PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS SOLUTIONS FOR COMPLIANCE

Transcription

1 CDW PARTNER REVIEW GUIDE PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS SOLUTIONS FOR COMPLIANCE

2 REQUIREMENTS FOR COMPLIANCE MAY BE STRAIGHT FORWARD, BUT THE PATH TO IT IS NOT As organizational needs change, often your IT infrastructure does as well. But if you re accepting credit cards as payment as most organizations do these changes to your infrastructure can rattle your compliance with the Payment Card Industry Data Security Standards (PCI DSS). Any changes made to IT components that handle or even touch credit card data can compromise compliance. Mergers and acquisitions, alterations to your security measures or adding new business distribution channels can also disrupt the technology and processes you have in place for PCI DSS. The requirements for PCI DSS are straight-forward, but there is no standardized path or off-the-shelf solution for compliance because it needs to be crafted for specific infrastructures and environments. And because there is no standard for the standards, the way to compliance can seem daunting.

3 THERE S MORE TO CONSIDER FOR PCI DSS COMPLIANCE THAN THE 12 RULES The requirements for PCI DSS compliance aren t overly complex: Twelve rules specify how to ensure the safety of sensitive information. Summarized at a high level, a password-protected firewall needs to shield cardholder data and encrypt its transmission. Systems need to be secure and have up-to-date antivirus software. Access to sensitive data needs to be restricted, monitored and tracked. Policies need to address information security for all personnel. However, it s the implementation of these rules that complicate the matter. IT and business decisions that made sense before PCI DSS may suddenly create monstrous problems when compliance becomes the goal. To achieve compliance, all systems that touch credit card data must be secured to meet the standards, so the scope of compliance requirements can quickly become unmanageable. For example, storing both inventory and cardholder data in the same database seemed like a good idea, but now the entire database is subject to PCI DSS. Or a organization that decided to store cardholder data in its customer relationship management (CRM) platform, or process card data in its ERP platform, now must restrict access to these platforms to only employees who require access to card data. Whether business or IT changes are driving you to reevaluate your approach to PCI DSS compliance or you are trying to address the standards for the first time, the right plan, technology and partner will make the difference between compliance headway and headache.

4 FIND YOUR PATH TO COMPLIANCE WITH CDW PAVING THE WAY A concise plan to become or remain PCI DSS compliant can eliminate the compliance confusion that puts cardholder data at risk. Efficient and effective planning that result in the right compliance solution requires answers to many questions, including: What are the sources and destinations of the payment card data? Do transactions flow through a single point or multiple points? Is it possible to modify a business process in order to simplify how PCI compliance is addressed? Is a PCI DSS-compliant IT service available that can be leveraged to minimize additional requirements? Teaming with an experienced partner can help you ask all the right questions and best evaluate what to do with the answers. To meet your environment s unique needs, CDW offers comprehensive PCI DSScompliance solutions that include robust security technology from a broad range of leading vendors and expert-led services. Our solution architects and assessment teams can work with you to determine: The scope of the cardholder environment How compliance will be evaluated The obstacles that can block the way Which vendors are right for you and how to execute the plan THE RIGHT SECURITY VENDOR DEPENDS ON YOUR UNIQUE ENVIRONMENT Beyond proper planning, PCI DSS compliance requires technology for firewall, access control, antivirus and reporting capabilities. Based on your needs, you can choose from a variety of comprehensive security solutions and vendors, including validated technologies for PCI DSS compliance from the following industry leaders:

5 If PCI DSS compliance is part of a broader security initiative, Cisco is well suited to provide the comprehensive set of security solutions you need. The solutions are designed to fully integrate into a organization s existing infrastructure, which helps alleviate the challenges posed by complex payment card processing architecture. ASA 5500 series appliances for threat protection are designed to address the requirements for PCI DSS and more with intrusion prevention, remote access and high-performance VPN that encrypts data in transit. These appliances can optionally include antivirus, antispam and antiphishing capabilities; URL blocking and filtering; and content control. BYOD Smart Solution is designed to provide robust mobile device security for retail environments that use mobile devices as part of their point-of-sale solution. Identity Services Engine (ISE) provides single-source, consistent policy management for practically all network connection types and end user devices. ISE provides intelligent, context-aware security that allows only authorized users to access data and only from devices that are appropriate for the data. Integrated Services Router is designed to address nine of the 12 PCI DSS compliance requirements with capabilities for firewall, password protection, stored data, encryption, antivirus, systems and application security, monitoring and reporting, security testing and policy definition.

6 The name Trend Micro is practically synonymous with antivirus products, which are key for achieving PCI DSS compliance. But beyond antivirus capabilities, Trend Micro has solutions that address seven of the 12 compliance requirements. The Deep Security solution is designed to provide firewall protection, help ensure policy compliance and identify vulnerabilities and guards them against intrusion. It also protects web applications and the payment card data they process and it provides monitoring capabilities required for PCI DSS compliance. A next-generation virtualization solution a joint effort with VMware is designed to leverage the benefits of virtualization for payment card processing architectures without jeopardizing PCI DSS compliance.

7 SonicWALL PCI solutions address many PCI requirements, and even go beyond them, with innovative technologies such as application intelligence and control and Reassembly-Free Deep Packet Inspection (RFDPI) technology. Backed and approved by an independent PCI qualified security assessor, security configurations using SonicWALL next-generation and unified threat management (UTM) firewalls and SonicWALL global management system provide a solid foundation for PCI compliance and passing PCI audits.

8 LogLogic solutions are designed to provide the visibility and reporting capabilities needed to understand what is going on in a security landscape. Organizations can benefit from a large variety of built-in, time-saving capabilities in solutions that can also be customized to meet specific compliance and internal policy requirements. Staff can automate manual reporting processes and configure alerts for compliance exceptions. LogLogic enables organizations to repeatedly demonstrate compliance with PCI DSS.

9 CDW DELIVERS PEOPLE, PRODUCTS AND A PLAN FOR PCI DSS COMPLIANCE By partnering with CDW, you ll gain access to the latest technologies from across all of our partners to help you comply with PCI DSS. We will work with you to select the best components whether from one partner or many for your unique environment. At CDW, we re people who get IT. That means you get more than just the right products: You get the people, knowledge and skills you need to turn products into real solutions. We have certified security solution architects and dedicated partner specialists who have the latest partner and industry certifications. These security experts help a broad range of industries and organizations of all sizes from national retail chains, with more than 1000 locations, to countless small businesses understand and address the requirements for compliance with PCI DSS. It s their knowledge and experience from these kinds of engagements that enable CDW help you select the best solutions and vendors for your needs and develop an architectural plan that minimizes the scope and complexity of PCI DSS compliance. Learn more: Please contact your account manager at or visit CDW.com/pci-compliance The terms and conditions of product sales are limited to those contained on CDW s website at CDW.com; notice of objection to and rejection of any additional or different terms in any form delivered by customer is hereby given; CDW, CDW G and PEOPLE WHO GET ITTM are trademarks of CDW LLC; all other trademarks and registered trademarks are the sole property of their respective owners CDW LLC