Case Study: Penetration Testing Security Validated
Challenge
Sure, Iron Mountain Data Centers needed an external pen test to meet annual compliance obligations. But more importantly, Zoe Mora, Information Security Manager, wanted to validate his security. Aware that the landscape is always changing, he wanted to ensure his systems remained hardened against current threats and the latest techniques. With fifteen data centers spread across six countries and multiple time zones, he needed a team with not just the skills, but the professionalism to tackle such an undertaking.
Furthermore, he needed a partner willing to communicate their findings in a way that satisfied both technical and other stakeholders.
Solution
Over 6 weeks, GMI’s top-notch threat and vulnerability assessment team executed the global penetration test. Keeping Zoe and his team in the loop, they thoroughly tested the systems, elevating concerns as appropriate, pivoting as made sense, and carefully tracking actions. As desired, the final reporting was customized for two audiences. A technical readout made findings clear and remediation suggestions easy-to-follow for the internal team. The second, redacted report and readout was tailored to present customers, vendors, and other important audiences the information most pertinent to them.
APPROACH
Our testing methodology satisfies the requirements of multiple compliance standards and best-practice frameworks including PCI, HIPAA, NIST CSF, and ISO 27001. GMI consultants leverage both the OWASP and NIST Penetration Testing Guidelines.
OUTCOME
Iron Mountain Data Centers had its security validated by an exceptional team of third-party experts. Zoe was happy to have no major surprises, as well as to learn about a few unknown risks. These were mitigated within 24 hours, in part because his technical team was supplied with total understanding of testing actions and easy-to-follow guidance. Clients and vendors were reassured in the security of their partner, supplied with proven evidence to support that belief.
