Compliance made easier with systems management
We all have them — payment cards. Whether purchase, debit or credit, we use them to buy items in stores and online, make travel reservations, even pay bills. But the convenience of these cards comes with a price. Every time we make a purchase, our personal information is shared across a variety of networks, making it vulnerable to theft. So it’s no surprise that data theft has increased significantly in recent years.
The payment card industry has responded to this growing trend by developing a set of 12 requirements called the Payment Card Industry Data Security Standard (PCI DSS), designed to ensure that any organization that processes, stores or transmits credit card information maintain a secure environment. While these standards can have major consequences for noncompliance, many retailers and other organizations that process payment cards face significant IT challenges which can make achieving PCI compliance difficult.
Leveraging systems management technology can help. It can serve as a critical building block in helping retailers of all types quickly accelerate PCI compliance by building, deploying, configuring and maintaining secure systems that access and handle cardholder information.
Addressing management pain points
From an IT perspective, retail organizations small and large are often challenged by pain points centering primarily on cost, structure and security. For example, some may not have in-house IT specialists to address compliance issues, or have a need to manage multiple or remote locations. Others may only have minimal security measures in place around their point-of-sale (POS) systems, which are among the most vulnerable targets for fraud.
These concerns transcend organization size, but are often extra critical for small and medium organizations that operate with limited resources and staff. Consider City News, a Chicago-based newsstand. The small retailer with two locations recently experienced a devastating data breach that nearly brought down the business. Hackers were able to access the store’s POS system via a weak username and password, and installed software that captured and copied credit card information before it was sent to be processed. The software was discovered a year later and removed, but not before racking up a $22,000 bill for investigating the source of the violation and defining security improvements.
This type of data breach is common and typically results in lost business as a result of downtime, fines, loss in credit processing privileges, and damage to customer loyalty and brand equity. That is why meeting the PCI DSS requirements and achieving PCI compliance is so important.
How systems management contributes to compliance
Systems management plays a vital role in PCI compliance as it unifies efforts across the landscape of PCI, in the data center as well as at the endpoint. It simplifies such tasks as configuration management and OS and application patching to improve IT efficiency, while enforcing compliance obligations.
Some of the key benefits that systems management provides for PCI compliance include:
- Saving IT time by automating the routine and repetitive systems management tasks required to maintain compliance, such as software updates, approved configuration maintenance and systems patching with the latest approved versions
- Critical capabilities like automatic application of software security patches, enforcement of security policies such as password strength, remote software distribution and upgrades, streamlined IT inventory to help ensure that only approved devices are connected to your network and compliance reporting
- Ensuring the protection of private information, boosting customer confidence and loyalty
- Enabling organizations to focus on core business and saving money by avoiding penalties for noncompliance.
Attaining PCI compliance is a complex undertaking that often requires the use of a Qualified Security Auditor (such as Dell SecureWorks), along with ongoing systems management and compliance reporting applications that continually monitor endpoints. Organizations should evaluate systems management solutions that are robust, affordable, and easy to deploy and maintain. These can help reduce IT operations costs and improve management performance so that organizations can focus on their businesses and their customers.
--Ken Drachnik is the director of marketing for Dell KACE. For more information, visit the Dell KACE site.