Case Study: Citrix to VMWare Hypervisor Migration

Industry:

Collections, Financial, Call Center

Client Profile:

An international collections agency for the insurance industry and commercial debt needed to ensure they are in compliance with PCI DDS and ISO 2007 27001 regulations.

Based in Los Angeles with 125 users at their home office, 20 users across the US, and an additional 35 users in Eastern Europe, it was critical they were in compliance after unsuccessfully meeting the requirements from a recent self-audit.

Business challenge/client Pain Point

Critical need to be in compliance as required by their largest client, Nationwide Mutual Insurance Company. Nationwide gave the client 90 days to resolve and mitigate the issue. Nationwide also communicate they needed to be satisfied with the steps taken by the client to address the situation or they would withdraw their contracts with the client.

As Nationwide represented more than half of their business, needless to say failure was not an option.

The Solution:

While a challenging situation, there was also an opportunity to update their systems so they would consistently be in regulatory compliance.

CAM worked with Nationwide’s Information Risk Management team on our client’s behalf to assess the situation and formulate a plan to resolve each issue.

The areas that required immediate attention are as follows, along with their level of importance.

  1. Inventory of Authorized and Unauthorized Devices [High Issue]
  2. Inventory of Authorized and Unauthorized Software [High Issue]
  3. Secure Laptop, Workstation or Server [High Issue]
  4. Vulnerability Assessment [High Issue]
  5. Admin Privileges [High Issue]
  6. Account Monitoring & Control [Medium Issue]
  7. Business Continuity and Disaster Recovery [Medium Issue]
  8. Application Security [High Issue]
  9. Wireless Access Control [High Issue]
  10. Incident Response [High Issue]
  11. Security Awareness [High Issue]
  12. Data Protection [High Issue]
  13. Maintenance and Monitoring of Audit Logs [Medium Issue]
  14. EPIS – Externally Provided IT Services Standard [High Issue]

After the assessment, CAM’s Internal Compliance team set up a series of meetings with the client’s  compliance contact to develop their updated IT Policies and Procedures.

With the proper people and resources in place, CAM was able to take immediate action to resolve each identified issue. This included going through the Nationwide IRM Assessment Remediation section by section to ensure each item was properly addressed.

Resolutions came from a number of different actions;

  • Asset tracking and management
  • Network change auditing
  • RADIUS wireless networking
  • Threat management and content filtering via active directory segmentation
  • Install hardware onsite that continuously scans for anomalies on the network and helps us identify the physical location for immediate (within 15 minutes) removal and disposal
  • Implemented a Datto Hybrid Cloud Business Continuity solution for immediate server availability
  • Full disk encryption

Result:

We worked closely with Nationwide over three months to resolve all of the client’s issues.

To ensure the client was continually in compliance, CAMs internal compliance team developed a complete guide of IT Policies and Procedures ranging from employee hire and termination policies to response to pop-up use on their user’s laptops. CAMs swift action and expertise successfully help the client resolve each issue, but Nationwide has much greater confidence in the client after they passed their audit.

Solutions Deployed

  • IT Consulting
  • PCI / ISO 27001 Compliance Consulting

Services Utilized

  • Network Monitoring and Management
  • Compliance as a Service

Technology Partners

  • Netwrix
  • FoxitPro
  • Cirrity
  • Cisco
  • Datto
  • WebRoot
  • N-Able / Solarwinds
  • Continuum / RapidFire Tools
  • Iaas, DRaas, Daas, WaaS