Every other day, the Internet is flooded with reports of card holder information theft, financial data loss due to misconfigured ‘secure network environment’, identity theft and so on.
If you are in the financial services industry, how do you create a secure environment that is compliant with the Payment Card Industry Data Security Standard(PCI DSS)? To start with, the PCI compliance standard defines various merchant levels, validation types, and most importantly, PCI requirements (12 requirements) and hundreds of controls/sub-controls that ought to be followed to the letter.
Hackers are upping their ante. Getting into the specifics of PCI compliance to protect financial data can be daunting, yet unavoidable. Well, the good news is, with a proper NCCM software, you can ensure that:
Your network is secure and compliant
You efficiently pass audits and avoid ‘last minute’ pressure (not to mention that unique combination of surprise audits & Murphy’s Law!), and
You don’t contribute to the ‘cost of non-compliance’
Cost of non-compliance: Costs incurred in terms of heavy fines (millions of USD) for regulatory non-compliance, and/or, losing financial data amounting to millions/billions of dollars.
Ensuring 100% PCI compliance in your network can be challenging due to one or more of the following:
Many routers, switches and firewalls – manuallytracking configuration changes is a pain
Manually running cron jobs to backup configurations - time consuming/error-prone
Manually pushing configs via TFTP servers, to the network devices
Manually checking PCI requirements on a periodic basis, and apply changes as appropriate
Your existing software not supporting a multi-vendor environment
You don’t have visibility to what changed when, and by who
The current manual processes are outrageously laborious as you may have hundreds of network devices to manage, and too few network admins
Of course, all network admins try their best to ensure compliance and keep their networks secure, doing so in their own style. A few important things they may need, to better manage compliance would be:
Getting hold of readily available PCI reports
Having fine control over policies, reports and rules
Automating remediation scripts on a node or bunch of nodes
Change approval management
Backing-up/updating/restoring devices to compliant configurations when config changes go awry
The PCI DSS standard is here to stay, and it’s only going to get tougher and tougher to counter the rising fraud rates. So, how are you coping up in complying with PCI standards?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.