Case Study

Top 5 global bank reduces total cost of PCI compliance by migrating to the cloud

Resources New Case Studies 814x460 Top 5 global bank PCI

Already heavily invested in multiple private clouds, this well-known global bank was historically averse to moving confidential data to the public cloud. Ongoing COVID-related economic pressures led the bank to accelerate a pilot program that established a landing zone in Amazon Web Services (AWS) for PCI applications, enabling them to benefit from the standard OpEx versus CapEx advantage.


Moving to the cloud was identified as a strategic cost reduction and modernization project necessitated by the macro-economic environment (i.e., COVID-19). The global bank’s leadership and engineering team agreed that reducing operating costs, remaining compliant, and protecting critical applications and confidential data were of prime importance. They also faced the challenge of migrating critical, confidential data and applications under a deadline.

While the bank already used multiple public cloud service providers for non-sensitive data, they elected to use AWS for the initial landing zone design. Under an accelerated schedule, Coalfire integrated its own team with the bank’s key engineering, security, and compliance teams.


Because the bank lacked the necessary internal resources and expertise, they turned to the leader in PCI and the cloud, trusting Coalfire to advise, remediate, and assess their PCI environments on AWS.

Coalfire advised the organization on their journey to the public cloud, including highlighting key considerations and decisions about the migration of PCI data flows and workloads, segmentation and scoping of PCI applications, and best practices when building layered environments that require PCI compliance.

The bank also used Coalfire to help marquee internal applications to prepare for the migration. As the Qualified Security Assessor (QSA) company that helped AWS develop its original shared responsibility model, Coalfire was well-positioned to offer key insights on impact and efficiency.

Bank leaders were swayed by Coalfire’s experience in the industry. Not only does Coalfire advise and assess the top six major cloud providers, but Coalfire also works in the same capacity with hundreds of clients that have migrated to the public cloud. Coalfire’s partnership with the major cloud providers means it can leverage key background and deep knowledge of how PCI compliance can be effectively applied to cloud environments.

“Working with Coalfire has enabled our firm to harness the velocity of technology changes presented to the industry in a thoughtful and risk-averse manner. Their consultancy talent helped our developers embrace compliance from the start, resulting in ecologies that have room to grow to address the opportunities we know are coming. Partnership with Coalfire accelerates our firm’s delivery of feature-rich products under budget that address true business needs... all to the benefit of our customers and shareholders alike.”


To ensure a safe and secure migration, the global bank engaged Coalfire to design and kick off the initial project that would migrate PCI data and applications to the public cloud (AWS), creating a PCI-compliant platform that allows their individual lines of business to use AWS for workloads with highly confidential data.

Coalfire approached the cloud migration using four phases:

  1. Scoping: coherence of design and elimination of unnecessary scope
  2. Fit-for-purpose analysis: review of key PCI topics that could derail cloud environments
  3. Remediation: consultation and advisory for necessary remediation
  4. Assessment: PCI assessment of newly deployed cloud environments


The client was able to modernize and future-proof their PCI environments by moving to the public cloud and baking security and compliance into the initial design – ultimately, enabling the rollout of future applications into an already secure and compliant environment.

The bank realized other substantial benefits:

  • Comprehensive and effective risk management
  • Lower total cost of compliance
  • Reduction in long-term operating costs
  • Greater agility to innovate, using leading-edge services available on the public cloud
  • Faster time to market

Related Resources