Hilton Premium Club Japan | Just After Midnight

Skip to content

Get in touch ➔

Search

24/7 Support

What we offer

Support Packages

Our Tech

By Industry

Agencies

SaaS Platforms

eCommerce

By Cloud Provider

24/7 Support for AWS

24/7 Support for Azure

24/7 Support for GCP

Cloud & DevOps

Managed Cloud & Consultancy

By Cloud Provider

AWS

Azure

GCP

Alibaba Cloud

Cloud Consulting

Cost Optimisation

Well-Architected Review

Solution Architecture

Cloud Migration

Application Modernisation

DevOps Consulting

DevOps Delivery & Automation

Platforms

Support for Platforms & Tools

Sitecore

Kentico

Umbraco

AEM

Optimizely

Magento

WordPress

Custom Applications

Case Studies

About

About

About Us

Our Insights

Security Accreditations

Agency Partners

Careers

Get in touch ➔

Hilton Premium Club Japan

Bringing Hilton’s loyalty program onto a secure AWS platform

24/7 Support

AWS

Cloud Migration

Hospitality

Singapore

SRE

Highlights:

99.9%

SLA availability

30 min

response time

24/7/365

coverage

The client

Hilton Hotels is a global hospitality brand, using digital experiences to keep guests engaged before, during and after their stay. Hilton Premium Club Japan (HPCJ) is its paid loyalty program for Japanese consumers, running on a dedicated platform at hpcj.jp and operating separately from Hilton Honors.

HPCJ serves thousands of members and covers properties mainly in Japan, with some in Korea, so availability and data protection are critical to the program’s reputation.

The challenge

HPCJ was hosted on AWS by an incumbent vendor who was not ISO 27001 certified and unwilling to pursue certification. For a fee-based loyalty program handling member data, this posed a clear security and compliance risk.

Hilton also faced a hard deadline: the platform needed to be fully compliant by 31 December 2025. That meant migrating off the previous provider and into a new, secure AWS environment in the Tokyo region, without impacting members. At the same time, Hilton needed 24/7 cover, clear SLAs and predictable costs, without building its own cloud operations team.

The solution

Just After Midnight was selected as cloud and SRE support partner for HPCJ based on its security-first approach and ISO 27001 certification. ISO 27001 is the globally recognised standard for information security management, and JAM’s certification confirms that its security management system is independently audited and aligned with international best practice, from access control and data handling through to risk management and day-to-day operations.

JAM delivered a clean-slate migration over roughly two months. The team provisioned a brand-new AWS account and VPC in the Tokyo region with a hardened security baseline, including IAM policies, password rules and services such as Security Hub, GuardDuty, cost optimisation and budget alerts.

Using Terraform, JAM built out public and private subnets, NAT gateways and a bastion host, then deployed the serverless stack powering HPCJ: Lambda across DEV, UAT and PROD, Aurora Serverless v2, DynamoDB and S3, fronted by CloudFront and API Gateway.

Security and access were redesigned to meet Hilton’s requirements. JAM implemented an SSO user access portal, least-privilege roles for all stakeholders and tightly controlled access sharing. CI/CD pipelines were reconfigured and tested for each environment, configurations were updated to point at the new account, and DNS was cut over in a managed window so members could continue using HPCJ without interruption.

Post-go-live, JAM provides 24/7/365 SRE infrastructure support with continuous monitoring, structured incident management, regular patching, runbooks, a maintenance manual and monthly reports on performance, incidents and recommended improvements.

Results

HPCJ has moved from a non-compliant vendor to a secure AWS environment managed by an ISO 27001-certified partner, giving Hilton a strong story on security and compliance ahead of the 31 December 2025 deadline.

The new platform gives Hilton clear security boundaries, a modern serverless architecture and confidence that its loyalty members’ data is handled under an audited, globally recognised standard.

Under the new model, Hilton benefits from a 99.95% availability SLA for the HPCJ production environment, backed by 24/7/365 SRE cover and tight incident SLAs: 30-minute response and 4-hour target resolution for Priority 1 issues, and 8-hour targets for Priority 2.

With JAM owning the secure AWS foundation, Hilton can concentrate on growing the HPCJ program, knowing the underlying platform is compliant, resilient and professionally managed around the clock.

Thanks for reading this article!

Know someone who'd find this useful? Pass it on.

Other case studies you may be interested in

Vodafone

Transforming the DevOps approach for Vodafone eCommerce

AWS

DevOps

Global

UK

+2

StructureFlow

A watertight DevOps and support solution for this LegalTech SaaS...