How To Move Fast Without Breaking Things

NB: This article has been adapted from its original version and originally appeared on the website of datatrans here.

Facebook’s old motto to “move fast and break things” became a mantra for many of today’s fast-growing startups. While moving fast is crucial for technology startups to succeed, the idea of breaking things is not a luxury that technology companies which process personal data or credit card information can afford. One mistake with this kind of information could quickly kill a company.  

apaleo was founded on its belief in speed – speed of development, speed of going to market, and speed of its ability to change the way that the hospitality industry works with technology. The company identified a lag in how hotels adopt new technology, caused by legacy technology that is slow to update and slow to integrate with other systems. It set out to build a new, cloud-based property management system (PMS) with an API-first approach that would allow the system to seamlessly connect to any application that a hotel could want, need, or build, all in a matter of minutes.  

As apaleo mapped out its infrastructure, the team knew that, on the one hand, it should move fast, but, on the other hand, it couldn’t make mistakes when it came to data security. PCI compliance was vital to apaleo to ensure its client’s data were secure and to avoid fines and potential punishments for not meeting the laws and regulations. 

Becoming PCI compliant is a process that can be extremely complex, taking some companies months, or even years to achieve. In the past, companies looked to do this all in-house, which is a considerable drain on time and resources. New staff must be recruited, or existing employees must shift their focus away from other projects. Then the team must invest time to understand all the details about PCI compliance and its impact on the company’s systems, products, employees and overall infrastructure. Once the requirements are understood, the team must implement all of the requirements. And finally, after all of this is completed, it is time to start over again, since companies must be re-certified on an annual basis.  

As a lean startup, apaleo did not see this as an ideal solution and searched for another way to achieve PCI compliance – the team had a product to build and wanted to focus on delivering key features and functionality. Knowing that it its very own open API approach was all about connecting with specialists in their field, apaleo chose to find experts in the payments and PCI compliance field. It found Datatrans, which offered a team of experts, as well as PCI Proxy, a purpose-build PCI compliance as a service environment.  

apaleo built its entire PMS platform in less than nine months, something that has taken other companies many years to deliver. And, using Datatrans PCI Proxy, apaleo became PCI compliant in a matter of days.   

PCI Proxy provided apaleo out-of-the-box Level 1 PCI compliance that gets apaleo’s service to market fast and secure. It allows apaleo to connect and exchange payment data with any PCI-compliant service provider and payment gateway while PCI Proxy takes care of PCI compliance. All sensitive data is then filtered and tokenised before it reaches apaleo’s software, ensuring apaleo’s systems never touch sensitive card data – reducing the PCI scope to a minimum.  

Since apaleo’s launch, it has now onboarded its first happy clients and has welcomed dozens of developers to develop on its platform, using apaleo’s public APIs. The company remains focused on moving fast and innovating, with speedy release cycles for new functionality and a plethora of new clients and partnerships in the pipeline.