Bayad ( CIS Bayad Center , Inc .) is the largest multichannel payment platform in the Philippines and the country ’ s pioneer in outsourced payment collection .
Bayad offers a suite of solutions ranging from dependable bill collection for corporate partners to reliable , convenient payment services for the
BBy shifting to
a cloud-native architecture , we could generate greater business value and deliver on customer expectations more quickly .
public . Bayad emphasises security of sensitive data and high availability , which allow businesses and customers to confidently accomplish their financial and commercial interests .
Bayad uses Aqua ’ s portfolio of cloudnative security solutions to ensure security and compliance of its digital wallet platform , biller aggregator service and bills payment platforms .
Mel Migriño , CISO , Meralco Group ( owner of Bayad )
Bayad has been investing in a shift to cloud-native application methodologies , using container and serverless technologies to increase agility , scalability and resilience of key applications .
As part of this initiative , the organisation must enable developers to focus on writing code while eliminating roadblocks to secure deployment . Operating in a highly regulated industry required Bayad to overcome some critical challenges , including :
• Ensure that stakeholders , from development to security , have visibility into the risk posture and compliance status of development artifacts , running applications and cloud environments .
• Detect and resolve information leakage across the application and cloud ecosystem .
• Facilitate an evolution from legacy systems that are unable to meet the growing demands and expectations of the market .
• Establish unified security standards and security control points for more than a thousand functions across multiple web applications , mobile applications and APIs .
• Support compliance requirements of the Banko Sentral ng Pilipinas ( Central Bank ) and PCI-DSS certification .
By shifting to a cloud-native architecture , the company could generate greater business value and deliver on customer expectations more quickly .
“ Going serverless enables us to run our new Bayad applications smoothly ,” said Lawrence Ferrer , President and CEO , Bayad , “ paving the way to an improved payment experience for Filipinos as they continue to navigate their way in the new normal .”
When evaluating potential tools to overcome Bayad ’ s challenges and elevate its standard for cloud-native security , stakeholders from the cybersecurity department identified solution requirements and selection criteria . These included :
• Security controls that support automation across agile DevOps workflows and cloud-native development pipelines .
• Extensive integration support for a variety of Amazon tools and services , including AWS CodePipeline , AWS CodeBuild and Amazon Landing Zone .
• Ability to analyse container images and prioritise vulnerabilities for remediation .
• Ability to detect security risks in serverless functions , supporting Lambda and Fargate .
• Ability to detect , prevent and respond to anomalous activity at runtime .
“ Given Bayad ’ s direction for cloud adaptation , we had to prioritise security controls in this new environment to ensure that the environment remains secure and intact ,” said Mel Migriño , CISO , Meralco Group ( owner of Bayad ).
Bayad ’ s evaluation included market research to establish a viable short list of potential vendors , followed by providing requirements to candidates , collecting detailed responses from each and accomplishing a cost benefit analysis .
Migriño continued : “ Based on the assessment of our team , Aqua offers the capabilities that best match our environment from containers all the way to serverless .”
Additionally , the team regarded the strong solution competency and rapid response to communications by Aqua ’ s local partner as positively influential in their evaluation .
Bayad selected Aqua ’ s cloud-native application protection platform to secure its Digital Transformation . The chosen Aqua solutions and critical capabilities include :
• Container image vulnerability scanning
• Serverless function security scanning
• Cloud security posture management ( CSPM )
• Cloud workload protection and runtime security www . intelligentciso . com