compliance Archives - AWS Managed Services by Anchor

Why your compliance scan keeps failing

By | General, Technical | No Comments

At Anchor, a large number of our customers seek various certifications for their hosted properties. These commonly include PCI, IRAP and many others. The business drivers for undertaking a certification programme vary between customers, but often involve the need to meet some form or regulatory or industry compliance requirement. Whilst it may not be the initial driver, the fundamental goal of many of these activities is to reduce business risk by¬†improving¬†security posture. We’ve become accustomed to dealing with auditors to assist our customers in undertaking certification initiatives. Unfortunately, just as in any industry, the quality of service, analysis and rigour that these entities employ can vary wildly. Automated scans Auditors commonly use automated tooling as an initial mechanism when assessing the compliance of a hosted infrastructure against the certification that…

Read More

SaaS (Security-scanning as a Service)

By | Technical | No Comments

We’ve had some enquiries from customers recently regarding security compliance scans, the most popular of which is the PCI DSS. For those not in the know, this stands for the Payment Card Industry Data Security Standard. It is of course a fascinating topic, covering best-practice standards for processing and storage of customer information. The enquiries we get relate to a security scan carried out by an Approved Scanning Vendor (ASV). The usual report format is a list of potential “vulnerabilities” detected, with a severity rating of 1 to 5 assigned to each. Anchor’s shared hosting servers never have any problems with this, so the report reads like a missal of mundanity. TCP port 21 is open, an FTP service appears to be running! Crazy, I know… The thing is, this…

Read More