RedLock is now a part of Palo Alto Networks - READ MORE

PCI Compliance

Quick, Simple PCI Reporting and Management for Public Cloud Computing Environments

Ensure Continual PCI DSS Compliance

For any organization that accepts, transmits or stores financial payment or cardholder data, adherence to the Payment Card Industry Data Security Standard (PCI) is a requirement. PCI is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It also requires businesses to protect, track, and control access to sensitive information. If you are a merchant who accepts or processes payment cards, you must comply with the PCI. PCI consists of following common-sense steps that mirror security best practices.

Goals

PCI DSS Requirements

Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel

For those organizations subject to PCI and who operate in a public cloud computing environment, the shared responsibility model of cloud computing must also be a key component to a cloud security and compliance strategy. The model stipulates that cloud service providers are responsible for securing the underlying infrastructure that supports the cloud, while their customers are responsible for security in the cloud. Adherence to the shared responsibility model does not negate an organization’s responsibility to also embrace PCI.

Cloud Security Shared Responsibility Model

For organizations that deal with financial payment or cardholder data and operate in a public cloud environment, adherence to both PCI and the shared security model is a must. Fortunately, RedLock is here to help organizations meet both requirements.

PCI Compliance Made Simple with the RedLock Cloud 360 Platform

Cloud Resource Discovery

RedLock automatically discovers cloud resources as soon as they are created, and then immediately profiles them to understand which policies to assess for PCI compliance.

Compliance Dashboard

Compliance and security teams can easily view, monitor and report on the PCI compliance status of all public cloud environments, quickly noting resources that pass and fail the PCI requirements.

Continuous Monitoring and Remediation

RedLock continuously monitors cloud computing resources for violations and automatically alerts the appropriate for remediation.

Audit Reporting

RedLock not only enables you to report on your current PCI compliance posture, but also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods.

PCI Reporting Features

Real-time PCI Compliance Dashboard

Real-time PCI Compliance Dashboard

RedLock’s custom compliance dashboard enables organizations to create their own control panel to view and manage PCI compliance, including a summary for all your public cloud computing environments. With RedLock, you can easily and quickly see the number of resources passing and failing compliances checks.

Powerful PCI Audit Reporting

In an audit, organizations are asked to prove compliance for a given time period. This poses significant challenges in public cloud computing environments where users are constantly making changes without a security review. RedLock enables you to report on your current compliance posture, including PCI, and also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods as well. RedLock maps compliance to PCI 12 requirements, so you always know which areas you are compliant and those that need attention.

See PCI Reporting on the RedLock Cloud 360 platform

Get a demo to see how RedLock can help you and your organization with compliance assurance, including PCI, security governance, and SOC enablement.

Get a Demo