The PCI DSS Cares about Disaster Recovery & Backups

The PCI DSS Cares about Disaster Recovery & Backups

In a separate post, we discussed Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS). Building off those thoughts, this post will discuss an often-overlooked consideration when navigating the PCI DSS – disaster recovery (DR) and backups. West Monroe Partners has extensive experience conducting security due diligences for M&A transactions and helping...

Read More
Backing Up To the Cloud From the Cloud

Backing Up To the Cloud From the Cloud

In our last post, “Managing Administrative Access to an Azure-based Cardholder Data Environment,” we outlined ways to secure administrative workflows by using various Azure technologies. We’ll resume with part eight of the Azure Secure Cloud Migration blog series, covering considerations for backing up VMs in Azure and all the associated restrictions and caveats.…

Read More
Reduce PCI DSS Costs by Reducing Scope

Reduce PCI DSS Costs by Reducing Scope

In a recent post, we discussed some scenarios involving Service Providers and their integration into Payment Card Industry Data Security Standard (PCI DSS) compliance. Click here for more of our recent series of blog posts on PCI DSS-related topics for more information. Defining the cardholder data environment (CDE) is a key step toward PCI DSS compliance and has become somewhat of a pain...

Read More
Addressing The Magic Bullet – Part 2

Addressing The Magic Bullet – Part 2

Now that you’ve been introduced to service providers (see “Addressing the Magic Bullet – Part 1” from our “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” blog series) and what you should look when involving them in PCI DSS compliance, let’s make things a little more complicated.…

Read More
Addressing the Magic Bullet – Part 1

Addressing the Magic Bullet – Part 1

As a part of your business operations, do you accept credit card payments? Have you looked at the PCI DSS and thought ‘that’s a lot of stuff to do’? Have you outsourced PCI DSS responsibility to a third party payment processor in order to be PCI DSS compliant? Do you own the Merchant ID that payments are processed under?…

Read More
Controlling Inbound and Outbound Traffic Flow in an Azure-based Cardholder Data Environment

Controlling Inbound and Outbound Traffic Flow in an Azure-based Cardholder Data Environment

In our previous post, we examined the trade-offs when implementing a Public Key Infrastructure (PKI) in Azure using Active Directory Certificate Services. For an overview of the blog series and a list of the topics being covered, see the introductory post, “Preparing to Migrate to a Secure Cloud”. This week, we will continue the Azure Secure Cloud Migration blog series by...

Read More
Transparent Data Encryption with the Azure Key Vault

Transparent Data Encryption with the Azure Key Vault

In last week’s post, we covered a BitLocker implementation for Azure virtual machines. But as mentioned in that post, because BitLocker doesn’t fully satisfy the Payment Card Industry Data Security Standard (PCI DSS) requirement (specifically, 3.4 and 3.5.2) for data encryption at rest, we also implemented SQL Transparent Data Encryption (TDE) for all databases.…

Read More
Encrypt All The Things – PCI DSS and Cryptography

Encrypt All The Things – PCI DSS and Cryptography

In a recent post, we discussed what the Payment Card Industry Data Security Standard (PCI DSS) is and some common issues we see in how organizations interpret or implement specific required controls. See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” for more information. In this post, we’ll discuss issues we often see around encryption.…

Read More
There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

In a recent post, we discussed the challenges associated with attesting to the Payment Card Industry’s Data Security Standard (PCI DSS) compliance, including frequent oversights we encounter while conducting security due diligences and gap analyses for our clients. See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on...

Read More
Encrypting Data at Rest in Azure

Encrypting Data at Rest in Azure

Last week, we covered the segmentation of the client environment using Azure’s Network Security Groups. For an overview of the Azure Secure Cloud Migration blog series and a list of the topics being covered, see the introductory post, Preparing to Migrate to a Secure Cloud. This week, in part 4 of the Azure Secure Cloud Migration blog series, we’ll cover the implementation of hard disk...

Read More
Isolating the Cardholder Data Environment with Network Segmentation

Isolating the Cardholder Data Environment with Network Segmentation

In a recent post, we discussed many of the challenges with attesting to PCI DSS compliance, including a description of some of the factors that are often overlooked when defining the cardholder data environment (CDE). See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on PCI DSS-related topics for more information. …

Read More
Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons