WHY we left. Amazon Web Services for. Regulatory Compliance Improved Efficiency NO SURPRISES. Why We Left Amazon Web Services 1

Similar documents
With Eversync s cloud data tiering, the customer can tier data protection as follows:

Intermedia s Dedicated Exchange

Compliance and the Cloud: What You Can and What You Can t Outsource

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Client Security Risk Assessment Questionnaire

Close-Up on Cloud Security Audit

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

How To Create A Walkme.Com Walkthrus.Com Website And Help With Your Website Or App On A Pc Or Mac Or Ipad (For Pc) Or Mac (For Mac) Or Ipa (For Ipa) Or Pc

PCI on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for PCI on AWS

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Contact Centers in the Cloud: A Better Way to Source

How To Write A Pca Dss Compliance Solution For Gameplan Group Ltd

How To Ensure Account Information Security

Virginia Commonwealth University School of Medicine Information Security Standard

PCI DSS COMPLIANCE DATA

Is it Time to Look at an Ektron Managed Cloud Strategy? Copyright 2014 Ektron, Inc.

Amazon Web Services: Risk and Compliance January 2013

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

MECOMS Customer Care & Billing As A Service

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

WHY CLOUD COMPUTING MAKES SENSE FOR NONPROFITS

How cloud computing can transform your business landscape

Payment Card Industry (PCI) Data Security Standard

Amazon Web Services: Risk and Compliance January 2011

TOOLS and BEST PRACTICES

Hosted Virtual Desktops (VDI)

Using the Cloud for Business Resilience

HOW SECURE IS YOUR PAYMENT CARD DATA?

Cloud Security Trust Cisco to Protect Your Data

Hans Bos Microsoft Nederland.

Executive Report. Why Healthcare Providers Seek Out New Ways to Manage and Use Big Data

PCI DSS. Payment Card Industry Data Security Standard.

Agenda. - Introduction to Amazon s Cloud - How ArcGIS users adopt Amazon s Cloud - Why ArcGIS users adopt Amazon s Cloud - Examples

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

IT Governance In The Cloud: Building A Solution Using Salesforce.com

Platform as a Service and PCI

Secure Cloud Hosting for Healthcare Organizations

Information Security Management System for Microsoft s Cloud Infrastructure

Cloud Security Certification

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

IT Security and Compliance Program Plan for Maxistar Medical Supplies Company

Caretower s SIEM Managed Security Services

Microsoft s Compliance Framework for Online Services

Building an Effective

Anypoint Platform Cloud Security and Compliance. Whitepaper

How to ensure control and security when moving to SaaS/cloud applications

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

New Relic EU Data Protection Whitepaper

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

Cloud Security. DLT Solutions LLC June #DLTCloud

What a Processor Needs from a University to Validate Compliance

Introduction to AWS Economics

Amazon Web Services. For Government, Education, and Nonprofit Organizations. Jakob Huhn. Partner Manager Benelux, Public Sector

Microsoft Azure. White Paper Security, Privacy, and Compliance in

Amazon Web Services: Risk and Compliance July 2015

Level I - Public. Technical Portfolio. Revised: July 2015

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Obtaining CSF Certification Lessons Learned and Why Do It

What Every Business Should Know About PCI Compliance

PCI DSS Reporting WHITEPAPER

Payment Card Industry Data Security Standard

Amazon Web Services: Risk and Compliance July 2012

Securing Amazon It s a Jungle Out There

WHITE PAPER. Meeting the True Intent of File Integrity Monitoring

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Lot 1 Service Specification MANAGED SECURITY SERVICES

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

WhitePaper. Private Cloud Computing Essentials

Transcription:

WHY we left Amazon Web Services for Regulatory Compliance Improved Efficiency NO SURPRISES Why We Left Amazon Web Services 1

Launched in 2005, this mobile payment solutions startup quickly became a worldwide leader in mobile point of sale solutions, tools, and services to retailers and merchant-facing organizations. The founders realized that despite huge advances in device and network capabilities, only a tiny fraction of mobile merchants and direct sellers have access to payments and other commerce capabilities via their own mobile phones. By providing a single development platform to create and update commerce applications that run securely on all major mobile devices, the founders established a global reference for mobile payments. They are also able to provide all the essential services to make it easy to provision and support direct sales forces of any size. Since the technology is provided As-a-Service to their worldwide customers, the CIO chose Amazon Web Services (AWS) as their cloud provider for their agility and speed. The company began using AWS to take advantage of the low startup costs using Amazon EC2 to provision and manage instances and several other AWS services. Their Challenge Their technology was built with the highest security levels in mind. As an organization that processes, stores, and transmits credit card information, they are regulated by the Payment Card Industry Data Security Standard (PCI DSS.) Based on the standards of PCI DSS, organizations are required to maintain a secure environment throughout the entire transaction process. As the service provider, this company wanted to ensure that PCI regulatory compliance guidelines were followed to protect themselves, their merchant customers, and their end users. Why We Left Amazon Web Services 2

Non-Compliant While going through a yearly PCI Compliance audit, the company learned that their existing AWS solutions was non-compliant based on a specific requirement of an enterprise customer intending to use the mobile payments platform. Not only that, to be able to meet PCI regulatory compliance requirements, they needed an offsite disaster recovery site in a data center that could be physically audited. Thinking this could be resolved by simply reaching out to AWS as their cloud provider to help resolve this issue, AWS issued this statement: All merchants manage their own PCI certification. For the portion of the PCI cardholder environment deployed in AWS, your QSA can rely on our PCI compliance, but you will still be required to satisfy all other PCI compliance and testing requirements, including how you manage the cardholder environment that you host with AWS. AWS Website PCI DSS FAQS, April 2016 The representatives at AWS would not allow a physical audit of their data center to help this company receive their PCI compliance. The CIO had long dealt with the typical annoyances of Amazon Web Services. For example, the initial low cost for startups quickly changed when the company started experiencing exponential growth. Paying for extras and discovering hidden charges in their monthly bill was tolerable since he felt as ease knowing a global organization like Amazon supported his company. He dealt with the outages that are typical when it comes to large cloud providers. While he did receive extremely negative feedback from his customers when their platform was down for several hours, he still continued as an AWS customer. But, this was the final straw. Their organization was built on security and he, along with the company founders, required their providers to support their security and compliance initiatives. Why We Left Amazon Web Services 3

Cirrity Vision Cirrity s secure cloud services are designed from the ground-up to be highly secure, compliant, and offer unmatched performance & reliability. The CIO was lead to Cirrity through his value added reseller (VAR.) By working with this extended team of experts, he received an unbiased proposal that introduced him to Cirrity s secure cloud services. The CIO discovered that Cirrity s Cisco-Powered SECURE PERFORMANCE COMPLIANT RELIABILITY cloud infrastructure delivers the same enterprise-level infrastructure as a service and disaster recovery as a service that he had received from Amazon. While they needed immediate action for their PCI compliance, the CIO knew this was a decision not to be taken lightly. The most important step was to thoroughly analyze and validate Cirrity s compliance policy. Not only are they HIPAA and PCI compliant, but have also received SOC II Type 2 Attestation for Cirrity services and data center. For a specific case like theirs, Cirrity was willing to be flexible and allow for a physical audit of their secure infrastructure for PCI regulatory compliance. Cirrity was the first cloud service provider in the United States to receive the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR.) The CSA STAR Program is a comprehensive set of offerings for cloud provider trust and assurance. Cirrity has also received ISO/IEC 27001, which formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. ISO/IEC 27001 certification examines Cirrity s information security management practices to ensure that they are effective and not merely compliant. Why We Left Amazon Web Services 4

Cirrity Implementation Cirrity s partner utilized a multi-phase approach to transfer the mobile payment provider s infrastructure from AWS. The first phase was to store replicated versions of their environment in a secure offsite location. This would ensure disaster recovery and make their environment compliant with PCI and auditor requirements. Since the company had an elevated security risk from their non-compliance with PCI previously, the organization was required to go through an exhaustive audit of their physical data center. With Cirrity, they achieved this requirement and their PCI compliance. The second and remaining phases including migrating their data, customers, etc. off the Amazon Web Services and onto Cirrity s secure cloud. Why We Left Amazon Web Services 5

Results and Conclusion The company s main objective, achieve PCI regulatory compliance, was met through a physical data center audit of Cirrity s environment and Cirrity s PCI documentation. Since the main objective has been achieved, the company has also realized even greater benefits of working with Cirrity s secure cloud, including: No hidden costs or surprises. The contract clearly lays out all the costs included in the overall price and their monthly bill matches the contract. Flexibility. Cirrity runs as a lean operation, giving team members flexibility to shift priorities as their customer s needs change. Improved Efficiency. With no more dependence on AWS, this mobile payments provider has been able to shift their priorities to their customers. Whether accepting electronic payments in the store aisle, at a pop-up store or onboard an airplane, this mobile payments solution provider can ensure the integrity of their platform through the security and compliance of Cirrity s cloud. Why We Left Amazon Web Services 6

Virtual Desktops from the Cloud Secure Infrastructure as a Service Backup and Disaster Recovery www.cirrity.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information