Greenn: PCI DSS and AWS Cloud Security
Medium
E-commerce; Digital Payments; Technology; Finance; SaaS
Brazil
Medium
Brazil
E-commerce; Digital Payments; Technology; Finance; SaaS
Greenn is an online sales platform for digital and physical products, which was looking to become a sub-buyer in order to offer more competitive interest rates and greater security to its customers. To do this, it was essential that its security architecture complied with the strict PCI DSS standard.
The Challenge
Greenn was already using AWS services, but its growing demand and goal of becoming a sub-acquirer required a thorough restructuring of its security architecture to meet PCI DSS requirements. The company needed a specialized partner who could not only redesign the infrastructure, but also offer support during the complex certification process.
The Solution
Greenn chose CloudDog, an AWS Advanced Tier services partner and one of the few companies in the world with the rare AWS “Golden Jacket”, to help redesign its security architecture. CloudDog, with its strong presence in AWS services and cybersecurity solutions, developed a strategic approach that included:
-
Review of Existing Architecture: In-depth analysis to identify points for improvement and compliance.
-
New Design with Best Practices: Implementation of an optimized architecture focused on security and scalability.
-
PCI Certification Support: Guidance and ongoing assistance throughout the process to ensure compliance.
The main technical actions carried out included:
-
Information segregation: Implementation of strict isolation of sensitive data.
-
Private Databases: Separation of databases into private instances, accessible via VPN.
-
Isolation of Environments: Complete separation of production and development environments.
The new architecture leverages AWS' native security services, such as:
-
AWS Fargate: For serverless computing, ensuring scalability and high availability.
-
AWS WAF (Web Application Firewall): Protection against web vulnerabilities and attacks.
-
Amazon GuardDuty: Continuous intelligent threat detection.
-
AWS CloudTrail: Auditing and monitoring of AWS account activity.
Customized solution for failed login attempts: Using
Customized Solution for Failed Login Attempts: Using AWS Lambda, Amazon EventBridge and Amazon DynamoDB for access control.
Architecture
The main AWS services used were:
-
Amazon ECS (with AWS Fargate)
-
AWS WAF
-
Amazon GuardDuty
-
AWS CloudTrail
-
AWS Lambda
-
Amazon EventBridge
-
Amazon DynamoDB
Results
The partnership between Greenn and CloudDog enabled Greenn to achieve PCI DSS certification in less than six months, exceeding its expectations. This achievement has resulted in significant benefits:
-
Qualification as a Sub-Acquirer: Greenn was able to become a sub-acquirer in 2024.
-
Better Rates and Greater Security: Ability to offer more competitive interest rates and improved security guarantees for its clients.
-
Contracts with Major Brands: Signed contracts with major credit card brands in Brazil.
-
Enhanced Security: Substantial improvement in security architecture, access management and auditing, with many implementations carried out natively in the AWS environment.
Greenn now plans to migrate other workflows to the same secure and optimized AWS environment, further consolidating its cloud infrastructure.
