Greenn: PCI DSS and AWS Cloud Security
Medium
E-commerce; Digital Payments; Technology; Finance; SaaS
Brazil
Medium
Brazil
E-commerce; Digital Payments; Technology; Finance; SaaS
Greenn is an online sales platform for digital and physical products, which was looking to become a sub-buyer in order to offer more competitive interest rates and greater security to its customers. To do this, it was essential that its security architecture complied with the strict PCI DSS standard.
The Challenge
Greenn was already using AWS services, but its growing demand and goal of becoming a sub-acquirer required a thorough restructuring of its security architecture to meet PCI DSS requirements. The company needed a specialized partner who could not only redesign the infrastructure, but also offer support during the complex certification process.
The Solution
Greenn chose CloudDog to assist with the redesign of its security architecture. CloudDog, with its strong expertise in AWS services and cybersecurity solutions, developed a strategic approach that included:
-
Review of Existing Architecture: In-depth analysis to identify points for improvement and compliance.
-
New Design with Best Practices: Implementation of an optimized architecture focused on security and scalability.
-
PCI Certification Support: Guidance and ongoing assistance throughout the process to ensure compliance.
The main technical actions carried out included:
-
Information segregation: Implementation of strict isolation of sensitive data.
-
Private Databases: Separation of databases into private instances, accessible via VPN.
-
Isolation of Environments: Complete separation of production and development environments.
The new architecture leverages AWS' native security services, such as:
-
AWS Fargate: For serverless computing, ensuring scalability and high availability.
-
AWS WAF (Web Application Firewall): Protection against web vulnerabilities and attacks.
-
Amazon GuardDuty: Continuous intelligent threat detection.
-
AWS CloudTrail: Auditing and monitoring of AWS account activity.
Customized solution for failed login attempts: Using
Customized Solution for Failed Login Attempts: Using AWS Lambda, Amazon EventBridge and Amazon DynamoDB for access control.
In addition to the technical redesign, Greenn engaged CloudDog’s Managed Services. This service layer ensures that the new security and compliance architecture is monitored 24/7, guaranteeing that PCI DSS controls remain active and effective. With continuous support, CloudDog performs vulnerability management, threat monitoring, and AWS environment governance, allowing Greenn to focus on expanding its financial operations with complete peace of mind.
Architecture
The main AWS services used were:
-
Amazon ECS (with AWS Fargate)
-
AWS WAF
-
Amazon GuardDuty
-
AWS CloudTrail
-
AWS Lambda
-
Amazon EventBridge
-
Amazon DynamoDB
Results
The partnership between Greenn and CloudDog enabled Greenn to achieve PCI DSS certification in less than six months, exceeding its expectations. This achievement has resulted in significant benefits:
-
Qualification as a Sub-Acquirer: Greenn was able to become a sub-acquirer in 2024.
-
Better Rates and Greater Security: Ability to offer more competitive interest rates and improved security guarantees for its clients.
-
Contracts with Major Brands: Signed contracts with major credit card brands in Brazil.
-
Enhanced Security: Substantial improvement in security architecture, access management and auditing, with many implementations carried out natively in the AWS environment.
Greenn now plans to migrate other workflows to the same secure and optimized AWS environment, further consolidating its cloud infrastructure.
