Bitdefender Completes Acquisition of Horangi Cyber Security


Products +

Services +

Customers +

Partners +

Resources +, A Leading Organization That Wins With Security

Staying ahead of regulatory requirements cements’s position as an industry leader in the booking space. stays continuously compliant with ISO 27001 and PCI-DSS, working closely with Horangi’s consultants, who conduct frequent testing on’s web applications and infrastructure. Horangi’s consultancy on matters including cybersecurity policies, Business Continuity Planning (BCP), and incident response awareness is also key in improving’s security capabilities. 

Business Challenge

Maintaining the highest payment service provider and cybersecurity standards to continue its reputation as a trusted business in the booking space.

Horangi's Impact

Helped attain — and maintain — the ISO 27001 and PCI-DSS certifications, and improve security capabilities.

The Story is an Indonesian flight and hotel booking platform that was founded in 2011. Known as an OTA (Online Travel Agent) company, offers bookings for hotels, flights, car rentals, trains, events, and attractions. Today, partners with over 11,000 hotels across Indonesia and has offices and staff in Singapore, Kuala Lumpur, and Bangkok. operates both web and mobile apps, and its fast-growing platform sees over 6 million transactions a year. Other than ticket purchases through the app, customers are also able to edit their bookings, make cancellations, and obtain refunds.

Protecting the ever-increasing amount of customer records has always been a top priority for the organization, whose users doubled to 15 million in 2019. With this security-first mindset, engaged Horangi in 2018 in the hopes of a long term partnership.

At the time, the team already had its sights on meeting ISO 27001 and PCI-DSS compliance standards.

The Engagement

You may think you know your security and compliance gaps, but third parties are crucial in helping to test that hypothesis. Right off the bat, Horangi conducted a thorough gap assessment for to uncover the large risk areas.

The compliance journey is an organization-wide effort. Horangi quickly helped to identify that and charted a roadmap with progressive milestones that would serve as’s guide to achieving its business objectives. Crucial to the process was the top-down support from management and helping to raise awareness of the compliance — teamwork breeds success. On the technical end, Horangi’s consultants established a security testing frequency as a proactive measure for assessing’s web applications and other infrastructure.

The Results

Together with the tireless support from the organization’s own InfoSec team, Horangi consultants helped to advance in its compliance journey for ISO 27001 and PCI-DSS certification.

This required a Herculean effort across the organization. Horangi’s consultants wrote tailored security and operational policies that were enforced for processes including software releases, third party partnerships, and even physical security. The consultants also regularly conducted Penetration Tests on applications and infrastructure to help fix vulnerabilities, staying ahead of new attack vectors.

“Talent makes a clear difference in our work with third parties. Horangi’s strong understanding of client needs, ability to elaborate problems into concrete solutions, and sheer ability to execute on these solutions make them a security vendor suitable for organizations of all sizes that need to embark on a similar compliance journey as ours,” said Raden Ardiansyah Natakusumah, Head of Information Security,

Today, has attained both ISO 27001 and PCI-DSS certifications. The business makes it a priority to demonstrate this commitment to data security to its customers. It’s why the work does not stop at certification. Cybersecurity and compliance is an ongoing journey, and Horangi continues to lend its expertise to help maintain its strong security standards to win customer trust.