|
More than 200 million personally-identifiable data records
have been lost, stolen, or otherwise compromised since the beginning
of 2005, a significant percentage of which were credit card
records. FaceTime solutions can help businesses to effectively
comply with PCI-DSS regulations as they apply to the control
of real-time communications traffic and anti-malware protection.
What is PCI-DSS?
PCI-DSS - or Payment Card Industry - Digital Security Standards,
to give it its full name - is a collaborative effort between
multiple credit card organizations to achieve a common set of
security standards for use by entities that process, store,
or transport payment card data.
Many of the requirements of PCI-DSS overlap with those for
other data protection and information privacy statutes, with
two important differences:
- PCI-DSS applies to every organization that accepts credit
cards, so it encompasses business of all sizes, from small
retail and online outlets to global enterprises - with similarly
widely differentiated information security
- Cardholder data is extremely portable and can be vulnerable
at many different points as it flows across multiple networks
from the merchant to the credit card issuer, not the least
of which is real-time communications networks
By protecting the integrity of credit card data, PCI compliance
should lead to greater consumer confidence that their personal
data will not be compromised by using credit cards.
The threat landscape is constantly evolving; threats are
becoming more complex, sophisticated and innovative, and data
and information are much more accessible. It is incumbent upon
all businesses handling credit card information to view PCI
compliance as an integral part of securing real-time communications.
Risk of non-compliance
Any company whose network intersects with credit card data
as it flows from merchant to credit card issuer is vulnerable
to the charge of endangering customer information and the consequent
penalties should that company be found liable to a charge of
insufficient care of that data:
- Fines levied by the acquiring banks
- The cost of replacing the cards and perhaps covering
fraudulent charges
- The cost of credit monitoring for compromised individuals
- Demotion or loss of merchant status
- Public relations fallout
- Loss of shareholder and customer confidence
PCI-DSS vulnerability concerns in a Web 2.0 world
The Web 2.0 world is all about sharing, collaboration, and
interactivity. The technology underpinning Web 2.0 is powerful,
dynamic, and designed for collaboration and communication. It's
also, for the most part, extremely easy to use and customize,
hence the rapidly-growing popularity of FaceBook widgets and
other mini-applications.
Web 2.0 gives users direct control over powerful technology
in a medium that does not have security as its first priority.
The applications and communications emanating from this new
environment frequently intersect with corporate and other private
networks, creating the potential for significant vulnerabilities
in the security of those networks.
But without the right tools, IT is unable to monitor and
manage these new points of vulnerability at all, because they
bypass traditional corporate network protection measures.
How FaceTime can help
FaceTime recognizes that Web 2.0 in general and social networks
in particular can deliver real business benefits, and that organizations
need a way to control, monitor and secure its use that ensures
compliance without impeding those benefits.
Here's how FaceTime's Unified Security Gateway addresses
certain key requirements of PCI-DSS compliance:
|
PCI-DSS Requirement |
FaceTime Solution |
FaceTime Benefit |
| 1.3.7: Denying all
other inbound and outbound traffic not specifically
allowed |
Deploy
USG at the gateway to filter web traffic, prevent
unauthorized IM/P2P use, and block malware at the
gateway |
- Prevents unauthorized traffic not detected
by firewalls or IPS from entering the or leaving
the network
|
| 1.4.1 Implement a
DMZ to filter and screen all traffic and prohibit
direct routes for inbound and outbound Internet
traffic |
Deploy
USG at the gateway to:
- locally route public IM traffic
- filter credit card data in IM traffic
- block malware over IM channels
|
- Prevent credit card information leakage
over IM
- Achieve compliance for real-time communication
channels
|
| 5.1.1: Ensure that
anti-virus programs are capable of detecting, removing,
and protecting against other forms of malicious
software, including spyware and adware |
Deploy
USG with GEM for gateway detection and prevention |
- Complements desktop firewalls
- Remediates infected endpoints without deploying
an agent on the client
|
FaceTime USG gives IT control over Web 2.0, social networking,
IM, P2P applications, and enterprise unified communications
platforms through a single dedicated appliance that sits at
the interface between the corporate network and the Internet.
Key PCI compliance features of USG include:
- Prevents unauthorized web, IM, and P2P traffic not blocked
by firewalls
- Provides gateway malware prevention and targeted remediation
of infected endpoints
- Enforces policies, manages use, and prevents information
leakage over permitted real-time communications channels
using industry-leading URL databases
- Enables unified policy management and enforcement across
all real-time Internet traffic
- Real-time content filtering across all communications
channels prevents inadvertent or malicious data leakage
- Prevents inadvertent or malicious data leakage over
all channels with real-time content filtering
- Protects against inbound and outbound threats (SpIM,
spyware, rootkits, worms, botnets).
- Ensures non-repudiation of archived messages with tamper-proof
logging and archival of online conversations
With flexible deployment options, USG fits seamlessly into
existing network topologies to offer the highest level of security
with zero latency and a low total cost of ownership.
Learn more about Unified
Security Gateway
|
FaceTime
- PCI Data Security Compliance