Did Your Company’s PCI Compliance Survive the Holidays?

It seems that for many businesses, the first thing that suffers during the holiday crunch is anything that doesn’t bring in additional revenue – among them, maintaining PCI compliance.

Look Back to Look Forward

As you look back on the holidays, here are some questions to ask yourself:

- How many people did it take to maintain PCI compliance through the holiday season? What did that cost you?
- Does the compliance solution you’re using now cover all 12 PCI categories? Are you integrating point products yourself? How many vendors are involved?
- Do you have enough storage? Is it online? Are you assigning IDs to each credit card transaction?
- Did you put any processes in place to enable automation and scalability of meeting compliance requirements?
- What are your plans for automating and enabling scalability and manageability going forward?
- Do you have an integrated platform with a single console for reporting and managing?
- Are your sales figures better than last year? Are you going to take advantage of the improving economy to invest in compliance solutions to protect your customers?

What to Look for in a PCI Compliance Solution

These days, everyone is looking for ways to improve operational efficiency of managing security and compliance. Here are a few key considerations when choosing a solution to help you do a better, more cost-effective job of protecting company and customer information.

Automation. Automation. Automation.

If you have a semi-manual process, it’s just going to impede your ability to stay on top of issues, especially during peak volume times like the holidays. Automation is the only way to realistically, cost-effectively handle increasing volumes without hiring more and more internal auditors. Using automation, you can conduct your internal audits, hand those to external auditors, and be done with it.

Point Products Are A Compliance Weak Point

Using point products for the various PCI categories isn’t efficient or secure. You have to find products to cover all 12 categories, integrate them if possible, learn different interfaces, keep specialists on staff for each product, maintain multiple licenses and vendor relationships, and somehow still ensure nothing falls through the cracks. The more products involved, the more complicated your challenge. Look for a security and compliance platform that covers as many of the 12 categories of the PCI standards as possible.

Manageability Demands Integration

Multiple point products typically result in multiple management consoles (and often, multiple people to manage all of them). What do you do when one of those people is out of the office? At McAfee, we offer you a single unified console through tight integration with McAfee ePolicy Orchestrator® (ePO™) software. Put simply, a single person can manage and report on security, risk, and compliance across your entire business.

Take Control of Continuous Compliance in 2011

Now that the holiday crunch is over, it’s a good time to take stock of where your business is with regard to PCI compliance. If you’re serious about taking control of PCI compliance in 2011, I strongly suggest you look at McAfee Configuration Control. It’s a cost-effective way to simplify, centralize, and automate compliance monitoring and reporting to ensure continuous PCI compliance.

Tags: Compliance, enterprise, ePolicy Orchestrator, PCI, Risk and Compliance