So Many Databases To Monitor, So Little Time (Part 2 of 2)

So Many Databases To Monitor, So Little Time (Part 2 of 2)

Picking up from last time, we’ve successfully prepared our instances in the proper way by utilizing Transact-SQL. Meaning, we were able to correctly map the service account that Tripwire uses to all the databases in a given instance. Additionally, we were able to grant the proper permissions to the account so that Tripwire will function correctly.…

Read More
Transparent Data Encryption with the Azure Key Vault

Transparent Data Encryption with the Azure Key Vault

In last week’s post, we covered a BitLocker implementation for Azure virtual machines. But as mentioned in that post, because BitLocker doesn’t fully satisfy the Payment Card Industry Data Security Standard (PCI DSS) requirement (specifically, 3.4 and 3.5.2) for data encryption at rest, we also implemented SQL Transparent Data Encryption (TDE) for all databases.…

Read More
Encrypt All The Things – PCI DSS and Cryptography

Encrypt All The Things – PCI DSS and Cryptography

In a recent post, we discussed what the Payment Card Industry Data Security Standard (PCI DSS) is and some common issues we see in how organizations interpret or implement specific required controls. See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” for more information. In this post, we’ll discuss issues we often see around encryption.…

Read More
There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

In a recent post, we discussed the challenges associated with attesting to the Payment Card Industry’s Data Security Standard (PCI DSS) compliance, including frequent oversights we encounter while conducting security due diligences and gap analyses for our clients. See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on...

Read More
Encrypting Data at Rest in Azure

Encrypting Data at Rest in Azure

Last week, we covered the segmentation of the client environment using Azure’s Network Security Groups. For an overview of the Azure Secure Cloud Migration blog series and a list of the topics being covered, see the introductory post, Preparing to Migrate to a Secure Cloud. This week, in part 4 of the Azure Secure Cloud Migration blog series, we’ll cover the implementation of hard disk...

Read More
Isolating the Cardholder Data Environment with Network Segmentation

Isolating the Cardholder Data Environment with Network Segmentation

In a recent post, we discussed many of the challenges with attesting to PCI DSS compliance, including a description of some of the factors that are often overlooked when defining the cardholder data environment (CDE). See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on PCI DSS-related topics for more information. …

Read More
Securing Cloud Networks

Securing Cloud Networks

Continuing our blog series on Azure Secure Cloud Migration, we will discuss Azure’s take on network control and how scalability and manageability play a role in designing a secure and functional environment. See our previous post on Talking to the Cloud for insights on architecting an Azure network. Network Access Control Network Security Groups (NSGs) are a native Azure feature to apply...

Read More
How to Talk to the Cloud

How to Talk to the Cloud

Picking up from last week’s post on Preparing to Migrating to a Secure Cloud, the first part of our Azure Secure Cloud Migration blog series, we’ll jump right in to how and why the client’s Azure network was architected. Connectivity and traffic flow between Azure, on-premises locations, and even business partners are things to consider immediately, as they impact the overall structure of the...

Read More
Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)

Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)

In a recent post, we discussed what PCI DSS is, why it matters, and the release of the latest version, including a summary of the changes and the impact of each. See “What PCI DSS version 3.2 means for you” for more information. In 2016, West Monroe Partners has conducted over 140 IT diligences on behalf of private equity firms and strategic buyers across a number of industries as...

Read More
Preparing to Migrate to a Secure Cloud

Preparing to Migrate to a Secure Cloud

West Monroe Partners recently completed a nine-month effort to help a client migrate a large custom SaaS platform with regulatory requirements (PCI DSS v3.1, SSAE16). The engagement involved migrating on-premises systems to Microsoft Azure’s IaaS platform, and in the coming weeks, we’ll be detailing our methodology for designing and securing that environment in a series of blog...

Read More
What PCI DSS Version 3.2 Means for You

What PCI DSS Version 3.2 Means for You

The Payment Card Industry Security Standards Council (PCI SSC) recently released version 3.2 of their Data Security Standard (PCI DSS v3.2).  The PCI DSS is a global standard designed to protect payment card data.  It applies to any organization that accepts or processes payment cards, and lays out a comprehensive compliance program designed to define how organizations should implement...

Read More
Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons