Bayad Secures Its Digital Transformation with Aqua Security

Bayad (CIS Bayad Center, Inc.) is the largest multi-channel payment platform in the Philippines, and the country’s pioneer in outsourced payment collection. BAYAD offers a suite of solutions ranging from dependable bill collection for corporate partners to reliable, convenient payment services for the public. Bayad emphasizes security of sensitive data and high availability, which allow businesses and customers to confidently accomplish their financial and commercial interests. Bayad uses Aqua’s portfolio of cloud native security solutions to ensure security and compliance of their digital wallet platform, biller aggregator service, and bills payment platforms.

Bayad has been investing in a shift to cloud native application methodologies, using container and serverless technologies to increase agility, scalability, and resilience of key applications. As part of this initiative, the organization must enable developers to focus on writing code while eliminating roadblocks to secure deployment. Operating in a highly regulated industry required Bayad to overcome some critical challenges, including:

• Ensure that stakeholders, from Development to Security, have visibility into the risk posture and compliance status of development artifacts, running applications, and cloud environments.
• Detect and resolve information leakage across the application and cloud ecosystem.
• Facilitate an evolution from legacy systems that are unable to meet the growing demands and expectations of the market.
• Establish unified security standards and security control points for more than a thousand functions across multiple web applications, mobile applications, and APIs.
• Support compliance requirements of the Banko Sentral ng Pilipinas (Central Bank) and PCI-DSS certification.

By shifting to a Cloud Native architecture, we could generate greater business value and deliver on customer expectations more quickly.

When evaluating potential tools to overcome Bayad’s challenges and elevate its standard for cloud native security, stakeholders from the Cyber Security department identified solution requirements and selection criteria. These included: 

• Security controls that support automation across agile DevOps workflows and cloud native development pipelines.
• Extensive integration support for a variety of Amazon tools and services, including AWS CodePipeline, AWS CodeBuild, and Amazon Landing Zone. 
• Ability to analyze container images and prioritize vulnerabilities for remediation. 
• Ability to detect security risks in serverless functions, supporting Lambda and Fargate. 
• Ability to detect, prevent, and respond to anomalous activity at runtime.

“Given Bayad’s direction for cloud adaptation,” states Mel Migriño, Meralco Group CISO, “we had to prioritize security controls in this new environment to ensure that the environment remains secure and intact.” Bayad’s evaluation included market research to establish a viable short list of potential vendors, followed by providing requirements to candidates, collecting detailed responses from each, and accomplishing a cost-benefit analysis. 

Additionally, the team regarded the strong solution competency and rapid response to communications by Aqua’s local partner as positively influential in their evaluation.  

Bayad selected Aqua’s cloud native application protection platform to secure its digital transformation. The chosen Aqua solutions and critical capabilities include:

• Container image vulnerability scanning
• Serverless function security scanning
• Cloud security posture management (CSPM)
• Cloud workload protection and runtime security
• Risk-based insights (vulnerability prioritization and triage)
• Flexible security policies with audit/enforce modes
• Deep integration with key Amazon solutions for DevOps

At inception, Bayad involved stakeholders from Security, Development, and Cloud Deployment teams. Initial implementation activities were deliberate and gradual, accelerating for subsequent projects. “In the first application integration,” explained Migriño, “we held weekly project meetings and daily deployment and troubleshooting activities with the local Aqua partner to ensure successful integration of the solution.”

With Aqua, Migriño and team are able to assess security risks in the pipeline before applications get pushed into production. This includes detecting and remediating vulnerabilities in container images and serverless functions, security misconfigurations in cloud environments, and the presence of hidden secrets and sensitive data in application artifacts. Aqua is also being used to extend security controls into production environments, where Aqua detects and prevents anomalous or disallowed behaviors at runtime. Additionally, Bayad is better prepared to adhere to industry best practices and compliance requirements, supporting principles of least privilege, detecting anomalies at runtime, and hardening cloud infrastructure.

“We are satisfied with the Aqua product and its feature enhancements,” expressed Ferrer. “We also like the visibility and support given by their local partner. In the past twelve months, we have expanded Aqua’s footprint twice and added new capabilities to our implementation.”

As a result of their relationship with Aqua and its local partner, Bayad has realized their vision for greater security of critical applications, protection of sensitive business and customer data, and compliance with industry requirements. “With Aqua, we now have visibility on the vulnerabilities of our cloud native applications,” stated Migriño, “and it helps us prioritize remediation of these so our Security Operations team is not overwhelmed.”