About
Challenge
Solution
Results
PayForward is an emerging leader in the financial and healthcare technology space that provides loyalty and wellness rewards for its healthcare members, and customized engagement solutions for its consumers. The PayForward platform enables members to earn instant cash by shopping at participating merchant partners and later allocating the cash through instant rebates and points to shop further or donate to charitable events. The PayForward platform also provides supplemental health care benefit payments to health care members through its health care partners across 15 states in the US. They target to double that number by 2026.
Maintaining customer value is a top priority for PayForward. To build trust with its healthcare and finance clients, PayForward wanted to perform the Payment Card Industry (PCI) and Health Information Trust Alliance (HITRUST) audits, the most widely recognized and respected data security and privacy standards globally.
While these audits would verify PayForward’s commitment to safeguarding sensitive information, conducting them was resource-intensive and time-consuming. PayForward wanted a reliable partner offering specialized compliance solutions and expertise to help them meet PCI and HITRUST audit requirements.
In this case, Ibexlabs was an easy choice for PayForward. Ibexlabs was already supporting PayForward’s cloud infrastructure, and based on the successful partnership, the organizations decided to extend their relationship.
From the start, Ibexlabs followed a comprehensive and systematic approach, ensuring full compliance with PCI and HITRUST audit standards. Ibexlabs’ solution strategy can be broken down into three major steps.
Stage 1: Assessment
In this stage, Ibexlabs reviewed PayForward’s PCI and HITRUST requirements and assessed the security and performance of PayForward’s AWS and Microsoft Active Directory environments. For example, Ibexlabs evaluated the configuration and management of the AWS services in PayForward’s AWS cloud environment, the network and firewall settings, the encryption and backup policies, etc. Conversely, Ibexlabs also analyzed PayForward’s Active Directory environment, including user and group management, password and authentication policies, helped synchronize and integrate PayForward’s on-premises active directory and Microsoft Entra ID ( formerly Azure AD) infrastructure, and more.
Next, Ibexlabs conducted a thorough gap analysis to identify areas of improvement, risks, and compliance levels required for the audit. The analysis followed a detailed audit plan to provide the necessary documentation related to the AWS and Active Directory environments, such as policies, procedures, logs, and reports.
Stage 2: Technology Implementation
After assessing PayForward’s cloud infrastructure, Ibexlabs implemented the apt security and performance solutions to achieve the compliance level required for the audit.
AWS
To inspect PayForward’s AWS cloud environment, Ibexlabs leveraged a range of AWS native services such as AWS Config, AWS CloudWatch, AWS CloudTrail, AWS Inspector, AWS IAM, S3, AWS Security Hub, AWS GuardDuty, and AWS Trusted Advisor. Ibexlabs identified and resolved the following issues with the right suite of AWS services.
Microsoft Active Directory
Similarly, Ibexlabs implemented the following security and performance improvement solutions to PayForward’s Active Directory.
Stage 3: Documentation and Evidence
To help PayForward demonstrate its transparency and commitment to data compliance, Ibexlabs provided the required evidence for all the controls related to their AWS and Active Directory. The documentation included policies, procedures, logs, and reports. Adhering to PCI and HITRUST standards, Ibexlabs ensured PayForward’s documentation and evidence met rigorous criteria for quality and completeness. In addition, Ibexlabs proactively gathered evidence at a higher frequency than required by audit to improve data quality metrics and capture changes in a more timely manner.
With Ibexlabs’ assistance, PayForward successfully navigated the PCI and HITRUST audits, achieving compliance with their AWS and Active Directory infrastructures. Ibexlabs provided the following benefits to the client:
Whether you are just starting or looking to accelerate your cloud journey, Ibexlabs could be your trusted partner. We offer expert cloud consulting, managed services, cloud-native development, cloud security solutions, and more tailored to your needs. Contact us here today.
We offer customized solutions to accelerate your cloud outcomes.
Contact us