Avatar

One of my passions is around PCI compliance. I know that sounds oxymoronic. How can someone actually be passionate about something as dry as compliance? Well, for the sake of argument, I prefer delusional rationalization. I think of myself as Batman! I don’t have his intelligence, money, car, or cape (well, I do have the cape, but that is another story), but I DO want to fight injustice where I can. I do think that there are bad guys out there trying to steal my family’s hard earned money. PCI compliance is the leading method for securing the world’s payment systems. The bad guys are real, security is getting harder, and I want to fight on the side of good.

The problem with fighting crime with compliance is that it can be so complex. The general strategy to minimize the complexity of PCI compliance is to use segmentation. Segmentation typically involves putting credit card applications and devices onto its own network, and use traditional firewalls to secure the perimeter. Although effective, this method brings about its own headaches around management. Firewall rulesets can become tedious and complex. Readdressing an entire enterprise with the sole driver of compliance is Herculean. Over time, if not properly managed and sustained, this method, can lead to bloat, misconfiguration, or worse, a breach.

Enter Cisco TrustSec to the rescue. Cisco TrustSec allows companies to dramatically simplify the management of PCI compliance by eliminating the need to readdress the network. It can greatly reduce firewall rulesets. It profiles PCI devices in human terms, decouples IP addressing, making it easier for administrators to ensure that the policy is enforced. This is where we see the real strength of Cisco. By using the network in combination with firewalls and the Cisco Identity Services Engine, you start simplifying real-world business problems like compliance.

We were so excited by this technology to reduce PCI scope and simplify management that we invited Verizon assessors into our laboratories. Verizon’s assessment of Cisco TrustSec and PCI Scope Reduction is available at:
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/trustsec_pci_validation.pdf

In a crime-ridden world as bad as Gotham, it is nice to see the good guys start to get some of the toys as cool as Batman’s.



Authors

Christian Janoff

Enterprise Architect, Compliance

Security Technology Group