Download   Report
  1. No category

here - CloudPassage

Use Case Summary
PCI DSS Compliance for IaaS Servers
®
Business Profile
®
Cloud management solution vendor
Industry
How RightScale
Achieved PCI DSS
Compliance on IaaS
Technology
Leading Cloud Management Company
Business Challenge
Uses CloudPassage to Speed
Needed a cloud-aware solution that provides visibility
and security for PCI servers
hosted in an IaaS environment to achieve PCI DSS
compliance.
PCI DSS Compliance
IT Environment
Servers with data in scope of PCI DSS on IaaS public
cloud infrastructure.
Solution CloudPassage Halo. Key selection criteria
•
Purpose-built for cloud environments,
requiring no development resources
•
Visibility into servers running within an
IaaS infrastructure
•
Real-time monitoring and enforcement
•
Runs on any cloud platform
Business Impact of Halo
•
Saved 6 months of development time that would
have been needed to create a cloud-aware solution
•
Requires 1/5 the ongoing management time
compared to alternative tools
•
Selected the tools needed to complement their
current infrastructure from Halo’s suite of
services—leveraging their current investments and
minimizing security vendors
•
Supported RightScale’s commitment to multi-cloud
environments with security for any cloud platform
•
Provided a solution RightScale could confidently
recommend to their customers as part of a
PCI DSS reference architecture
Case Study:
1
Business Profile
Solution Options
RightScale sells a cloud management solution that enables
organizations to manage all of their cloud infrastructure
with a single, integrated solution. Organizations use the
RightScale platform to deploy and manage business-critical
applications across public, private, and hybrid clouds. The
company has been in business since 2006. In that short
period of time, millions of servers have been launched with
the RightScale management platform.
The RightScale security and compliance team didn’t have
the requisite security tools for PCI DSS compliance in their
arsenal. RightScale was able to use its own proven cloud
management solution to deploy the PCI cloud servers in
the AWS environment but ongoing visibility and intrusion
detection capabilities on the IaaS servers was something
they would need to procure from elsewhere.
IT Environment
With its sales, RightScale accepts credit cards over the
Internet. Along with most of RightScale’s infrastructure, the
applications that are used to transmit, process, and store
payment card information are deployed entirely using the
Infrastructure as a Service (IaaS) offering on Amazon Web
Services (AWS). It helps the IT organization at RightScale to
be extremely responsive to the needs of the business, creating
agility and operational efficiency for the organization. Business Challenge
RightScale’s credit card transaction business made it
necessary for the company to achieve PCI DSS compliance
on their payment card servers. Phil Cox, Director of Security
and Compliance, was tasked with this responsibility. From a
compliance standpoint, achieving PCI DSS compliance
in an IaaS environment is typically seen as a challenging
task. However, Cox, a certified Qualified Security
Assessor (QSA) from a previous job, knew firsthand that
it had been done by others fairly easily.
The RightScale team knew they had two options: (i) either
take the typical set of traditional PCI DSS compliance
tools and build a framework around those enabling them
to work in a cloud environment or (ii) find a cloud security
solution that was already designed to meet PCI DSS in
IaaS environments.
The former would require the security team to divert
important deployment resources away from their core
business and would take six months of development time.
Cox knew that upper management was not going to sign
off on that. Instead, he decided use a cloud-aware security
solution that would provide RightScale with the required
security controls for PCI DSS compliance on IaaS servers.
Enter CloudPassage
The RightScale security team made the choice to go with
CloudPassage Halo. As a purpose-built cloud security
solution, it did not require any development by RightScale
and was able to automate the install, configuration, and
use for the RightScale security operations team.
Cox noted, “We selected CloudPassage because we
could just consume Halo—it gave us what we needed in a
scalable manner and I didn’t have to worry about it. It was
basically plug and play.” With Halo, RightScale saved all
of the development efforts they would have had to invest
to make a different tool cloud aware.
halo screen shot here
®
2
The RightScale team also wanted a solution that runs anywhere. Although their PCI servers are
currently only on AWS, they didn’t want to be locked into a cloud platform and wanted the ability to
use multiple clouds in the future. CloudPassage Halo works with any virtual or cloud platform or cloud
service provider, letting them keep their infrastructure strategy flexible.
Ultimately, Halo gave Cox and team the visibility and real-time enforcement they needed for PCI DSS
compliance in a solution designed for cloud environments. “The thing that made my life easier, the
reason I went with Halo, was that it gave me auditing. It gave me visibility into a machine that was
sitting in someone else’s data center. This was the life saver,” Cox said.
Business Benefits At A Glance
CloudPassage Values
How Value Was Measured
Business Impact
• Saves deployment cost and resources
with cloud-aware capabilities
• Staff time for implementation compared
to developing other solutions
• Saved 6 months of development time that
would have been needed with other products
• Minimizes management with built-in
automation and scalability
• Time required for ongoing management
• Requires only 1/5 the ongoing management
time compared to using other solutions
• Number of vendor solutions needed to
provide the services required
• Consolidates multiple services onto
one platform
• Complements current security investments
• Ability to select the services that
complement current deployments
• Runs anywhere to protect all cloud,
virtual,and hardware servers
• Ability to support all virtual and
cloud platforms
• Supports vendor trusted advisor status
for PCI DSS compliance
• Ability to recommend Halo as part of a
PCI DSS compliance solution
• Enables sales by complementing vendor
PCI DSS compliance
• Ability to pitch Halo with the vendor
solution for PCI DSS compliance
• Reduced the number of vendors needed
from 4-5 to just one.
• Enabled implementation of selected
security without replacing other
security investments
• Supported current cloud platform, prevents
lock-in, and provides infrastructure flexibility
• Completed the PCI DSS reference
architecture with applicability to various
customer environments
• Sales representatives were able to position
Halo along with their solution
Saved Time and Resources
First, CloudPassage Halo saved RightScale considerable
deployment costs and resources. To be PCI DSS
compliant, the RightScale security team either had to
buy or build the security components they were missing.
None of the other tools available was architected to be
scalable in the cloud.
RightScale estimated that if they had developed a do-ityourself solution and moved over a security staff person
part time, it would have taken approximately six months
to complete the development, taking much longer to
meet compliance and pulling this staff member away
from tasks that support the core business.
CloudPassage Halo also saved ongoing management
investment. Because of Halo’s built-in automation and
®
scalability, RightScale was able to minimize the amount
of management time their security team needed in
securing these environments. Cox estimated that without
Halo, his team would have had to piece together various
non-cloud tools requiring at least a quarter full-time
employee to manage these other tools. In comparison,
it only takes a couple of hours a week for RightScale to
manage Halo—this is one fifth of the management time
of the legacy tool alternative.
“CloudPassage Halo helps me sleep better at night –
I don’t have to worry about this machine. Halo gives
me a comfort level that I wouldn’t have without it.”
-Phil Cox, Director of Security and Compliance at RightScale
3
Established RightScale as a
Trusted Advisor
Because RightScale offers a cloud management
platform, customers often look to RightScale
for cloud guidance. As RightScale considered
solutions, they knew they wanted to be able to
provide a reference architecture for PCI DSS
compliance to their customers. This consideration
weighed heavily on their desire for a solution that
could be deployed on any cloud platform. With
this flexibility, they knew their reference PCI DSS
compliance architecture could apply across the
various cloud platforms used by their customers.
Halo met this requirement for deployment flexibility. As a company, RightScale has based its future on
the ability to use multiple cloud platforms. Halo
supports RightScale’s dedication to this capability.
Users should not be locked into a single cloud
platform or provider.
Once RightScale deployed their PCI DSS
compliance solution, Cox published a summary
of his team’s approach on the RightScale blog,
PCI Compliance in the Public IaaS Cloud: How I
Did It. The blog provided guidance on selecting
an IaaS service provider, and on designing
applications. When addressing implementing PCI
DSS requirements on IaaS servers, RightScale
recommended CloudPassage Halo.
The suite of services offered through Halo gave
RightScale the comfort to include CloudPassage
in its reference architecture. RightScale knew that
their customers could select the services they need
for their environments, while still leveraging the
other tools they currently use.
Helped Enable Sales
With CloudPassage Halo, RightScale was able to
go to market quicker with a tool that enabled PCI
DSS compliance. Achieving PCI DSS compliance
removed a key barrier in their sales cycle. And
CloudPassage Halo helped RightScale sales
representatives talk to their customers about
PCI DSS challenges and how to include both
RightScale and CloudPassage for a
comprehensive approach to
PCI DSS compliance.
®
Overview of Halo Services
Image of Halo security modules goes here
Learn More
Get more information on how CloudPassage Halo
address PCI DSS compliance:
http://pages.cloudpassage.com/pci-kit.html
Read other case studies:
http://www.cloudpassage.com/resources
Try Halo for free for 30 days:
http://pages.cloudpassage.com/Halo-Video.html
About CloudPassage
CloudPassage is the leading cloud infrastructure
security provider and creator of Halo, the industry’s
only security and compliance platform purposebuilt for elastic cloud environments. Halo operates
seamlessly across public, private and hybrid clouds.
Industry-leading companies trust Halo to protect their
cloud and software-defined datacenter environments.
Headquartered in San Francisco, CA, CloudPassage
is backed by Benchmark Capital, Tenaya Capital and
other leading investors. CloudPassage® and Halo® are
registered trademarks of CloudPassage, Inc.
4
Document 246930

Document 246930

PCI DSS 3.0 Compliance

PCI DSS 3.0 Compliance

Electricity interconnection South Eastern Europe

Electricity interconnection South Eastern Europe

here - Princeton ACM / IEEE Computer Society

here - Princeton ACM / IEEE Computer Society

How to work more effectively in representing clients involved

How to work more effectively in representing clients involved

Director, Product Marketing

Director, Product Marketing

Datasheet: scConnect Security

Datasheet: scConnect Security

Developing a Novel Cloud Model for Exoplanets

Developing a Novel Cloud Model for Exoplanets

Please this as a Flyer TODAY!

Please this as a Flyer TODAY!

Job Aid - NC DHHS Online Publications

Job Aid - NC DHHS Online Publications

abcdocz.com

© Copyright 2024