GlobalGiving is the largest global crowdfunding community that connects nonprofits, donors, and companies. The company processes millions of dollars annually in transactions on its platforms for customers and users, and has migrated their PCI-regulated workloads to AWS. Securing customer data and its digital infrastructure is paramount.

GlobalGiving needed a means to automate security compliance, while maintaining DevOps speed and flexibility.


Challenges

  • Quickly move data center infrastructure supporting corporate customer and partner applications to AWS
  • Continuously ensure PCI compliance throughout the cloud infrastructure lifecycle
  • Increase IT productivity without adding new staff

Fugue Solution

  • Scan and assess its AWS resources for PCI compliance and security best practices
  • Implement automated remediation to continually enforce PCI controls such as network segmentation, encryption of data at rest and in motion, and least privilege access control
  • Provide proof of compliance for numerous audits to meet stringent partner PCI requirements regarding financial data

Business Outcomes

Assess AWS resources for PCI compliance

GlobalGiving has completed moving nearly all of its data center infrastructure to the cloud. Fugue has enabled GlobalGiving to swiftly scan and assess its  AWS environments for PCI compliance and security best practices.

Automated remediation of PCI controls builds partner trust

Fugue’s automated remediation feature has enabled small teams to move quickly, with the assurance that their cloud environments will remain secure and compliant. The team has established a known-good baseline environment which is automatically enforced by Fugue without human intervention.

Easily demonstrate proof of compliance for audits

Fugue’s comprehensive scan reports have provided Global with a snapshot of their cloud infrastructure at any point in time. The detailed reports enable GlobalGiving to easily show proof of PCI compliance to auditors. The organization has successfully completed numerous audits to meet stringent partner PCI requirements regarding financial data. 


With Fugue, GlobalGiving was able to show the following ROI metrics:

• Mean time to remediation (MTTR): Fugue detects any configuration changes to resources defined in a "baseline" and alerts GlobalGiving's security team within an hour.

• Initial time to value: GlobalGiving was able to see compliance scan results within 30 minutes of adding an AWS account to Fugue's platform, demonstrating where specific cloud resources were compliant or not with PCI.

• Time saved on audit reporting: Prior to adopting Fugue, the GlobalGiving security team needed 2-3 weeks to complete audit reports on their AWS environments. Engineers needed to work via the AWS console and manually enter information into spreadsheets. With Fugue, reporting on PCI compliance takes minutes to complete with predefined dashboards.

DOWNLOAD CASE STUDY