Feb 08 2018 Preparing for Your Next Virtualization and Cloud Audits
Companies of all sizes are using virtual and cloud environments for computing. Both provide a high degree of flexibility to grow and shrink depending on demand loads, allowing companies to right-size their IT infrastructure.
On the other hand, virtualized and cloud environments can be exceedingly complex to understand at a fundamental level. But at the end of the day, all the senior executives want to know is whether it works.
If your company deals with credit cards or provides IT services to companies that do, you are subject to the Payment Card Industry Data Security Standard (PCI DSS), which includes audits of your IT environments. As with most standards, however, interpretation can be left up to the individual assessor, who brings his own experiences and judgements to the task.
As the result of a failed audit, a company could face a complex list of items that will be costly to remediate. However, it doesn’t have to be this way. Edge Solutions understands virtual and cloud environments at a granular level, as well as the ins and outs of PCI DSS audits. Let us help you prepare for your next audit and be by your side when it takes place.
What to Expect During an Audit
PCI audits are conducted by a qualified security assessor (QSA), a PCI designation for those who have been properly trained and meet certain educational requirements. A QSA will assess your company’s PCI documents as well as check the integrity of the environments where financial data are stored, including any virtualized and cloud environments. Following the audit, if failed you could be subject to large fines, as well as receive a list of re-mediations; if passed, maintaining compliance, due to complex security controls, may not be sustainable.
The Problem with Audits
Virtualized and cloud environments are complex and can be difficult to understand. Because each IT environment is different, determining compliance can be interpreted and implemented in a variety of ways. Often, auditors are not experienced in virtual and cloud environments, thus complicating the audit with unneeded requirements, which can result in additional expenditures and time.
How Edge Solutions Can Help
Passing an audit shouldn’t cause headaches to comply with someone’s misunderstanding of what PCI should be. Since Edge Solutions specializes in virtualization, we can conduct a pre-audit to identify any potential concerns that can be remedied before an audit. We can sit down with auditors during the assessment to explain the complex requirements of your environment and how each complies with PCI standards. And even after you’ve undergone an audit and been given a remediation list, we can examine the list and work with the auditor to reduce the scope or severity of the remediation, where practical.
PCI DSS audits are no small matter. With the continuing focus on data security, audit remediations are both expensive and complex. Let Edge Solutions help you successfully navigate the PCI DSS process.