case study
Continuous Compliance as a USP
Faced with a global challenge affecting their industry, Kudos Travel Technology pivoted to embrace cloud best practice as well as maximise their compliance and security posture through shifting to a continuous compliance model, leveraging automation.
Empowering your travel program.
Kudos offers a single platform providing customisation, control and convenience for both travellers and travel agencies.
Through sophisticated solutions and extensive API Integrations, Kudos have developed a powerful platform empowering travel agencies to effortlessly manage corporate travel programs for their clients, ensuring visibility over important data and duty of care considerations.
Kudos has many years' experience developing corporate travel technology and providing the necessary integration to GDS, Online Booking Tools and third-party systems.
About
Kudos Travel Technology
Executive Summary
Faced with a global challenge affecting their industry, Kudos Travel Technology pivoted to embrace cloud best practice as well as maximise their compliance and security posture through shifting to a continuous compliance model, leveraging automation.
Kudos’s Challenge
Recent challenges facing the local and international travel industries have been well documented. In the face of these challenges, Kudos saw an opportunity to differentiate, win market share and emerge stronger as a result.
A core pillar of Kudos’ strategy was differentiation through achieving a far higher level of PCI-DSS compliance than was required by their customers. Having engaged a PCI-DSS Quality Security Assessor (Stratica) to support them on the journey of achieving Level 1 PCI-DSS compliance, Kudos also identified the need for an AWS partner that could enable them to not only achieve compliance as quickly and cost effectively as possible, but also ensure that compliance was maintained on an ongoing basis with minimal cost or operational overhead.
6pillars' Solution
6pillars solution leverages all the benefits of AWS’ comprehensive suite of native security and compliance services to deliver not only AWS best practice, but does so using patent pending automation technology combined with a comprehensive playbook library to ensure the compliance holy grail; fully automated, best of breed, continuous compliance with minimal operational impact.
Deploy
6pillars engaged with Kudos in an initial discovery and “Deploy” phase, evaluating the Kudos environment and deploying AWS native security services. During this process, 6pillars also made recommendations to allow optimization of the Kudos environment to achieve optimal performance, availability and cost effectiveness.
Analyse
Once all necessary AWS security and compliance services had been deployed (including AWS Security Hub, Control Tower, Config, GuardDuty, etc.), 6pillars was able to easily analyse and establish Kudos’ security and compliance posture.
Automate
6pillars’ security and compliance automation was then deployed to enable continuous compliance with both best practice and all the standards referenced by AWS Security Hub.
Optimise
6pillars provides optimization of and creation of new playbooks as part of its MSSP offering. When a new alert is detected, incident response triages the issue and then compiles automation to automatically remediate any future recurrence.
Why Kudos Chose 6pillars
When Kudos were going through their compliance process, they asked for advice from their QSA Stratica and a referral to a trusted and skilled AWS partner.
“We chose 6pillars based on Stratica’s advice and have been impressed at the skills, experience, performance and unique value proposition of the continuous compliance that 6pillars delivers.”
Why AWS
Kudos chose AWS as the leading hyperscale cloud platform. AWS were not only able to deliver performant, reliable and cost-effective cloud infrastructure and services but combine that with the most comprehensive and mature cloud native and integrated security services.
Results and Benefits
- Enhanced Agility: Faster compliance with CIS, PCI-DSS, AWSFS standards
- Reduced Overheads: Zero touch, continuous automated compliance
- Reduced Risk: Continuous alignment with cloud security best practice
- Reduced Pain: Elimination of technical remediation of annual recompliance
Phil Rasmussen, MD of Kudos Travel Technology:
"We made a decision in 2020 to pursue a land grab strategy and have that driven by a focus on best practice and compliance.”
“High levels of compliance are operationally daunting and can be prohibitively expensive. In addition, compliance is always driven by a panicked project that companies typically push through, ignore for 9 months and then dread the anniversary of the same process.”
“We quickly realized that 6pillars could not only massively accelerate our achievement of AWS best practice including the highest level of PCI-DSS compliance but, by achieving continuous compliance through 6pillars automation, enable us to turn compliance into a powerful differentiator and compelling USP that allows us to win marketshare and grow revenue.”
“With 6pillars now we’re not just compliant, we’re continuously compliant and best practice.”