Got PCI? Get an MSS.
The latest version of PCI DSS promises to be a game changer. Unlike previous versions which left certain areas up for interpretation, this year’s update forces retail company security officers to put increased effort into securing the systems that face the greatest risks—this is where the private credit-card data exists, of course.
While the PCI mandate for ‘greatest risks’ protection is unquestionably the right thing to do, it also places an increased burden on any company that accepts credit or debit cards and could mean stiff penalties for any infractions, not to mention a breach. It also does not differentiate between a large organization with a robust staff or a small retail boutique that has limited resources.
Large or small, organizations need to have multiple layers of security that are proven and certified to protect their credit card data. This is exactly why a fully managed security service is essential today. A Managed Security Services (MSS) partner will create and oversee a security infrastructure for you while maintaining a comprehensive view of your entire risk-management profile—all while freeing up valuable internal IT talent.
To illustrate this point, consider a virus outbreak. Research shows that on average it takes 2.7 hours for your IT staff to remove and clean up after an outbreak. With an MSS taking this off your hands, you can put your in-house talent to better use.
At MegaPath, our clients have two concerns: data protection and compliance. We believe, they go hand-in-hand and our Security as a Service (SaaS) offerings delivered from the cloud, on-premises or as a hybrid solution for more comprehensive coverage—enable customers to address both of these imperatives.
For example, we incorporate managed logging to give users real-time collection and correlation of security events along with a daily automated review function. Taking this a step further, we also offer a Security Information Management (SIM) capability that can help identify potentially troublesome, coordinated activity across multiple devices and sites, and come up with an audit trail of these incidents for users to review.
As one should expect with a “total package” managed security program, we offer a wealth of additional products/services made available: advanced firewall/intrusion prevention with rogue-wireless detection and many others.
While I have been focusing a lot of attention on PCI, the fact is that other regulatory entities, like HIPAA, are already following suit with more detailed guidelines.
This also means that all organizations need to plan for these changes and make some decisions now that will support your business moving forward. At the end of the day, you need to decide if you want to burden your in-house staff with all of the monitoring and management required to secure your data and support regulatory compliance efforts. Or do you want an MSS provider with a total-systems view who can build out your security infrastructure, and then more nimbly anticipate and react to pending threats, as well as deliver round-the-clock, proactive support to stop such incidents before they occur?
After all, your organization needs the best possible protection without over-burdening your internal resources. So it’s best to hire an MSS company that specializes in this space—and lets your employees focus on what they were hired to do instead.
Question of the Week: How are you meeting the challenge of regulatory compliance and your overall security architecture?