Quick, Simple PCI Reporting and Management for Public Cloud Computing Environments
For any organization that accepts, transmits or stores financial payment or cardholder data, adherence to the Payment Card Industry Data Security Standard (PCI) is a requirement. PCI is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It also requires businesses to protect, track, and control access to sensitive information. If you are a merchant who accepts or processes payment cards, you must comply with the PCI. PCI consists of following common-sense steps that mirror security best practices.
PCI DSS Requirements
|Build and Maintain a Secure Network||1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
|Protect Cardholder Data||3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
|Maintain a Vulnerability Management Program||5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
|Maintain an Information Security Policy||12. Maintain a policy that addresses information security for all personnel|
For those organizations subject to PCI and who operate in a public cloud computing environment, the shared responsibility model of cloud computing must also be a key component to a cloud security and compliance strategy. The model stipulates that cloud service providers are responsible for securing the underlying infrastructure that supports the cloud, while their customers are responsible for security in the cloud. Adherence to the shared responsibility model does not negate an organization’s responsibility to also embrace PCI.
For organizations that deal with financial payment or cardholder data and operate in a public cloud environment, adherence to both PCI and the shared security model is a must. Fortunately, RedLock is here to help organizations meet both requirements.
RedLock automatically discovers cloud resources as soon as they are created, and then immediately profiles them to understand which policies to assess for PCI compliance.
Compliance and security teams can easily view, monitor and report on the PCI compliance status of all public cloud environments, quickly noting resources that pass and fail the PCI requirements.
RedLock continuously monitors cloud computing resources for violations and automatically alerts the appropriate for remediation.
RedLock not only enables you to report on your current PCI compliance posture, but also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods.
RedLock’s custom compliance dashboard enables organizations to create their own control panel to view and manage PCI compliance, including a summary for all your public cloud computing environments. With RedLock, you can easily and quickly see the number of resources passing and failing compliances checks.
In an audit, organizations are asked to prove compliance for a given time period. This poses significant challenges in public cloud computing environments where users are constantly making changes without a security review. RedLock enables you to report on your current compliance posture, including PCI, and also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods as well. RedLock maps compliance to PCI 12 requirements, so you always know which areas you are compliant and those that need attention.
Get a demo to see how RedLock can help you and your organization with compliance assurance, including PCI, security governance, and SOC enablement.Get a Demo