Back to blog results

August 7, 2015 By Mark Bloom

The Digital Universe and PCI Compliance – A Customer Story

According to IDC, the digital universe is growing at 40% a year, and will continue to grow well into the next decade. It is estimated that by 2020, the digital universe will contain nearly as many digital bits as there are stars in the universe. To put this into perspective, the data we create and copy annually will reach 44 zettabytes, or 44 trillion gigabytes. In 2014 alone, the digital universe will equal 1.7 megabytes a minute for every person on earth. That is a lot of data!

As a new employee at Sumo Logic, I’ve had the opportunity to come in contact with a lot of people my first few weeks – employees, customers and partners. One interaction with a global, multi-billion dollar travel powerhouse really stood out for me, as they are a great example of an organization grappling with massive growth in an ever expanding digital universe.

The Business

The travel company provides a world-class product-bookings engine and delivers fully customized shopping experiences that build brand loyalty and drive incremental revenue. They company is also responsible for safeguarding the personal data and payment information of millions of customers. “Customer security and being compliant with PCI DSS is essential to our business” was echoed many times.

The Challenge

As a result of phenomenal growth in their business, the volume of ecommerce transactions and logs produced was skyrocketing, more than doubling from the previous year. The company was processing over 5 billion web requests per month, generating on average close to 50GB of daily log data across 250 production AWS EC2 instances. It became clear that an effective solution was required to enable the company to handle this volume of data more effectively. Current manual processes using Syslog and other monitoring tools were not manageable, searchable or scalable and it was very difficult to extract actionable intelligence. Additionally, this effort was extremely time intensive and would divert limited resources from focusing on more important areas of the business – driving innovation and competitive differentiation.

PCI Compliance: The ability to track and monitor all access to network resources and cardholder data (PCI DSS Requirement 10) was of particular importance. This is not surprising as logging mechanisms and the ability to track user activities are critical in minimizing the impact of a data compromise. The presence and access to of log data across the AWS infrastructure is critical to provide necessary tracking, alerting and analysis when something goes wrong.

The Solution

While multiple solutions were considered – including Splunk, Loggly and ELK stack, the company selected Sumo Logic for its strong time to value, feature set, and low management overhead. Additionally, the security attestations, including PCI DSS 3.0 Service Provider Level 1, as well as data encryption controls for data at rest and in motion, were levels above what other companies provided. Being able to not worry about the execution environment – handled by Sumo Logic – and focus on extracting value from the service was extremely valuable.

The Results

The most important immediate benefits for the client included being able to reduce the time, cost and complexity of their PCI audit. They were also able to leverage the platform for IT Ops and Development use cases, reducing mean time to investigate (MTTI) and mean time to resolve (MTTR) by over 75%.

As I was wrapping up our conversation, I asked if they had any “aha moments” in leveraging the Sumo Logic platform and dealing with this exponential growth in their digital universe. Their response was:

“I’ve been really impressed with how fast the team has been able to identify and resolve problems. Sumo Logic’s solution has helped us change the playing field in ways that were just not possible before.”

To learn more about Sumo Logic’s compliance & security solutions for AWS, please visit: http://www.sumologic.com/aws-trial

To try Sumo Logic for free, please visit: http://www.sumologic.com/pricing

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Mark Bloom

More posts by Mark Bloom.

People who read this also enjoyed

Blog

SnapSecChat: Sumo Logic's CSO Explains the Next-Gen SOC Imperative

Blog

The Insider’s Guide to Sumo Cert Jams

Blog

Careful Data Science with Scala