www.blueally.com
Open in
urlscan Pro
2606:4700:20::681a:777
Public Scan
Submitted URL: http://go.blueally.com/e3t/Ctc/OM%20113/cgKSM04/VWQgpn6whNlLVt82Hg8-R8mwW7HlLKX5dzqRqN2F3N3j3l5QzW7Y8-PT6lZ3kGN7p9xqr16...
Effective URL: https://www.blueally.com/security-by-design-meeting-pci-compliance-for-and-online-retailer/?utm_medium=email&_hsenc=p2ANq...
Submission: On May 03 via manual from CA — Scanned from CA
Effective URL: https://www.blueally.com/security-by-design-meeting-pci-compliance-for-and-online-retailer/?utm_medium=email&_hsenc=p2ANq...
Submission: On May 03 via manual from CA — Scanned from CA
Form analysis 2 forms found in the DOM
GET https://www.blueally.com/
<form class="h-search-form-wrap" action="https://www.blueally.com/" method="get">
<div class="h-search-field"> <input type="search" name="s" placeholder="Search"> <button class="icon-search" aria-label="Search Button" type="submit"></button></div>
</form>GET https://www.blueally.com/
<form class="h-search-form-wrap" action="https://www.blueally.com/" method="get">
<div class="h-search-field"> <input type="search" name="s" placeholder="Search"> <button class="icon-search" aria-label="Search Button" type="submit"></button></div> <i class="icon-cross search-close"></i>
</form>Text Content
This site uses cookies to improve your user experience. By continuing to use
this site you agree to the use of cookies. View our Privacy Policy to learn
more.
Accept
* About
Main Menu
About
* Leadership
* Awards & Recognition
* Strategic Partnerships
* Solutions
Main Menu
Solutions
* App Dev & Modernization
Uplift enterprise IT with cloud-native modernization services that
transform critical applications and empower peak performance.
FEATURED
Application Development & Modernization
APPLICATION DEVELOPMENT TO PROVIDE 360° VIEW OF CUSTOMER DATA
Read More
* Cloud
Cut through the complexity of cloud technology and unlock its full
potential with multi and hybrid cloud solutions and services.
FEATURED
EMBARKING ON THE AZURE ADOPTION JOURNEY
Read More
* Collaboration
Unlock collaboration that uplifts your organizations with cloud-based
tools from Microsoft and Cisco to bring teams together.
FEATURED
Collaboration
COLLABORATION TO UNIFY GOVERNMENT COMMUNICATIONS
Read More
* Compliance
Conquer security compliance complexities with targeted advising and
assessment tailored to your company’s unique circumstances.
FEATURED
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
* Data Center
Form the foundation of more secure, more successful operations with IT
data center solutions and strategies.
FEATURED
Data Center
INFRASTRUCTURE MODERNIZATION TO STREAMLINE GLOBAL OPERATIONS
Read More
* DevOps & Automation
Leverage DevOps and cloud-native principles to achieve business goals,
enhance software delivery, and future-proof infrastructure.
FEATURED
Automation
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
* Networking
Design a reliable networking solution around the requirements of your
organization.
FEATURED
BLUEALLY EMPOWERS KAMO POWER’S NETWORK UPGRADE WITH INFINERA’S XTM SERIES
Read More
* Security
Implement secure, scalable, and repeatable security measures shaped to
serve your specific business needs.
FEATURED
VENDOR & INFRASTRUCTURE DIVERSITY REDUCES RISK AND IMPROVES SECURITY
Read More
* Telecom & Broadband
Stay ahead of network needs and the competition with tailored optical
transport and network infrastructure solutions.
FEATURED
BLUEALLY DELIVERS HIGH-CAPACITY BROADBAND TO RURAL AREAS THROUGH
PARTNERSHIP WITH CENTRAL ELECTRIC POWER COOPERATIVE AND INFINERA
Read More
* Services
Main Menu
Services
* Consulting/Pro Services
* Managed Services
* Success Stories
Main Menu
Success Stories
* Application Development & Modernization
FEATURED
Application Development & Modernization
APPLICATION DEVELOPMENT TO PROVIDE 360° VIEW OF CUSTOMER DATA
Read More
FEATURED
Application Development & Modernization
APPLICATION DEVELOPMENT TO UNLOCK NEW FINANCIAL MARKETS
Read More
FEATURED
Application Development & Modernization
ON-GOING SUPPORT MAINTAINS APPLICATION GROWTH
Read More
* Automation
FEATURED
Automation
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
FEATURED
Case Study
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
* Cloud
FEATURED
Cloud
CLOUD MIGRATION TO ACCELERATE LIFESAVING RESEARCH
Read More
FEATURED
Cloud
CLOUD MIGRATION TO SECURE GOVERNMENT INFRASTRUCTURE
Read More
FEATURED
Cloud
MOREHOUSE COLLEGE MIGRATES TO OFFICE 365
Read More
* Collaboration
FEATURED
Collaboration
COLLABORATION FOR HIGHER EDUCATION
Read More
FEATURED
Collaboration
COLLABORATION TO UNIFY GOVERNMENT COMMUNICATIONS
Read More
FEATURED
Collaboration, Data Center
THE NATIONAL ACADEMIES OF SCIENCES, ENGINEERING, AND MEDICINE
Read More
* Compliance
FEATURED
Compliance, Security
TRANSFORMING RISK MANAGEMENT AND COMPLIANCE WITH ONETRUST
Read More
FEATURED
Compliance
EMPOWERING A LEADING CLOUD SECURITY PROVIDER WITH BLUEALLY’S EXPERTISE IN
SOC 2 COMPLIANCE
Read More
FEATURED
Case Study
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
* DevOps
FEATURED
DevOps
EQUIFAX – INTERNET BANKING SOLUTION
Read More
FEATURED
DevOps, Digital Commerce
TREASURY MANAGEMENT SYSTEM – INTRANET WORKFLOW APPLICATION
Read More
FEATURED
Cloud, DevOps
EMAIL MIGRATION SERVICES – GEORGIA PERIMETER COLLEGE
Read More
* Digital Commerce
FEATURED
Digital Commerce
MORGAN – SALES INTERNET
Read More
FEATURED
DevOps, Digital Commerce
TREASURY MANAGEMENT SYSTEM – INTRANET WORKFLOW APPLICATION
Read More
* Data Center
FEATURED
Data Center
INFRASTRUCTURE MODERNIZATION TO STREAMLINE GLOBAL OPERATIONS
Read More
FEATURED
Application Development & Modernization, Data Center
HELPING STUDENT SUCCESS – REPORTING DASHBOARDS
Read More
FEATURED
Data Center
HEALTH CARE SERVICES – CUSTOM .NET DEVELOPMENT
Read More
* Security
FEATURED
Automation, Compliance, Security
SECURITY BY DESIGN — MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
FEATURED
Compliance, Security
TRANSFORMING RISK MANAGEMENT AND COMPLIANCE WITH ONETRUST
Read More
* Insights & Resources
Main Menu
Insights & Resources
* Blog
FEATURED
Blog
EMBRACING CHANGE AND BUILDING MOMENTUM: THE NEW ERA OF BLUEALLY
Read More
FEATURED
Blog
COMPLIANCE: A BRIEF HISTORY, CHALLENGES TODAY, AND HOW TO BEST ADDRESS
THEM
Read More
FEATURED
Blog
ARCHITECTING AN INFORMATION SECURITY PROGRAM FOR THE ENTERPRISE – PART 1
Read More
* Newsroom
FEATURED
Press Release
BLUEALLY RECOGNIZED ON THE PRESTIGIOUS 2024 CRN TECH ELITE 250 LIST
Read More
FEATURED
Press Release
BLUEALLY ANNOUNCES BRAND REVITALIZATION, HIGHLIGHTING RECENT STRATEGIC
GROWTH AND REAFFIRMING ITS COMMITMENT TO CLIENTS AND PARTNERS
Read More
FEATURED
Press Release
BLUEALLY ACQUIRES CORPORATE ARMOR, STRENGTHENING ONLINE PRESENCE &
EXPANDING VENDOR ALLIANCES
Read More
* Markets
FEATURED
Automation
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
FEATURED
DevOps
EQUIFAX – INTERNET BANKING SOLUTION
Read More
FEATURED
Application Development & Modernization
DIGITAL EXPERIENCE (DX) MONITORING — SOLVING FOR INTERMITTENT PERFORMANCE
Read More
* Case Studies
FEATURED
Case Study
VENDOR & INFRASTRUCTURE DIVERSITY REDUCES RISK AND IMPROVES SECURITY
Read More
FEATURED
Case Study
DIGITAL EXPERIENCE (DX) MONITORING – SOLVING FOR INTERMITTENT PERFORMANCE
Read More
FEATURED
Case Study
POOR WORK-FROM-HOME APPLICATION PERFORMANCE DRIVES DIGITAL EXPERIENCE (DX)
MONITORING
Read More
* Careers
eCommerce(800) 886-5369
Contact
eCommerce(800) 886-5369
* About
* Leadership
* Awards & Recognition
* Strategic Partnerships
* Solutions
* App Dev & Modernization
* Cloud
* Collaboration
* Compliance
* Data Center
* DevOps & Automation
* Networking
* Security
* Telecom & Broadband
App Dev & Modernization
Uplift enterprise IT with cloud-native modernization services that transform
critical applications and empower peak performance.
FEATURED
Application Development & Modernization
APPLICATION DEVELOPMENT TO PROVIDE 360° VIEW OF CUSTOMER DATA
Read More
Cloud
Cut through the complexity of cloud technology and unlock its full potential
with multi and hybrid cloud solutions and services.
FEATURED
EMBARKING ON THE AZURE ADOPTION JOURNEY
Read More
Collaboration
Unlock collaboration that uplifts your organizations with cloud-based tools
from Microsoft and Cisco to bring teams together.
FEATURED
Collaboration
COLLABORATION TO UNIFY GOVERNMENT COMMUNICATIONS
Read More
Compliance
Conquer security compliance complexities with targeted advising and
assessment tailored to your company’s unique circumstances.
FEATURED
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
Data Center
Form the foundation of more secure, more successful operations with IT data
center solutions and strategies.
FEATURED
Data Center
INFRASTRUCTURE MODERNIZATION TO STREAMLINE GLOBAL OPERATIONS
Read More
DevOps & Automation
Leverage DevOps and cloud-native principles to achieve business goals,
enhance software delivery, and future-proof infrastructure.
FEATURED
Automation
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
Networking
Design a reliable networking solution around the requirements of your
organization.
FEATURED
BLUEALLY EMPOWERS KAMO POWER’S NETWORK UPGRADE WITH INFINERA’S XTM SERIES
Read More
Security
Implement secure, scalable, and repeatable security measures shaped to serve
your specific business needs.
FEATURED
VENDOR & INFRASTRUCTURE DIVERSITY REDUCES RISK AND IMPROVES SECURITY
Read More
Telecom & Broadband
Stay ahead of network needs and the competition with tailored optical
transport and network infrastructure solutions.
FEATURED
BLUEALLY DELIVERS HIGH-CAPACITY BROADBAND TO RURAL AREAS THROUGH PARTNERSHIP
WITH CENTRAL ELECTRIC POWER COOPERATIVE AND INFINERA
Read More
* Services
* Consulting/Pro Services
* Managed Services
* Success Stories
* Application Development & Modernization
* Automation
* Cloud
* Collaboration
* Compliance
* DevOps
* Digital Commerce
* Data Center
* Security
FEATURED
APPLICATION DEVELOPMENT TO PROVIDE 360° VIEW OF CUSTOMER DATA
Read More
FEATURED
APPLICATION DEVELOPMENT TO UNLOCK NEW FINANCIAL MARKETS
Read More
FEATURED
ON-GOING SUPPORT MAINTAINS APPLICATION GROWTH
Read More
FEATURED
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
FEATURED
Case Study
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
FEATURED
CLOUD MIGRATION TO ACCELERATE LIFESAVING RESEARCH
Read More
FEATURED
CLOUD MIGRATION TO SECURE GOVERNMENT INFRASTRUCTURE
Read More
FEATURED
MOREHOUSE COLLEGE MIGRATES TO OFFICE 365
Read More
FEATURED
COLLABORATION FOR HIGHER EDUCATION
Read More
FEATURED
COLLABORATION TO UNIFY GOVERNMENT COMMUNICATIONS
Read More
FEATURED
THE NATIONAL ACADEMIES OF SCIENCES, ENGINEERING, AND MEDICINE
Read More
FEATURED
TRANSFORMING RISK MANAGEMENT AND COMPLIANCE WITH ONETRUST
Read More
FEATURED
EMPOWERING A LEADING CLOUD SECURITY PROVIDER WITH BLUEALLY’S EXPERTISE IN SOC
2 COMPLIANCE
Read More
FEATURED
Case Study
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
FEATURED
EQUIFAX – INTERNET BANKING SOLUTION
Read More
FEATURED
TREASURY MANAGEMENT SYSTEM – INTRANET WORKFLOW APPLICATION
Read More
FEATURED
EMAIL MIGRATION SERVICES – GEORGIA PERIMETER COLLEGE
Read More
FEATURED
MORGAN – SALES INTERNET
Read More
FEATURED
TREASURY MANAGEMENT SYSTEM – INTRANET WORKFLOW APPLICATION
Read More
FEATURED
INFRASTRUCTURE MODERNIZATION TO STREAMLINE GLOBAL OPERATIONS
Read More
FEATURED
HELPING STUDENT SUCCESS – REPORTING DASHBOARDS
Read More
FEATURED
HEALTH CARE SERVICES – CUSTOM .NET DEVELOPMENT
Read More
FEATURED
SECURITY BY DESIGN — MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Read More
FEATURED
TRANSFORMING RISK MANAGEMENT AND COMPLIANCE WITH ONETRUST
Read More
* Insights & Resources
* Blog
* Newsroom
* Markets
* Case Studies
FEATURED
Blog
EMBRACING CHANGE AND BUILDING MOMENTUM: THE NEW ERA OF BLUEALLY
Read More
FEATURED
Blog
COMPLIANCE: A BRIEF HISTORY, CHALLENGES TODAY, AND HOW TO BEST ADDRESS THEM
Read More
FEATURED
Blog
ARCHITECTING AN INFORMATION SECURITY PROGRAM FOR THE ENTERPRISE – PART 1
Read More
FEATURED
Press Release
BLUEALLY RECOGNIZED ON THE PRESTIGIOUS 2024 CRN TECH ELITE 250 LIST
Read More
FEATURED
Press Release
BLUEALLY ANNOUNCES BRAND REVITALIZATION, HIGHLIGHTING RECENT STRATEGIC GROWTH
AND REAFFIRMING ITS COMMITMENT TO CLIENTS AND PARTNERS
Read More
FEATURED
Press Release
BLUEALLY ACQUIRES CORPORATE ARMOR, STRENGTHENING ONLINE PRESENCE & EXPANDING
VENDOR ALLIANCES
Read More
FEATURED
AUTOMATION IMPROVES EFFICIENCY FOR HEALTHCARE IMPLEMENTATION
Read More
FEATURED
EQUIFAX – INTERNET BANKING SOLUTION
Read More
FEATURED
DIGITAL EXPERIENCE (DX) MONITORING — SOLVING FOR INTERMITTENT PERFORMANCE
Read More
FEATURED
Case Study
VENDOR & INFRASTRUCTURE DIVERSITY REDUCES RISK AND IMPROVES SECURITY
Read More
FEATURED
Case Study
DIGITAL EXPERIENCE (DX) MONITORING – SOLVING FOR INTERMITTENT PERFORMANCE
Read More
FEATURED
Case Study
POOR WORK-FROM-HOME APPLICATION PERFORMANCE DRIVES DIGITAL EXPERIENCE (DX)
MONITORING
Read More
* Careers
Contact
Case Study
SECURITY BY DESIGN – MEETING PCI COMPLIANCE FOR AN ONLINE RETAILER
Compliance, Security
Share
Shares
down
CHALLENGE
BlueAlly’s online retailer client had failed both an internal and external PCI
DSS Audit for PCI compliance and was paying fines. An additional external audit
failure would result in losing their ability to use credit cards with their
highly profitable online eCommerce portal. The project had the attention of the
CIO and other members of the C-Suite as their business was at significant risk
if they failed the next audit.
What exactly is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) identifies Card
Holder Data (CHD) and defines how to protect it. The standard defines three
categories of systems with regard to CHD:
* Category 1: any systems which handles or stores CHD (1a) or a system so
tightly linked with a 1a that it cannot be separated (1b)
* Category 2: systems that are used to manage or send/receive data from
Category 1 systems. This would include systems management, logging, NOC and
SOC access and the like.
* Category 3: systems with no access to CHD and which cannot access Category 1
systems
It also defines the communications between these categories:
Figure 1: PCI DSS Communications. Source https://www.pcisecuritystandards.org
STRATEGY
Summary: BlueAlly started with a review of the failed audits which led to an
assessment of the environment. The assessment uncovered that there were several
hundred systems involved and much of it was still in transition from bare metal
to VMware. The overall project involved network, security, server and
application teams who were operating with no clear and coordinated direction
from management.
There were multiple paths to take for a solution so BlueAlly presented an
abstract on the workload associated with each and proposed leading the effort on
an integrated solution.
Audit Failure Analysis
The audit failures looked random at first, but analysis actually showed a
pattern. Well known PCI Category 1 systems were often reachable by Category 3
systems or unreachable from other Category 1 systems after change windows
associated with data center security. Adding or changing any Category 1 and 2
systems required work to be done across up to a dozen firewall pairs which led
to a lot of security holes.
Scope of Required Firewall Rules
We quickly estimated that they were using over 500 PCI Category 1 (a & b)
application systems that communicated among themselves and with over 100 PCI
Category 2 systems. Compliance required the creation and testing of well over
100,000 IP address-based firewall rules using their existing firewall systems.
Further complicating the task, adding or changing any Category 1 and 2 systems
was difficult to automate since each subsystem was different (some had only
three firewall pairs while others used as many as 12).
Competing Problems
There were additional complications surrounding the overall eCommerce
environment.
* Applications – The Applications team was in the process of migrating from a
waterfall development paradigm to agile, but this work had been very slow.
The PCI DSS security issues were highly problematic for them and they did not
like having their process burdened by the requirements imposed on Category 1
systems.
* Systems – The Systems team dealt with servers and operating systems and
worked independently from the Applications and Network teams. They had
selected and were partially implemented with VMware and had purchased VMware
NSX but had not yet been trained on it when this project kicked off
* Network – The data centers were very large and been built over a period of 10
years and had three distinct generations of switching equipment. Applications
were placed on systems based on available rack space and power instead of
security and connectivity requirements, greatly complicating firewall
configurations.
* Security – There was no cohesive strategy; security rules were added and
deleted on request which left unqualified application owners requesting the
rules piecemeal.
A Path Forward
A consensus emerged to have a PCI team meeting with leads from each organization
and BlueAlly was able to facilitate cooperative work:
* Applications – After some simple discussion (and some pressure by their CIO)
the team realized the systems could be modularized and the number of Category
1 systems could be reduced dramatically without significant impact to their
schedules. The final count of Category 1 systems was reduced to under 100.
* Systems – BlueAlly engineers assisted with spinning up an NSX demonstration
and a decision was made to prioritize and migrate the eCommerce portal in its
entirety to VMware.
* Network – NSX required changes to the data center fabric, so steps were taken
to reconfigure the data centers to support the VXLAN protocol it needed.
* Security – BlueAlly developed a security strategy to align with the
compliance model.
SOLUTION
Summary: It was our belief that no single IT group could solve the issues. The
solution was to engage all of the teams in a coordinated, all-out effort to meet
the deadlines. This involved having the systems team accelerate the VMware
conversion and bringing their network and security operations teams up to speed
on the technology. In addition, BlueAlly worked with their compliance and
applications teams on the importance of clearly identifying PCI impacted
systems.
Security Segmentation
The PCI standard documents the protected data and defines the communications
permitted between categories (as shown in Figure 1 above).
So, to make this simple we created a new security strategy based on using a
network overlay with the seven PCI DSS categories as our guide. Now all of the
rules associated with PCI DSS compliance could be enforced with firewall rules
governing communications between the segments.
This permitted the solution to move from over 100,000 IP address-based firewall
rules – down to less than 1,000 rules with the bulk of the security handled by
just a few dozen rules within VMware NSX.
Furthermore, the attestation and audit processes were also greatly simplified:
Figure 2: PCI DSS Requirements and Security Assessment Procedures.
Source https://www.pcisecuritystandards.org
Micro Segmentation
There were no regulatory requirements regarding micro segmentation, but as a
bonus the NSX Security Group features used for security segmentation also
permitted the capability to limit lateral spread within segments.
Why do this? In modern eCommerce environments multiple VMs exist for a given
function and they can even spin up (and down) resources in response to load.
Lateral spread between networks is well understood, but not so much within a
functional subnetwork. Micro segmentation can prevent systems that run in
parallel from infecting each other.
RESULTS
The customer passed their PCI audit and created systems, procedures and
processes to maintain compliance.
The security segmentation strategy permitted easy attestation by the external
auditor that no PCI Category 1 systems could be reached by any Category 3
systems (and vice versa). Furthermore, the varying rules associated with PCI
Type 2 (a, b, c and x) were also greatly simplified.
While micro segmentation within each virtual network was not required by PCI DSS
the auditor noted that it also ensured protection from lateral spread.
RELATED TOPICS
WORLD PASSWORD DAY: WHAT IS IT?
Learn More
Energy, Finance, Government, Healthcare
SECURITY AND NETWORK TOPOLOGY
Learn More
Energy, Finance, Government, Healthcare
IPV6 DEPLOYMENT SERIES PART 6: SLAAC VS DHCPV6
Learn More
CONTACT BLUEALLY
Connect with BlueAlly today to learn more.
Contact Us
Back to Top
* About
* Leadership
* Awards & Recognition
* Strategic Partnerships
* Solutions
* App Dev & Modernization
* Cloud
* Collaboration
* Compliance
* Data Center
* DevOps & Automation
* Networking
* Security
* Telecom & Broadband
* Services
* Consulting/Pro Services
* Managed Services
* Insights & Resources
* The BlueAlly Blog
* Newsroom
* Markets
* Case Studies
* Success Stories
* Newsletter
* Download Press Kit
* Shop
* eCommerce
* Returns
* Shipping
* Quick Support
CareersContact Us
* linkedin
* twitter
* facebook
* youtube
* Terms of Service
* Legal & Privacy
© Copyright BlueAlly 2024. All rights reserved.
(800) 886-5369