Industry View
Industry View: Sharing the PCI Load
Kip Miles of Rackspace identifies two key PCI considerations for hosted services
By Kip Miles, Rackspace
November 13, 2008 — CSO — Every Saturday morning the aisles of Home Depot are filled with "do it yourselfers"—confident men and women with plans to lay new floors or retile their bathrooms by themselves. But first, the check lists: wet tile saw, tile, grout, tile cutter, a free weekend... and while they're completing their lists, somewhere in the back of their minds they're thinking. "What if I mess this up and how much would it cost for someone else to do this for me?"
Achieving and maintaining PCI compliance for a data center isn't really all that different. This time-consuming, expensive, nightmarish project is on the minds of every online retail outlet and CSO facing this year's holiday shopping season.
Even with a slowed economy, consumers are expected once again to flock to the Internet to do their shopping. Last year online retailers recorded more than $29 billion in online sales, up nearly 20 percent over last year. Mingled among those shoppers were the online thieves who can cost the average business owner more than $350,000.
To help combat online fraud, online retailers endeavor to maintain compliance with the security standards set by the PCI Security Standard Council. This draws on limited and expensive resources to reallocate data centers to match the PCI physical requirements, train and certify IT staff, report compliance and respond 24/7 to security breaches. At some point, some CSOs question, "What would it take for someone to do this for me?"
Levering hosted resources for a responsibility like PCI compliance isn't for everyone. If you can afford the resources, you can argue for the benefits of being the master of your domain. But with that, you take on the full scope of measures to prevent data breaches that may result in loss of revenue, exposure to litigation and damage to your brand and reputation in the process.
With a hosted solution partner you allow someone else to take much of the heat and carry the load for you. Online retailers gain the flexibility and freedom to manage the business of selling product and providing customer service while others manage the server infrastructure and overall hosted environment, and at the same time providing solutions and answers for PCI compliance.
When evaluating a hosted solution partner to support PCI compliance, CSOs should look for two key requirements—infrastructure and experience. This includes the ability to maintain the physical security and maintenance from servers up to the Web application layer itself. It also requires a complete list of employees who are certified and focused exclusively on PCI compliance and data center security.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
- Beyond PCI Checklists: Securing Cardholder Data with Enhanced File Integrity Monitoring
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
- CSO's Guide to Security and Compliance
- Understanding Data Location is Imperative for Data Loss Prevention
- FISMA and FDCC Compliance: Millennium Challenge Corporation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
