Traveloka Takes Off with AWS Security Solutions, Bolstering Infrastructure Security and Management

Every day, millions of people reserve flights, hotels, trains, cars, and other travel components on Traveloka, one of Southeast Asia’s leading travel platforms. Founded in 2012, Traveloka now operates in six countries across Southeast Asia.

Like all enterprises that deal with customer data, Traveloka focuses heavily on cybersecurity for online services. The company adopts a proactive and preventative cybersecurity strategy to maintain regulatory compliance in the six countries where it operates. “Responsible operation is a top priority, and we place utmost importance on security throughout our business processes,” says Jose Dalino, head of Engineering, Technology Architecture & Operations at Traveloka. “Whether it's safeguarding our platform, protecting consumer and partner data, or securing online payments, we understand the importance of protecting data.”

As its business grew, Traveloka sought to enhance its security capabilities effectively. For example, the company wanted to automate the detection of endpoints such as API gateways and load balancers on its network. As part of these efforts, the company looked to integrate its web application firewall security tools with its growing Amazon Web Services (AWS) Cloud environment. “We have formed a strategic relationship with AWS since inception, and we trust AWS technology solutions for Traveloka’s platform. Our goal was to manage security effectively through integration with AWS,” says Dalino.

Since many of Traveloka’s workloads had already utilized AWS’ solutions, it was easy for the business to deploy AWS Web Application Firewall (AWS WAF) to increase endpoint protection and provide its applications with an additional layer of security. AWS WAF is a cost-effective solution that reduces the need for manual security tasks and provides automated security controls—features that were essential to Traveloka.

Following a successful proof of concept, Traveloka deployed AWS WAF into production within two months. The business collaborated with AWS Enterprise Support for a thorough review of its distributed denial-of-service (DDoS) response process, which was validated by the Shield Response Team.

Furthermore, AWS Enterprise Support worked closely with Traveloka to review and analyze Traveloka's WAF rules. The aim was to ensure compliance with security standards and address critical application security vulnerabilities effectively. Dalino explains, “With a strong emphasis on security implementation in our platform, AWS played a pivotal role in providing valuable support to our team. They promptly addressed our inquiries and assisted us in the seamless rollout of these AWS services.”

To further protect its applications, Traveloka implemented AWS Shield, a managed service that guards against DDoS incidents, and AWS Firewall Manager, a security management service that centralizes firewall policy configuration and management across multiple accounts. “The seamless integration of AWS WAF, AWS Shield, and AWS Firewall Manager into our existing AWS environment simplified deployment and centralized security management,” Dalino says.