Organizations continue to face threats to their brands, reputations, and profits from attacks on their information systems. The Payment Card Industry Data Security Standard (PCI DSS) is designed to protect credit card information. During my five-year tenure at Cisco, I’ve been focused on PCI. The challenge that we have faced when deploying a solution to help customers become compliant and maintain a secure enterprise is the complexity. At the various trade shows that I have attended to discuss PCI, I have encountered a lot of head-shaking and looks of disgust as I bring up the topic of PCI. To help simplify PCI compliance, Cisco has released the latest Cisco Compliance Solution for PCI DSS 2.0 to make it easier for organizations to maintain a secure, compliant network.
The Cisco Approach: Network Segmentation
With the Cisco Compliance Solution for PCI DSS 2.0, Cisco provides a holistic, three-step approach for protecting credit card data, personal information, and customer identities:
1. Define where sensitive payment information flows.
Cisco understands architecture and networks. Our segmentation approach helps you reduce the footprint of your sensitive data to within a defined network scope. By segmenting your existing architecture, you can reduce audit costs and simplify maintenance.
2. Protect the segmented area.
With a clearly defined scope in which credit card data enters, flows, resides, and exits, you can easily identify the area’s perimeter. Any boundary that touches public or untrusted networks must have firewall protection and intrusion detection capabilities.
3. Make sure that you can effectively monitor the segmented environment.
The last element of the Cisco Compliance Solution for PCI DSS 2.0 is the ability to monitor the secured environment for threats, misconfiguration, and internal espionage. You must know the status of this sensitive area and the people that have access to it in order to maintain compliance.
As Figure 1 shows, segmentation allows you to simplify maintenance and reduce the cost and complexity of a PCI audit.
Addressing Security with Compliance
The Cisco PCI solution helps simplify your compliance strategy. At the same time, it provides comprehensive best practices for securing all data and provides a secure foundation for enabling new business initiatives.
Cisco and our partners have the technology and experience to help solve your compliance challenges. Independent auditor Cybertrust, a division of Verizon Business, has been assessing Cisco products and the Cisco Compliance Solution for PCI DSS 2.0 for more than five years. Cisco has been participating with the PCI Council and has been twice elected to the PCI Council Board of Advisors by global participants.
To learn more about the Cisco Compliance Solution for PCI DSS 2.0, visit www.cisco.com/go/pci.