Increasing Data Breaches Drive Further Modifications to the PCI DSS Global Payment Security Standard
Every enterprise in every industry has compliance requirements for industry regulations and internal policies and best practices. The Payment Card Industry (PCI) Data Security Standard (DSS) is one of the most wide-reaching standards since virtually every enterprise has individuals or organizations conducting transactions that accept, process or receive payments. Whether safeguarding payment information is an integral part of the core business – as in online retail and financial services – or an important aspect of the core business (such as internal purchasing departments, consumer payments for services provided in the public and private sector), compliance with PCI DSS standards is essential.
The PCI DSS standard is updated periodically to address growing cyber threats to customer payment information and enterprises must keep pace. Yet, according to Dark Reading, “7 out of 10 companies that achieve PCI compliance fail to maintain that status even for a year." Verizon’s research showed that only 28.6% of companies managed to remain compliant for the full year between annual assessments.”
Enforcing compliance and readiness for internal and external audits is certainly a challenge and crucial to the bottom line. This has been acutely apparent with recent breaches spanning international borders that were directly linked to lack of compliance with current PCI DSS network security standards.
The Tufin Orchestration Suite Solution for PCI DSS Version 3.2 Continuous Compliance & Audit Readiness
IT managers and PCI internal auditors must perform periodic audits every six months. It is not feasible for network security teams to manually integrate the new policies, the management and testing required for compliance, while maintaining business-as-usual. The numerous security devices (firewalls, routers and others) manage hundreds to thousands of rules which add up to an extremely complex enterprise network environment. Maintaining continuous compliance with the latest PCI DSS version requires the right set of tools and automated solutions.
Tufin Orchestration Suite maintains continuous compliance with PCI DSS v3.2:
- Reduces time and effort required for audit readiness by up to 70%
- Implements compliant network security changes in minutes instead of days for increased agility
- Increases control with a unified console for defining network zones and managing segmentation
- Performs proactive risk analysis to avoid compliance and security policy violations
- Leverages flexible, customizable workflows for full integration into enterprise ITSM processes
- Provides automated provisioning and end-to-end orchestration for multi-vendor environments to reduce complexity and human error
"7 out of 10 companies that achieve PCI compliance fail to maintain that status even for a year".