The Challenge
A customer had recently acquired a major global payments solution business and were looking to bring the services under their umbrella. While the Towers Associates team are well placed to assist with the migration of these services, there was one area that first needed to be addressed, their compliance stance. The incoming business had a requirement for any platform their services would run from must firstly be able to demonstrate they meet PCI DSS compliance standards.
The customer had two options.
- Review and uplift their entire environment to PCI DSS standards
- Create a separate bubble for the incoming customer to reside in, essentially creating an environment that would require constant and independent attention to ensure the environment remained on the right side of the compliance curve.
The latter option of course would be the easier choice, however, to standardise operations and spread the benefits of these controls across their entire estate, the customer decided to opt for the first option.
The Solution
We implemented Clarity, our compliance scanning tool, which enabled immediate progress to be made, and rapid visibility on the size of the task ahead.
- Scanned current VMware estate against CIS level 1 & 2 controls.
- Mapped CIS controls to the PCI DSS standards.
- Identified remediation steps to achieve a “Pass” score.
- Create a priority list, High, Medium, Low.
- Conduct a series of workshops to refine the controls of interest, and document those that had obvious reasons to accept a “Failed” score against.
- Provide a dashboard view of compliance over time – to enable programme to track progress daily.
The Outcome
- PCI DSS compliance signoff.
- Ongoing real-time monitoring of the compliance stance.
- Extended project to other DC locations in APC.