RealTime IT News

Merchants Cope With PCI Compliance - Page 3

Page 3 of 3

Centralized approach

When implementing PCI solutions, take a centralized approach rather than opt for point solutions, because each point solution will produce its own set of logs, Cheryl Traverse, Xceedium's president and CEO, told

Make sure you automate everything as far as possible because, the "the more you do that can't be automated, the less likely you are to be in compliance," Traverse said.

"You want best practices that are cost-effective to implement and maintain," she added.

IT departments at retailers should also secure their internal systems because "a joint FBI-CERT (Computer Emegency Response Team) study showed 86 percent of all insider attacks came from a current or former tech user," Traverse said.

After you've examined your systems, assessed them and bought the necessary technological solutions, make sure you have processes in place to deal with security gaps and breaches, Mark Kraynak, senior director of strategic marketing at Imperva, told

"Technology can only do so much; every time you talk about security, you need to have awareness of your systems and processes in place, and you need technology to help."

Finally, you have to create, communicate and enforce security policies.

PCI Solutions

"It's not enough to just come up with security policies and tell your staff about them," PGP's Dasher explained. "You must also make sure they comply."

When you do so, look at the most important applications first, such as your payment applications. "Start with something where you get the most bang for your buck," Thakar said.

Qualys provides IT security risk and compliance management solutions in SaaS mode.

Meanwhile, Xceedium's flagship GateKeeper hardened appliance offers centralized encryption of enterprise connectivity so applications can talk securely to each other.

It also compartmentalizes users into their authorized zones and contains them there. Finally, it monitors policy violations, issues alerts when policies are violated and remediates the violations.

Imperva offers a Web application firewall that it is integrating with vulnerability scanners from Hewlett-Packard (NYSE: HPQ), IBM (NYSE: IBM), Cenzic and other vendors.