Featured Case Study Cloud Classified POPULAR UTILITY PROVIDER SECURES MILLIONS OF TRANSACTIONS EACH MONTH IN PCI-COMPLIANT CLOUD CLOUD CLASSIFIED

Size: px

Start display at page:

Download "Featured Case Study Cloud Classified POPULAR UTILITY PROVIDER SECURES MILLIONS OF TRANSACTIONS EACH MONTH IN PCI-COMPLIANT CLOUD CLOUD CLASSIFIED"

Clemence Terry
8 years ago
Views:

1 Featured Case Study Cloud Classified POPULAR UTILITY PROVIDER SECURES MILLIONS OF TRANSACTIONS EACH MONTH IN PCI-COMPLIANT CLOUD

2 Featured Case Study Cloud Classified POPULAR UTILITY PROVIDER SECURES MILLIONS OF TRANSACTIONS EACH MONTH IN PCI-COMPLIANT CLOUD Region: Employees: Industry: Market: Customers: Southwest More than 10,000 Utilities Residential & Commercial 1-5 Million On paper, s tokenization plan made sense. A popular utility provider in the southwest, they had an existing relationship with a legacy vendor that promised they could not only build the tokenization capabilities, but also host sensitive cardholder data in a PCI-compliant environment. Months into the project, however, knew that vendor was in over their heads. A drastic change was needed immediately. The scope of the project, which handled some 6 million transactions per month and the majority of the company s revenue, was simply too large. And too ARMOR.COM PAGE 2

3 Scope it out Like any organization that stores credit card data to complete transactions, must comply with PCI 3.0 mandates. But it wasn t the fact that they had to comply, it was how much of the infrastructure that was in the scope of the regulations. In this scenario, the cardholder data environment (CDE) was actually part of their corporate network, leaving the majority of the organization in the scope of what would be assessed. It created a situation that would be expensive to secure and manage. And even more so to audit. It s a rough estimate, but migrating the bulk of their infrastructure out of scope would save the company millions of dollars. In fact, the tokenization project Many of the environment s security A critical necessity, this was cause for change. And the timing was right. Knowing that their legacy vendor was out of the picture, contacted trusted sources who had been part of their past PCI audits. Through those connections, an introduction to Armor was made. From there, the difference was evident. Armor helped design a customized environment that fit each and every one of their needs. Once the CDE was moved out of scope, Armor collaborated with during their audit process, which included everything from consultation, building a roles and responsibilities matrix, and providing both the Report on Compliance (ROC) and Attestation of Compliance (AOC). It was the white-glove service sought from the onset. DATA DOCUMENTATION Report on Compliance (ROC) The most valuable piece of PCI assessment documentation, the 224-page ROC is an organization s full report on how their environment aligns with PCI requirements. It s highly sensitive and never made public. Attestation of Compliance (AOC) The AOC is a public-facing document that helps prove an organization is PCI-compliant. There are specific versions for merchants and service ARMOR.COM PAGE 3

4 Environment architects To meet the established objectives, Armor helped architect a geographically loadbalanced environment with full failover capabilities. It was a complex and redundant solution with direct MPLS connections to Armor that met the strict disaster recovery and business continuity requirements. POWER IT 4 LOAD BALANCERS Working together, and Armor opted to scale the environment across data centers in both Dallas and Phoenix. This ensured that the tokenization solution would remain operational and always taking payments regardless of hardware failure, forces of nature or other disasters. It was a critical requirement that cemented the partnership. 4 DATABASE SERVERS 4 WEB SERVERS 4 APPLICATION SERVERS 2 MPLS CIRCUITS FOR DIRECT CONNECTION TO ARMOR DATA ARMOR.COM PAGE 4

5 Payment islands Looking forward The design strategy behind Armor s secure cloud is based on specific needs of PCI-driven companies, particularly organizations like that execute millions of dollars of transactions and must protect customers personal and financial data at all costs. Like with , Armor decentralizes customer infrastructures to minimize the success of potential attacks and maintain business continuity. By decoupling data from monolithic IT environments, utilities, ecommerce, retailers and other financial institutions are able to reduce the risk of data breaches and achieve PCI compliance with less pain. The relationship born from a compliance need, but successful because of execution was maturing. In fact, even endorsed Armor to one of the company s subsidiaries that needed to guarantee PCI compliance for their credit card environment. To date, s tokenization platform is not only PCI-compliant, but also defended around the clock by Armor support and security experts. The strategic relationship began as the solution for a specific problem, but has evolved as something much more valuable: a partnership. By decoupling data from monolithic IT environments, utilities, ecommerce, retailers and other financial institutions are able to reduce the risk of data breaches and achieve PCI ARMOR.COM PAGE 5

6 US 2360 Campbell Creek Boulevard, Suite 525, Richardson, Texas Phone: UK 5 New Street Square, London, EC4A 3BF Phone: ARMOR All rights ARMOR.COM PAGE 6

Take back the initiative

Take back the initiative IT S TIME TO FOCUS ON OUTCOMES. NOT TOOLS. CEO VANTAGE POINT CHRIS DRAKE FOUNDER & CEO ARMOR @ARMOR ARMOR.COM PAGE PAGE 1 1 A prologue: defending the chocolate makers Imagine any