Case Studies

About: XYZ, a non-profit organization focused on enhancing maternal and infant health, faces the challenge of safeguarding payment pages to comply with PCI DSS regulations while handling sensitive donor data.

Challenge: PCI DSS compliance requires XYZ to actively monitor the integrity of payment pages to prevent malicious attacks and unauthorized changes. This necessitates a robust solution capable of detecting and responding to potential security threats promptly.

Solution: To address this challenge, Digital Edge (DE) implemented a proactive monitoring system utilizing AWS Lambda, DynamoDB, and SNS. This custom file integrity monitoring (FIM) solution conducts regular scans, compares file hashes against baseline values, and triggers alerts in case of discrepancies.

Business Benefit: DE's solution empowers XYZ to maintain compliance with PCI DSS regulations while enhancing the security posture of its donation processing environment. By actively monitoring payment pages and promptly addressing security threats, XYZ can minimize the risk of data breaches and maintain donor trust.

Value-Added Benefits:

1. Enhanced Security: Proactive monitoring helps XYZ detect and respond to unauthorized changes, reducing the likelihood of data breaches and financial losses.
2. Regulatory Compliance: The solution ensures adherence to PCI DSS requirements, demonstrating XYZ's commitment to industry standards and best practices in data security.
3. Operational Efficiency: Leveraging AWS serverless technologies streamlines security monitoring efforts, allowing XYZ to focus on its mission-critical activities without compromising on security standards.
4. Timely Incident Response: Integration with Amazon SNS enables swift notification of security issues, facilitating immediate investigation and remediation to minimize disruptions to donation processing operations.

Pure Finance Group, an indirect home improvement lender based in Laurel, Maryland. recent engaged New York based Digital Edge to help them comply with the Graham-Leach Bliley Act. GLBA requires companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information sharing practices to their customers and to safeguard sensitive data. 

For a company with general help desk oriented IT, it is a daunting challenge to assess how information be classified, and to establish risk analysis and technological procedural controls quickly. The management team at Pure Finance Group assessed that they would need both a strategy and an overall adoption of technology and processes required by the law. They also agreed that it would take approximately 3 months.  As a next step, they needed to identify a firm that had the expertise in cybersecurity, compliance and operations who could offer guidance and streamline the process for them.  

Pure Financial decided to engage Digital Edge first for an internal audit to understand better the challenges and then create an overarching adoption plan. Digital Edge’s legal team provided the law and control applicability analysis while the cybersecurity team created a plan of technology controls implementation. By leveraging the tools and resources that Digital Edge brought to the project, Pure Finance Group revealed a 60% saving in time and overall completion of project was cut in half.

“We engaged  Digital Edge (“DE”) in the assistance of this very important compliance project. The turnaround time on the project was very short. As soon as we engaged them, their Team of experts quickly responded, and the project was underway. They took the time to thoroughly explain what was needed, promptly completed the necessary tasks to complete the project and provide us with the information we needed to meet our deadline. Michael, Keith, and the rest of the Team were very professional, knowledgeable, and committed to helping us meet our deadline. Pure Finance Group would consider using Digital Edge for future projects.”  Says HJ Snead, Director of Compliance and Risk

The overall  implementation and preparation of the documentation including information, classification, risk analysis, policies and procedures as well as the internal audit took 8 weeks. Following completion of the project, the package was submitted to the state and approved within a few days after the submission. 

This success story underscores the value of a responsive, integrated approach to cybersecurity, compliance, and operations providing companies in the Financial Services sector with a vital “License to Operate amid the ever-changing regulatory landscape. 

teamDigital needed to implement an updated management system for governance of information security. They needed a partner to implement ISO 27001, the leading international standard for information security 

The client was using a web hosting solution that was problematic and did not offer good response times.  As an online company and digital platform the client needed a highly reliable web hosting solution that could be both flexible and scalable, they also needed a managed services partner who could provide software support 24/7 and dev-ops for troubleshooting. The platform was being used by their client base mostly on evenings and weekends so a pay as you go pricing model would offer the best solution.

Digital Edge pivoted to work with the client to organize and streamline their AWS accounts.  Digital Edge also implemented data governance with rules of engagement and cloud modernization strategies leveraging the AWS Account Factory program.  By leveraging the Account Factory program they could help their client increase speed to market and delivery for their users. By  leveraging “best practices” around an AWS SaaS solution they could also improve their client’s security posture and compliance.

Digital Edge delivers a digital transformation strategy for global fintech client to re-engineer their existing on-premise IT infrastructure and provide the client with Cloud modernization, acceleration and further transparency they were seeking for internal teams. 

Fund Count was seeking greater flexibility to their on-premise colocation solution and wanted an alternative deployment option for their customers that could reduce lengthy deployment times.  Digital Edge proposed a hybrid solution that would work alongside Fund Count’s on-premise, client private hosted cloud application,  proposing an AWS - Software-as-a Service (SaaS) option.  

Digital Edge just guided a NASDAQ listed technology firm to SOC 2 Type 1 compliance. This client told us in late November 2021 that it was crucial that they get their SOC 2 certification letter by the end of January 2022. This did not leave us with much time to get their house in order, but they had important customers requiring SOC 2 compliance in order to continue doing business with our client.

Digital Edge Case Study 1 for AWS Service Delivery Program – EC2 for Windows Competency.

Digital Edge uses its own GRC platform that sets up all provisions, components and processes to manage Governance, Risk and Controls of client’s Information Technology.