Meeting PCI-DSS Compliance
More than 200 million personally-identifiable data records have been lost,
stolen, or otherwise compromised since the beginning of 2005, a significant
percentage of which were credit card records. FaceTime solutions can help
businesses to effectively comply with PCI-DSS regulations as they apply to the
control of real-time communications traffic and anti-malware protection.
What is PCI-DSS?
PCI-DSS - or Payment Card Industry - Digital Security Standards, to give it its
full name - is a collaborative effort between multiple credit card
organizations to achieve a common set of security standards for use by entities
that process, store, or transport payment card data.
Many of the requirements of PCI-DSS overlap with those for other data
protection and information privacy statutes, with two important differences:
- PCI-DSS applies to every organization that accepts credit cards, so it
encompasses business of all sizes, from small retail and online outlets to
global enterprises - with similarly widely differentiated information security
- Cardholder data is extremely portable and can be vulnerable at many different
points as it flows across multiple networks from the merchant to the credit
card issuer, not the least of which is real-time communications networks
By protecting the integrity of credit card data, PCI compliance should lead to
greater consumer confidence that their personal data will not be compromised by
using credit cards.
The threat landscape is constantly evolving; threats are becoming more complex,
sophisticated and innovative, and data and information are much more
accessible. It is incumbent upon all businesses handling credit card
information to view PCI compliance as an integral part of securing real-time
communications.
Risks of non-compliance
Any company whose network intersects with credit card data as it flows from
merchant to credit card issuer is vulnerable to the charge of endangering
customer information and the consequent penalties should that company be found
liable to a charge of insufficient care of that data:
-
Fines levied by the acquiring banks
-
The cost of replacing the cards and perhaps covering fraudulent charges
-
The cost of credit monitoring for compromised individuals
-
Demotion or loss of merchant status
-
Public relations fallout
-
Loss of shareholder and customer confidence
PCI-DSS vulnerability concerns in a Web 2.0 world
The Web 2.0 world is all about sharing, collaboration, and interactivity. The
technology underpinning Web 2.0 is powerful, dynamic, and designed for
collaboration and communication. It's also, for the most part, extremely easy
to use and customize, hence the rapidly-growing popularity of FaceBook widgets
and other mini-applications.
Web 2.0 gives users direct control over powerful technology in a medium that
does not have security as its first priority. The applications and
communications emanating from this new environment frequently intersect with
corporate and other private networks, creating the potential for significant
vulnerabilities in the security of those networks.
But without the right tools, IT is unable to monitor and manage these new
points of vulnerability at all, because they bypass traditional corporate
network protection measures.
How FaceTime can help
FaceTime recognizes that Web 2.0 in general and social networks in particular
can deliver real business benefits, and that organizations need a way to
control, monitor and secure its use that ensures compliance without impeding
those benefits.
Here's how FaceTime's Unified Security Gateway addresses certain key
requirements of PCI-DSS compliance:
| PCI-DSS Requirement |
FaceTime Solution |
FaceTime Benefit |
| 1.3.7: Denying all other inbound and outbound traffic not specifically allowed
|
Deploy USG at the gateway to filter web traffic, prevent unauthorized IM/P2P
use, and block malware at the gateway
|
-
Prevents unauthorized traffic not detected by firewalls or IPS from entering
the or leaving the network
|
| 1.4.1 Implement a DMZ to filter and screen all traffic and prohibit direct
routes for inbound and outbound Internet traffic
|
Deploy USG at the gateway to:
- locally route public IM traffic
- filter credit card data in IM traffic
- block malware over IM channels
|
-
Prevent credit card information leakage over IM
-
Achieve compliance for real-time communication channels
|
| 5.1.1: Ensure that anti-virus programs are capable of detecting, removing, and
protecting against other forms of malicious software, including spyware and
adware
|
Deploy USG with GEM for gateway detection and prevention
|
-
Complements desktop firewalls
-
Remediates infected endpoints without deploying an agent on the client
|
FaceTime USG gives IT control over Web 2.0, social networking, IM, P2P
applications, and enterprise unified communications platforms through a single
dedicated appliance that sits at the interface between the corporate network
and the Internet.
Key PCI compliance features of USG include:
-
Prevents unauthorized web, IM, and P2P traffic not blocked by firewalls
-
Provides gateway malware prevention and targeted remediation of infected
endpoints
-
Enforces policies, manages use, and prevents information leakage over permitted
real-time communications channels using industry-leading URL databases
-
Enables unified policy management and enforcement across all real-time Internet
traffic
-
Real-time content filtering across all communications channels prevents
inadvertent or malicious data leakage
-
Prevents inadvertent or malicious data leakage over all channels with real-time
content filtering
-
Protects against inbound and outbound threats (SpIM, spyware, rootkits, worms,
botnets).
-
Ensures non-repudiation of archived messages with tamper-proof logging and
archival of online conversations
With flexible deployment options, USG fits seamlessly into existing network
topologies to offer the highest level of security with zero latency and a low
total cost of ownership.
Learn more about Unified Security Gateway
|