"We were encouraged because Softjourn asked the right questions and involved people with the right experience in the conversations."
How We Strengthened Security and Ensured PCI Compliance for PEX
In an era where digital security and compliance are cornerstones of success in the fintech sector, PEX partnered with Softjourn to demonstrate an exemplary commitment to maintaining the highest security standards.
ABOUT THE CLIENT:
Project:Security and PCI Compliance
Industry:Expense Management
Client since:2012
Headquarters:New York, USA
The Challenge
PEX hired Softjourn’s DevOps and security team to enhance their security measures, focusing on better vulnerability management, advanced protocols for remote access, and improved logging to protect sensitive data and maintain PCI compliance.
The Solution
Softjourn's team improved PEX's Azure security by enhancing infrastructure controls, planning a new SIEM system for advanced monitoring, transitioning to Zero Trust Network Access (ZTNA) for secure remote access, and leading PCI compliance initiatives.
The Benefits
- Enhanced Security Posture
- Compliance with Industry Standards
- Operational Efficiency
- Insightful Data Management
The Client
This case study explores how Softjourn’s expert security and DevOps team has been pivotal in enhancing PEX’s security within their AWS and Azure environments and ensuring rigorous PCI compliance.
PEX is a leader in expense management solutions, leveraging cutting-edge technology to deliver innovative services to businesses. As PEX expanded, it became crucial to bolster their security framework to protect sensitive financial data and sustain client trust.
Our History
The partnership between Softjourn and PEX started in 2012 when we first helped them design and develop their mobile application.
Since then, we’ve worked together on many solutions, from integrating PowerBI to assisting with integrations and developing their marketplace. In 2019, we began collaborating on a shared vision to enhance PEX’s DevOps and security measures and refine compliance processes.
Toffer Grant, the Founder and CEO of PEX
The Problem
To support future growth and scalability, PEX undertook a security infrastructure upgrade. This initiative focused on strengthening vulnerability management and implementing advanced security protocols for remote access and logging. These enhancements would ensure continued compliance with PCI standards while safeguarding sensitive data.
PEX hired Softjourn’s DevOps and security team because they recognized the importance of ongoing improvement to stay ahead of evolving threats, as well as to further enhance their security measures. This proactive approach aimed to strengthen their defenses, protect sensitive data, and ensure robust compliance with PCI standards.
With a solid security foundation already in place, the focus of our collaboration was on refining and advancing their security protocols, including improving vulnerability management and upgrading remote access and logging capabilities.
The Solution
Softjourn's team approached the problem with a comprehensive strategy focused on both immediate improvements and long-term security sustainability:
Infrastructure Security Enhancements: Our Senior Security Analyst overhauled PEX's Azure environment, improving the security posture by implementing stronger controls over applications, services, and network equipment. This reduced the overall vulnerability footprint.
- Advanced Logging and Monitoring: A new SIEM (Security Information and Event Management) system has been deployed that better correlates various types of logs, providing improved security insights and real-time alerts. This system allows for better monitoring of network communications, login activities, and configuration changes.
- Zero Trust Network Access (ZTNA): PEX’s traditional VPN will soon be replaced with ZTNA, enhancing the security of remote access to the corporate environment, and enabling PEX to further secure various third-party SaaS platforms.
- PCI Compliance Initiatives: Continuous involvement in PCI compliance processes was ensured, with Softjourn’s Senior Security Analyst leading efforts to maintain and upgrade compliance control, such as managing antivirus solutions and developing new procedures for authentication and authorization management.
The Benefits
The solutions implemented by Softjourn provided multiple benefits:
- Enhanced Security Posture: With improved controls and the introduction of advanced security solutions, PEX's vulnerability management was significantly improved.
- Compliance with Industry Standards: PEX has always maintained PCI compliance, a cornerstone for their financial operations. By partnering with Softjourn, they've further strengthened their security posture while optimizing their PCI compliance process, reducing the ongoing effort required.
- Operational Efficiency: The introduction of SIEM and ZTNA will secure the environment and streamline various operational aspects, leading to better resource management and reduced overhead.
- Insightful Data Management: The advanced logging and monitoring setup enabled PEX to gain valuable insights into their security environment, improving decision-making and incident response.
.jpg)
Conclusion
The collaboration between Softjourn and PEX highlights the importance of proactive security measures and continuous compliance efforts in today’s digital landscape. The PEX team has been glad to have Softjourn’s expertise in developing more secure solutions that will safeguard their business.
Through strategic enhancements and the deployment of cutting-edge technologies, Softjourn's DevOps Team not only addressed the immediate security needs of PEX but also laid a foundation for sustainable security practices that will support PEX's growth and innovation in the future. This partnership not only fortified PEX's security but also reinforced its position as a trusted leader in expense management.
Partnership & Recognition
