PCI DSS compliance has been around for more than 10 years. Networking and firewalls have been in use in corporate data centers for much longer and covered entities have relied on these technologies to segment their PCI environments and reduce their compliance and audit burdens. Today’s data center environments are more complex, abstracted, and distributed. The techniques and technologies utilized by bad actors have also evolved. As a result, we continue to see reports of high-profile data breaches. QSAs continue to issue findings on critical PCI scoping and segmentation errors, on failures to properly isolate the CDE and connected systems traffic, and for having networks that are too flat.Read more »
The ability to accurately scope and segment your PCI environment is a critical first step of an effective and sustainable PCI compliance program. The PCI Standards Council published the "Information Supplement: Guidance for PCI DSS Scoping and Segmentation" to help organizations identify the systems that are in scope for PCI DSS; and also offers considerations for using segmentation to reduce the number of systems in scope for PCI DSS controls. Executing these activities is not always easy for many organizations.Read more »
AWS launched its new event, re:Inforce, last week and engaged thousands of security practitioners and professionals in a conversation that is top of mind for everyone: SECURITY. The buzz at the event confirmed it.
Read more »
Credit card payment processing methods and the infrastructure and systems that support these processes have evolved significantly over the years. It is not uncommon to have applications where the software stack is running on different compute platforms and geographically dispersed. Organizations are also using third-party cloud services to deliver discreet activities in the shopping and payment process. As the scope of PCI broadens to include an increasing range of on-premise and third-party services, and a combination of old and legacy technologies, visibility and control become more critical.
Read more »
The shipping and energy infrastructure around us can be pretty inspiring. It reflects years of labor by our men and women, the scale of our economy, the power of our ingenuity. If you sit for a while and watch the ships coming in and out of harbor, you feel connected to history and the wider world. Yet cargo is not the only thing that’s moving.Read more »