About Pango
Pango was established in 2007, and the Pango app has become the leading digital wallet in the transportation field in Israel, with over 3 million customers. Their smart mobility app simplifies transportation by centralizing driver and passenger payments in one place, while integrating various transportation modes for hybrid journeys.
At Pango, security is a top priority. It regularly handles sensitive user information and connects to various government organizations, including systems at the Ministry of Transportation. To ensure they are operating at the highest levels of security, Pango collaborates with the Cloud Security team at AllCloud on an ongoing basis, helping them maintain a top-tier security environment.
Focus on Security
AllCloud delivers comprehensive security support and solutions to Pango, customized to meet their needs. The work aims to strengthen Pango’s overall security posture, enabling them to meet – and exceed, relevant compliance standards and provide users with the highest levels of security.
AllCloud’s collaboration with Pango centers on:
- Compliance & Resource Configuration: ensuring compliant resource configurations and implementing best practices that significantly reduce potential threats.
- Perimeter Protection: providing network security by controlling all incoming and outgoing internet traffic to and from the system.
- Threat Detection & Incident Response (24/7 SoC): providing continuous monitoring and initial response to security incidents through AllCloud’s Security Operations Center (SoC).
- Vulnerability Management: addressing software vulnerabilities, including through “shift left” (scanning code and developer environments) and “shift right” (monitoring the running environment) approaches.
To deliver its services at an optimal level, AllCloud leverages the entire suite of AWS native security services, tools, and solutions, as well as other tools for the investigation platform.
Spotlight on SOC:
Beyond the Network Operations Center (NOC), which handles technical issues and alerts for Pango, AllCloud manages the Security Operations Center (SOC) for Pango, which focuses specifically on security-related problems and alerts. The 24/7 SoC continuously monitors the most recent logs and ensures continuous system availability. AllCloud analysts investigate all security alerts, determining if they are genuine threats or false positives before informing Pango.
To implement the SOC, AllCloud’s Cloud Security experts worked closely with the Pango security team. Through this collaborative process, they developed incident response (IR) procedures and clearly defined the roles and responsibilities of each team. They developed a continuous security program for Pango’s AWS environment, utilizing the built-in controls of the AWS Security Hub. This facilitates the ongoing process of identifying and addressing security gaps, as new vulnerabilities emerge.
In a proactive effort to address security, the AllCloud and Pango teams are in close, regular contact. They hold meetings every two weeks to review identified security gaps, determine ownership for their resolution, define the necessary steps, and set completion timelines. This systematic process ensures comprehensive security coverage, making sure no security vulnerabilities are left open.
Benefits:
While Pango’s team was familiar with cloud security, they lacked the specific expertise in managing AWS cloud security. By partnering with AllCloud, Pango gained access to the necessary expertise to secure their product’s AWS environment. Furthermore, Pango had the comfort of knowing they could turn to the Cloud Security experts at AllCloud to provide the necessary knowledge and specialized skills as needed – as if they had their own “on call” AWS Security team.
As a result of these collaborative efforts, Pango significantly increased its overall security posture score to 73%, while the initial average score in the sector is below 50%.
This accomplishment not only reflects Pango’s commitment to product security and protecting user data, but it also ensures their compliance with ISO 27001. Additionally, it enables them to obtain the necessary approvals from various authorities to handle sensitive customer, vehicle, and personal data.
