Securing PCI and HITRUST Compliance Success for PayForward

PayForward partnered with Ibexlabs to navigate PCI and HITRUST audits, ensuring data security and compliance. Ibexlabs fortified PayForward's AWS and Active Directory environments, enhancing security, documentation, and customer trust while improving their competitive edge.
  • About

  • Challenge

  • Solution

  • Results

About Cascadia Scientific

PayForward is an emerging leader in the financial and healthcare technology space that provides loyalty and wellness rewards for its healthcare members, and customized engagement solutions for its consumers. The PayForward platform enables members to earn instant cash by shopping at participating merchant partners and later allocating the cash through instant rebates and points to shop further or donate to charitable events. The PayForward platform also provides supplemental health care benefit payments to health care members through its health care partners across 15 states in the US. They target to double that number by 2026.

The Challenge

Maintaining customer value is a top priority for PayForward. To build trust with its healthcare and finance clients, PayForward wanted to perform the Payment Card Industry (PCI) and Health Information Trust Alliance (HITRUST) audits, the most widely recognized and respected data security and privacy standards globally. 

While these audits would verify PayForward’s commitment to safeguarding sensitive information, conducting them was resource-intensive and time-consuming. PayForward wanted a reliable partner offering specialized compliance solutions and expertise to help them meet PCI and HITRUST audit requirements. 

In this case, Ibexlabs was an easy choice for PayForward. Ibexlabs was already supporting  PayForward’s cloud infrastructure, and based on the successful partnership, the organizations decided to extend their relationship.

The Solution

From the start, Ibexlabs followed a comprehensive and systematic approach, ensuring full compliance with PCI and HITRUST audit standards. Ibexlabs’ solution strategy can be broken down into three major steps.

Stage 1: Assessment
In this stage, Ibexlabs reviewed PayForward’s PCI and HITRUST requirements and assessed the security and performance of PayForward’s AWS and Microsoft Active Directory environments. For example, Ibexlabs evaluated the configuration and management of the AWS services in PayForward’s AWS cloud environment, the network and firewall settings, the encryption and backup policies, etc. Conversely, Ibexlabs also analyzed PayForward’s Active Directory environment, including user and group management, password and authentication policies, helped synchronize and integrate PayForward’s on-premises active directory and Microsoft Entra ID ( formerly Azure AD) infrastructure, and more.

Next, Ibexlabs conducted a thorough gap analysis to identify areas of improvement, risks, and compliance levels required for the audit. The analysis followed a detailed audit plan to provide the necessary documentation related to the AWS and Active Directory environments, such as policies, procedures, logs, and reports.


Stage 2: Technology Implementation

After assessing PayForward’s cloud infrastructure, Ibexlabs implemented the apt security and performance solutions to achieve the compliance level required for the audit. 


AWS

To inspect PayForward’s AWS cloud environment, Ibexlabs leveraged a range of AWS native services such as AWS Config, AWS CloudWatch, AWS CloudTrail, AWS Inspector, AWS IAM, S3, AWS Security Hub, AWS GuardDuty, and AWS Trusted Advisor. Ibexlabs identified and resolved the following issues with the right suite of AWS services.

 

  • Data encryption: Enabled encryption at rest and in transit for all the AWS resources and services, using AWS KMS and SSL certificates.
  • Access Control: Implemented multi-factor authentication and least-privilege access for all AWS users and roles.
  • Network Security: Applied security groups and network access control lists to restrict and monitor the inbound and outbound traffic on AWS.
  • Disaster Recovery: Implemented backup and disaster recovery strategies for all the AWS resources and services, using AWS Backup, S3, and EBS snapshots.
  • Continuous Monitoring: Enabled monitoring and logging for all AWS activities and events and set up alerts and notifications for anomalies or incidents.
  • Configuring Alerts: Configured alerts for critical events such as root account usage, security group changes, IAM role changes, etc.
  • Optimum Performance: Optimized the performance of the AWS resources and services using AWS Cost Explorer and Trusted Advisor.
  • Penetration Testing: Worked closed with PayForward technical team and external testing teams to conduct annual and rigorous penetration testing process.


Microsoft Active Directory

Similarly, Ibexlabs implemented the following security and performance improvement solutions to PayForward’s Active Directory.

 

  • Risk Mitigation: Enforced strong password policies emphasizing complexity, length, and expiration requirements.
  • Fault Tolerance: Configured domain controllers to ensure availability and redundancy and maintain access to network resources even during disruptions. 
  • Unauthorized Access: Implemented role-based access control and segregation of duties for all Active Directory users and groups, reducing the risk of unauthorized access and data breaches.
  • Close Monitoring: Implemented audit policies to enable monitoring for all the relevant events, such as logon, logoff, object creation, deletion, modification, and access.
  • Access Management: Using secure and reliable methods, integrated and synchronized Active Directory with other applications, such as AWS Client VPN.

Stage 3: Documentation and Evidence

To help PayForward demonstrate its transparency and commitment to data compliance, Ibexlabs provided the required evidence for all the controls related to their AWS and Active Directory. The documentation included policies, procedures, logs, and reports. Adhering to PCI and HITRUST standards, Ibexlabs ensured PayForward’s documentation and evidence met rigorous criteria for quality and completeness. In addition, Ibexlabs proactively gathered evidence at a higher frequency than required by audit to improve data quality metrics and capture changes in a more timely manner.

The Results

With Ibexlabs’ assistance, PayForward successfully navigated the PCI and HITRUST audits, achieving compliance with their AWS and Active Directory infrastructures. Ibexlabs provided the following benefits to the client:

  1. Security and Performance Improvements: Ibexlabs enhanced the security posture, operational efficiency, and reliability of PayForward’s application infrastructure. Through robust controls, penetration testing networks and systems end-to-end, PayForward had vastly enhanced security measures and addressed security vulnerabilities while ensuring application availability even during unexpected events or high-demand periods. Eventually, this improved scalability as the system could handle increasing workloads or user demands without sacrificing performance.
  2. Comprehensive Documentation and Evidence: Ibexlabs provided the necessary documentation and evidence for all the controls related to the client’s application infrastructure. This served as tangible proof and ensured the quality and completeness of the audit process.
  3. Better Customer Engagement and Value: By successfully completing the PCI and HITRUST audits, PayForward could engage with more healthcare and financial-based partners and customers. Since PCI and HITRUST verify that sensitive data, such as patient health information or financial transactions is safeguarded, customers gained more confidence in PayForward.
  4. Improved Competitive Edge: By following best compliance practices and achieving PCI and HITRUST certifications, PayForward has gained market share in the Medicare Advantage (MA) domain. PayForward’s commitment to high levels of security and regulatory adherence helped the company enter and compete against major players in the MA and supplemental health benefits domain.


Whether you are just starting or looking to accelerate your cloud journey, Ibexlabs could be your trusted partner. We offer expert cloud consulting, managed services, cloud-native development, cloud security solutions, and more tailored to your needs. Contact us here today.      

We offer customized solutions to accelerate your cloud outcomes.

Contact us arrow

Customer Feedback

Ibexlabs has been a fantastic partner to work with. Their service is great from their top management to their technical folks and there is a culture throughout the organization of operational excellence and customer success. Throughout working with them, I have had numerous technical questions and requests for them and they have always been prompt in responding to me and worked with me to ensure all of my requests have been addressed. I would highly recommend them to any other AWS customer!
Nikhil Khanna

CTO and Co-Founder

Archera
Our Ibexlabs team has been invaluable to our company. They are always polite, professional, and hard-working. They work with our developers to come up with solid solutions for our AWS environment. I would highly recommend them.
Mike Fitzpatrick

Manager of Data Architecture & Analytics

HealthBridge Financial
Ibex has exceeded expectations. They have a excellent processes and workflows for requests, deliver on time, and are very knowledgeable. Their pricing is competitive and transparent. After seeing their abilities, we wouldn't dream of taking this role on internally.
Wade Denton

President, Chief Technology Officer

Nomo Hub
Worked with Ibexlabs on cost savings and aws war review and the findings were accurate, we were able to achieve cost savings based on their recommendations. They were flexible in solution implementation and collaborative to get the project completed.
Vivek Chhikara

Associate Partner

Protium
Ibexlabs has served our company very well with extensive performance on their delivery. The service they provide has been crucial for our development of our products, and we look forward to continue working with them.
Young Moon
Qubits Group
They have helped us to educate our teams on best practices, along with reliably keeping our infrastructure continually updated. This has allowed us to focus on the specifics of our business while getting the best out of AWS. Whenever we have questions or concerns, they always research options and come back to us with a good insights to weigh pros and cons so we choose wisely. They are reliable, helpful, and easy to work with. I would highly recommend them.
Vivek Pathak

Managing Partner - COO

BroadPeak Partners