Client Stories

Plaza Premium

Architecture diagram Nextlink assisted Plaza Premium in migrating workloads to AWS with high scalability and security, and improved the reliability of the AWS system architecture by 20% and reduced costs by 50%. With AWS information security best practices, Nextlink has strengthened the five aspects of security for Plaza Premium, and greatly improved the security protection. […]

Nextlink not only provides suggestions for the AWS architecture, but also provides complete cloud security solutions, allowing us to focus on providing better and more comfortable services for multinational travelers

Plaza Premium

About

Company Profile

With a mission of “making travel better”, Plaza Premium Group is a pioneer and the market leader in airport hospitality services with an international footprint of over 170 locations across 46 airports in 23 countries and regions, serving 16 million travellers annually.

The group comprises five core business segments – airport lounges Plaza Premium First and Plaza Premium Lounge; airport terminal hotels Aerotel and Refreshhh by Aerotel; airport meet & greet services ALLWAYS and a range of Airport Dining concepts. In addition to its own brands, Plaza Premium Group provides airport hospitality solutions to leading airlines, alliances and corporates around the world, including but not limited to Cathay Pacific Airways, Singapore Airlines, Lufthansa, China Southern Airlines, Star Alliance, SkyTeam, American Express and many more. By continuously innovating and striving to surpass travellers’ expectations of airport experiences, the group is growing exponentially across major international airports globally.

The Challenge

Plaza Premium was running their IT infrastructure on-premise maintained by a full technical team. In order to manage it, all physical hardware and human resources have to be managed with a fixed budget every year. When the client’s workloads reach capacity limits, scaling up IT capacity in an on-premise environment can be time consuming and frustrating at the same time wasting unnecessary time and capital. In terms of security, as the infrastructure scales, more vulnerabilities are exposed as “known” unknown due to IT infrastructure sophistication. That is why Plaza Premium wished to migrate their workload to a highly scalable platform in PaaS/SaaS model with ready-to-use security and compliance services.

The Solution

In order to achieve high scalability for future growth and fulfil PCI-DSS compliance standard at the same time, Nextlink plays an important role on:

Infrastructure provisioning under Well-Architected framework

AWS Well-Architected framework is always a golden standard to build secure, high-performing, resilient, and efficient infrastructure for applications and workloads. Nextlink, as AWS premier partner, straightly follows this guideline to design and implement the whole infrastructure for Plaza Premium, so as to prepare them for a growth footprint on cloud technology.

Achieving Compliance-Standard Security Hardening

Cloud security at AWS is the highest priority. As an AWS customer, Plaza Premium benefits from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Nextlink has designed a security principle based on AWS best practices and AWS Cloud Adoption Framework (CAF), so as to provide a reliable and compliance-ready security solution for our customers under the strategy of Directive, Preventive, Detective and Responsive.

Intrusion Detection and Protection

1. GuardDuty is able to detect threats and continuously monitor for any malicious activity and unauthorized behaviour. GuardDuty is integrated with threat intelligence feeds. Coupled with machine learning it can perform automated remediation actions by leveraging CloudWatch events thus reducing client’s remediation and recovery time.

2. WAF are costly and hard to manage in an on-premise environment. But in AWS, AWS WAF is a fully managed layer-7 application firewall which is well integrated with CloudFront and ELB to protect client’s applications from DDoS attack and common attack patterns such as SQL ingestion and Cross-site scripting.

Encryption in-transit and at-rest

1. KMS is a managed encryption service to provide a highly available key storage, management, and auditing solution for data encryption across AWS services and within self-own applications.

2. ACM is a managed SSL certificate provider, which generates SSL certificates for free, highly-integrated with AWS services to serve HTTPS requests with in-transit encryption.

Logging and Monitoring

1. CloudWatch as a monitoring and logging service to centralize log management and alarm configuration. All EC2 should have CloudWatch log agent and IDS agent installed, so that both system, application log and other custom log can be sent to CloudWatch log.

2. CloudTrail as a logging service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS infrastructure.

3. ElasticSearch Service as a logging centralization and visualization tool. By utilizing Kibana dashboard, users can visualize the findings and convert data into actionable intelligence.

Maintenance and Optimization

1. Systems Manager Patch Manager to automate the process of patching managed instances with security-related updates.

2. ISV solutions including Tenable and Trend Micro to further harden the security protection on OS and S3 layer anti-virus.

The Benefits

Service reliability and cost efficiency by at least 20%.
Reduces manpower and labour cost associated with maintenance by 50%

Security services are delivered in SaaS model, which is out-of-the-box PCI compliant. By using AWS services, PCI compliance is greatly mitigated through AWS. These services provide smarter and more proactive protection to the client’s system and network resources in order to meet the required compliance standards.

Architecture diagram

Nextlink assisted Plaza Premium in migrating workloads to AWS with high scalability and security, and improved the reliability of the AWS system architecture by 20% and reduced costs by 50%. With AWS information security best practices, Nextlink has strengthened the five aspects of security for Plaza Premium, and greatly improved the security protection.

As an AWS Managed Services Provider (MSP), Nextlink also provides Plaza Premium with 24×7 monitoring, reporting, and management of their AWS infrastructure and environment after the migration. A monthly report is provided to Plaza Premium to give them a holistic overview of their AWS environment and usage. Potential vulnerabilities are identified and shared in the report. Well-architected reviews are conducted on a regular basis to optimize Plaza Premium’s environment based on the five pillars – operational excellence, security, reliability, performance efficiency and cost optimization. Through these reviews Nextlink is able to deliver cost savings and close any identified security gaps. With Nextlink’s Managed Services, Plaza Premium can tap the full potential and benefits of cloud.

Customer Stories

More Stories

Kee Wah Bakery

Nextlink supported Kee Wah Bakery to migrate its e-commerce platform to the AWS cloud. With AWS, Kee Wah can leverage highly available cloud infrastructure to improve their business performance. They can also efficiently utilize real-time monitoring to manage their website and avoid unplanned downtime due to surges in traffic, especially during peak seasons, such as the Mid-autumn Festival and the Chinese New Year.

Yamato Logistics Hong Kong

“This data solution is a milestone along the digital journey of Yamato Hong Kong”, says Geroge Tang, Sales Manager of Nextlink Hong Kong. “The FMS is a piece of important information and asset for the logistics and transportation businesses.

Aquatech

Nextlink provided solutions and suggestions to optimize Aquatech’s environment based on AWS best practices to ensure it is secured, reliable, efficient, and running at an optimized cost.

Leezen Co., Ltd.

Through Nextlink’s AWS Cloud migration services, the original structures of Leezen were partitioned and optimized. As the pre-existing program...

The Bliss and Wisdom Buddhism Foundation

The structures optimized by Nextlink not only saved human resources but also markedly raised the website quality

Le Ble d’Or F&B Co., Ltd.

As a forward-looking company, Le Ble d’Or employed AWS for integration assessment when Cloud technologies took off a decade ago. The stable AWS systems

friDay Video

AWS Application Architecture AWS focus on customer obsession, and using AWS makes friDay Video's development team work without any worries.

International Games System Co., Ltd.

Nextlink can provide multiple assistance and suggestions from the perspective of customers to provide the most effective help.

NewsLeopard Inc.

AWS Services Amazon EC2, AWS Lambda, Amazon Aurora, Amazon DynamoDB, Amazon CloudFront, Amazon S3

Nuvoton

Nextlink made the most suitable AWS architecture for us to expand our new market.

Contact Us

Contact a professional Nextlink technology cloud consultant now. Creating new value, together.