Introduction

Europ Assistance India provides its clients with Automotive & Roadside Assistance Services, Medical and Travel Services, and Concierge Services in India. Europ Assistance India is now pioneering the concept of Digital Protection Assistance in the country. This aligns completely with their tagline "WE BRING OUR CUSTOMERS FROM DISTRESS TO RELIEF - ANYTIME, ANYWHERE".

Challenges

Europ Assistance had the requirement to have PCI-DSS Compliant AWS Architecture for their 12 applications. Due to the nature of their business, their applications and infrastructure are heavily regulated, that means, the data which resides in the data stores like databases must be secure and encrypted at all levels. Due to these regulations, the services hosted in AWS required the SLA of 99.99% or above. These complex requirements needed a redundant architecture top be designed for AWS hosting.

Searce Solution

Searce worked with the EA team to understand the application requirements as well as the performance factors to be considered. We started the project by migrating 12 applications of EA to AWS as per PCI-DSS requirements. To secure the workloads at every layer, we recommended the following:

• Searce team deployed the WAF as the first layer of defense to filter any malicious traffic from outside the AWS network for SQL injection and XSS attacks. This addressed their security requirement
• We leveraged AWS landing zone architecture through which the services were segregated in separate accounts. All the network components such as Firewall, DNS, WAF were in a dedicated AWS account, while the application servers and databases were grouped into a different account for reliable operation
• Network firewall to scan all the incoming and outgoing traffic from the AWS VPC
• All the servers and applications hosted are hosted within private subnets to block direct access from the Internet
• All the front end web application servers were hosted in Auto scaling group for High availability and to scale based on demand
• All data is encrypted at rest and in transit with native AWS services as well as customer managed keys
• Databases are deployed across zones with real time replication which is essential for fault tolerance

Business Impact

Post implementation of the PCI compliant architecture, Europ-Assistance was able to:

• Successful migration of AWS infrastructure as per best practices adhering PCI-DSS compliance requirements (Payment card industry standards)
• Fully secure infrastructure with reduced attack surface from outside AWS
• Data is encrypted end to end, be it in transit or at rest
• Better Optimization and operational efficiency
• Robust infrastructure that offers industry leading SLA for all their applications
• Real Time Monitoring of the resources deployed for anomalies and auto healing for the web servers in case of any data center outages

With the deployment of highly secure and fault tolerant architecture in AWS, Europ-Assistance team can now focus on the application innovation which eventually improves their customers experience. Now they have a fault tolerant highly available architecture that can scale based on demands with no manual intervention.