Top 5 global bank reduces total cost of PCI compliance by migrating to the cloud

CHALLENGE

Moving to the cloud was identified as a strategic cost reduction and modernization project necessitated by the macro-economic environment (i.e., COVID-19). The global bank’s leadership and engineering team agreed that reducing operating costs, remaining compliant, and protecting critical applications and confidential data were of prime importance. They also faced the challenge of migrating critical, confidential data and applications under a deadline.

While the bank already used multiple public cloud service providers for non-sensitive data, they elected to use AWS for the initial landing zone design. Under an accelerated schedule, Coalfire integrated its own team with the bank’s key engineering, security, and compliance teams.

APPROACH

Because the bank lacked the necessary internal resources and expertise, they turned to the leader in PCI and the cloud, trusting Coalfire to advise, remediate, and assess their PCI environments on AWS.

Coalfire advised the organization on their journey to the public cloud, including highlighting key considerations and decisions about the migration of PCI data flows and workloads, segmentation and scoping of PCI applications, and best practices when building layered environments that require PCI compliance.

The bank also used Coalfire to help marquee internal applications to prepare for the migration. As the Qualified Security Assessor (QSA) company that helped AWS develop its original shared responsibility model, Coalfire was well-positioned to offer key insights on impact and efficiency.

Bank leaders were swayed by Coalfire’s experience in the industry. Not only does Coalfire advise and assess the top six major cloud providers, but Coalfire also works in the same capacity with hundreds of clients that have migrated to the public cloud. Coalfire’s partnership with the major cloud providers means it can leverage key background and deep knowledge of how PCI compliance can be effectively applied to cloud environments.

To ensure a safe and secure migration, the global bank engaged Coalfire to design and kick off the initial project that would migrate PCI data and applications to the public cloud (AWS), creating a PCI-compliant platform that allows their individual lines of business to use AWS for workloads with highly confidential data.

Coalfire approached the cloud migration using four phases:

1. Scoping: coherence of design and elimination of unnecessary scope
2. Fit-for-purpose analysis: review of key PCI topics that could derail cloud environments
3. Remediation: consultation and advisory for necessary remediation
4. Assessment: PCI assessment of newly deployed cloud environments

RESULTS

The client was able to modernize and future-proof their PCI environments by moving to the public cloud and baking security and compliance into the initial design – ultimately, enabling the rollout of future applications into an already secure and compliant environment.

The bank realized other substantial benefits:

• Comprehensive and effective risk management
• Lower total cost of compliance
• Reduction in long-term operating costs
• Greater agility to innovate, using leading-edge services available on the public cloud
• Faster time to market