Summary
Key results
~90% reduction in regression testing time and a 60% increase in test coverage
Full PCI DSS 4.0 compliance enabled by automated security controls
Secure scale and rapid change in global travel tech
As a key player in the travel ecosystem, the client supports end-to-end processes – search, booking, and payments – for airlines, hotels, agencies, and travelers worldwide. Growing transaction volumes and partner networks raised requirements for security, regulatory compliance (PCI DSS 4.0), and release velocity across front- and back-end layers. Maintaining a large, in-house IAM solution became costly and difficult, while a distributed architecture and long 3–4-week regression cycles constrained deployment speed and business agility.
The company needed a partner combining cybersecurity, cloud, and delivery-automation expertise to modernize access management, ensure full compliance, simplify architecture, and radically shorten time-to-production – without increasing operational risk.
Modern architecture, security-by-design, and automated pipelines
Sii Poland led an integrated modernization program spanning security, cloud architecture, and software delivery. Our experts were embedded in product teams to modernize IAM (within the Community Portal ecosystem) and the Digital Connect platform powering the booking experience.
Scope of work included:
- IAM and security modernization – migration from a custom IAM to Okta, MFA rollout across critical user journeys, and back-end hardening to meet PCI DSS 4.0 requirements
- Cloud and data migration – moving data and workloads from AWS S3 to Google Cloud Storage with minimal downtime, plus cloud cost-efficiency improvements
- Back-end unification and tech-debt reduction – upgrades to modern stacks (Java 11/17/21, Spring Boot 3.x), large-scale refactoring with Netflix OpenRewrite, and an API-first approach for key services
- CI/CD and test modernization – migrating pipelines from Jenkins to GitHub Actions, introducing Kubernetes CronJobs, automating environment provisioning in AWS and GCP, migrating tests from JUnit 4 to JUnit 5, expanding test automation, and stabilizing 80+ environments
- Modern frontend and accessibility – rebuilding the UI in React with full WCAG 2.2 compliance for a faster, more inclusive user experience
The program covered the full value chain – from identity and security, through application and data layers, to CI/CD processes and user experience.
Faster releases, lower costs, fewer incidents
The changes impacted thousands of users (employees and customers using the Community Portal) and dozens of applications behind the IAM gateway. The modernization shifted delivery from a slow, risk-prone release model to a predictable and scalable approach for mission-critical systems. Instead of waiting weeks, teams now ship updates within hours – significantly improving business agility and time-to-market.
Standardization and automation delivered measurable savings: infrastructure run costs decreased by ~25%, and teams can handle greater change volume without increasing headcount. Cutting regression time by ~90% and increasing test coverage by 60% reduced defects and stabilized the platform. Security improved in parallel: incidents and vulnerabilities decreased, and the organization gained tighter control over access to systems and data. The program met stringent regulatory requirements and reduced operational risk for a platform processing millions of transactions.
The outcome is a modern, secure, and flexible platform that supports continued product and service development for travel partners – airlines, hotels, and travel agencies – while delivering a stable experience for millions of travelers worldwide. After the main modernization phase, Sii continues to develop and operate selected areas in a combined Dev + DevOps team model.