Customers

Case Studies

• Case Studies
• Testimonials

Case Study 4 - Cloud Computing

Helping a bank manage the risk of a new cloud computing application.

The bank was preparing to launch a vendor-provided transactional cloud computing application that would have tentacles into nearly every part of their internal network. They were interested in understanding how this new application would affect their overall security posture. Because of the speed of banking that customers expect, human transaction review wasn't an option. Neither was a proxy-based system. The bank had already spend considerable effort to comply with the Payment Card Industry Digital Security Standards (PCI DSS), and understood that PCI DSS is only the beginning and not a guarantee of security. Because of the nature and extent of the application, they had to get security right the first time. They also wanted to assess the non-repudiation and digital signature capabilities of the application to ensure transaction integrity.

The bank engaged TSC to perform Safety to Deploy, Fit for Purpose testing and Destructive testing to evaluate the entire application and infrastructure as well as all the touch points the cloud computing application has within their network. TSC is evaluating the application and its foundation, including host security, network infrastructure, database security, software maintenance processes and tools the bank is using to ensure security. TSC will also review potential implementation issues and make recommendations.

Customer and partner confidence is of primary importance to the bank. TSC will perform a comprehensive security review led by its TAs to identify potential vulnerabilities before they become issues that affect customers. In addition, because of the broad industry experience of the TAs, they are able to help balance the needs of security with the needs of the business. Their recommendations to the bank provide information to balance cost, usability, customer convenience and regulatory requirements for better business results from the deployed software.

The bank’s return on investment is the ability to make changes to improve security before launch, saving time, money and potentially expensive data breaches.

Above and beyond PCI DSS requirements, TSC provides advice and help on all aspects of network security to minimize business risk.