critical issues on 24/7 monitoring. Ibexlabs seamlessly patched operating systems and applications across PayForward’s EC2 instances using AWS Systems Manager, fortifying systems with the latest security updates and patches. It also implemented performance enhancements using AWS KMS for encryption and SSL certificates for secure communication.

Ibexlabs’ strategic implementation of AWS services and resources significantly enhanced PayForward’s AWS infrastructure. Some of the benefits PayForward experienced are as follows.

Reduced AWS Expenses

Insights gleaned from AWS Cost Explorer enabled cost optimization for PayForward, promising potential savings while maintaining optimal performance levels. Eventually, PayForward achieved greater financial predictability, minimized unnecessary expenditures, and enhanced overall budget efficiency without compromising performance or scalability.

Strengthened Security Measures

By adopting robust security measures such as encryption protocols, access controls, threat detection, and centralized security management, PayForward could enhance its overall security posture and mitigate various risks associated with data breaches and unauthorized access.

Enhanced System Performance

Continuous monitoring and proactive anomaly detection improved operational efficiency and swift response to critical events for PayForward. Moreover, resource utilization was optimized through precise allocation and performance monitoring, enhancing system performance. 

Improved Compliance Posture

Regular assessments and audits enhanced PayForward’s compliance posture. Vulnerability scans identified potential risks, ensuring alignment with industry standards. Centralized security findings and compliance monitoring streamlined governance processes, while periodic reviews maintained robust compliance frameworks.

Whether you are just starting or looking to accelerate your cloud journey, Ibexlabs could be your trusted partner. We offer expert cloud consulting, managed services, cloud-native development, cloud security solutions, and more tailored to your needs. Contact us here today.