Skip to content
Close
LOGIN
SEARCH
CONTACT
PHONE HOTLINE: +1 (800) 940-4699
Contact Us
Book a Demo
PHONE HOTLINE: +1 (800) 940-4699
Contact Us
Book a Demo
Secure Smarter — Solutions for Modern Threats

From AI-driven SecOps to cloud security automation, Foresite delivers fully managed and scalable security solutions tailored for enterprise, hybrid, and multi-cloud environments.

Talk to a Security Expert →
Enterprise Security

Explore All Solutions →

Google Cloud Security
Catalyst Security Platform — Built for Google Cloud. Delivered as a Service.
Security Services
Foresite Catalyst
Foresite Catalyst

MXDR for Google Cloud
Foresite Nexus, Powered by Security Command Center Enterprise
Foresite Nexus

Automated Compliance & GRC Enforcement

Foresite Bridge
Foresite Bridge

Fully Managed Google SecOps Platform
Foresite Command
Foresite Command

AI-Driven Threat Intelligence & Forensics

Foresite Citadel, Powered by Google SecOps
Foresite Citadel

MXDR & 24/7 SOC Response, Powered by AI

Foresite Adapt, Powered by Model Armor
Foresite Adapt

AI Workload Protection & Attack Defense

Why Foresite — Security Excellence, Your Way

From our Adaptive Security Model to our Google Cloud Premier SecOps Partnership, we combine deep expertise, purpose-built technology, and customer-first flexibility.

Why Foresite →
Securing Success

Explore News & Insights →

Your Industry
Google Cloud Security — delivered by Foresite,
Premier SecOps Partner

Combine Google’s native security power with Foresite’s expert-driven, AI-powered operations to secure your cloud and unlock business growth.

Why Google Cloud + Foresite →

Google Cloud Security
Explore the full Google Cloud Security Portfolio →
Foresite - Google Cloud SecOps Delivery Partner Badge
Get Started with Foresite
Resources
Case Studies
The real cost of a “low-cost” audit
ForesiteMay 14, 20151 min read

The real cost of a “low-cost” audit

The real cost of a “low-cost” audit
2:08

For those of you who have been in the industry for any length of time likely remember the days when compliance was nothing more than a check box to most.  If you were honest with yourself, there was often more you could do to be “compliant” but the box was checked and no one was really looking over your shoulder.  Although some may argue, even the most secure environments still fell prey to hackers, yet were considered compliant.  Let’s use the example of  PCI DSS 3.0 / 3.1.  Although not perfect,  PCI DSS 3.x has come a long way to helping merchants be more secure yet achieving compliance attestation.

The problem with PCI DSS 3.x is not with the goals and objectives, but the complexity of the overall requirements and the resources of time and budget required to be complaint.  Assuming your goal is to work with a Quality Security Assessor Company(QSAC) that strictly follows the PCI guidelines, the labor required to properly audit has more than doubled due to the increased 3.x requirements.

Considering that the Data Security Standard itself has almost doubled in controls to more than 400, the amount of mandatory evidence required, mandatory onsite review, penetration testing requirements have increased and validation of “out of scope systems”  have caused many vendors to consider moving away from PCI – or even worse, finding a QSA that will cut corners.  In the short term, finding a PCI Qualified Security Assessor (QSA) that provides a low cost audit sounds beneficial, but consider the repercussions of a cyber breach (costs to investigate, remediate, notify affected, pay for monitoring and possible fines/legal action, and loss of business due to reputational damage) realizing that it’s your obligation to provide evidence of your own compliance, vendor management process, incident response, etc.  If  in reality, you are not compliant, the low-cost QSA doesn’t take the fall – you do!  Add fines of up to $50,000 per month for merchants not being compliant, low cost audits may cost you far more than they save.
avatar
Foresite

RELATED ARTICLES