Myth 2: PCI will make us secure

PCI compliance does not mean total security. While it is a reliable first line of defense, potential breaches are always a possibility as technologies change. Diligence and maintenance are constantly required to maintain a safe network.

By John Kindervag

Myth No. 2 is a follow up to Myth No. 1. Once your client is PCI compliant, they may become complacent, thinking that they are unhackable. Again, PCI is designed to be good, basic, baseline security. It's meant to deter the lazy attacker. It's designed to watch the internal user. Like all security, diligence is required. The PCI audit or assessment you conduct is a snapshot in time. But as time passes, it's easy to move out of compliance or become less secure in some way. The purpose of PCI from a corporate perspective is to meet the "safe harbor" needs of the PCI standard and thereby mitigate the follow on risk associated with a breach. PCI compliance is a continual process -- a great foundation to create information security awareness and build an increasingly strong fortress around an organization's sensitive data.

Download this free guide

Could Securing Your Channel Business Be Easier? We Can Help.

Download our latest guide to the top strategies solution providers can leverage for starting up and securing a cloud practice, successful approaches to selling and marketing cloud, and why it is urgent for partners to transition now.

Five myths of PCI compliance

Introduction to the myths of PCI compliance
Myth 1: PCI is hard
Myth 2: PCI will make us secure
Myth 3: Encryption is scary
Myth 4: "I don't take enough credit cards…"
Myth 5: Product X will make me compliant

About the author

John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

This was last published in August 2007

Dig Deeper on Regulatory Compliance

All
News
Get Started
Evaluate
Manage
Problem Solve

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

MicroscopeUK

Millennial tech buyers forcing channel to change sales approach

Fresh research indicates changing attitudes to tech purchasing, and how the channel must adapt accordingly
Cofense chooses to go 100% indirect

Security player revamps partner programme as it pledges to go 100% through the channel
How Kognitio mined the reality gap on London bus time tables

The work was inspired by TfL’s open data policy and could spark ideas in other channel partners Nick Booth argues

SearchCloudProvider

Despite GDPR penalties, cloud partners note complacency among clients

Cloud firms work busily to align their businesses with Europe's data protection legislation, but many observe a lack of urgency ...
Hybrid cloud cost optimization an ongoing opportunity for partners

For all its virtues, the hybrid cloud model can create a number of cloud cost optimization and management headaches for customers...
Cloud for healthcare: What is the role of IT channel firms?

Healthcare providers are under greater pressure to pursue digital transformation this year. Learn how partners can aid cloud for ...

SearchSecurity

Government hacking tactics questioned at OURSA

The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance ...
Keeper Security forms vulnerability disclosure program with Bugcrowd

Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a ...
Another misconfigured Amazon S3 bucket exposes 48M records

News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics ...

SearchStorage

SSDs vs. HDDs: When is all-flash storage overkill?

The SSD vs. HDD analysis isn't as simple as it looks. SSD prices are falling, and capacities increasing. But HDDs are still a ...
Ultrathin memory storage device could spell breakthroughs

According to its creators, atomristor technology promises a vast improvement on modern flash storage devices, but mainstream use ...
Four situations where a multi-cloud strategy makes sense

Many businesses can benefit from using multiple cloud services, especially if they need to ensure reliability, protect privacy, ...

SearchNetworking

Router security options advised following U.S. hacker alert

A rare government alert that Russian hackers are targeting routers in the United States and the United Kingdom has security ...
Analyst balks at blockchain distributed ledger in networking

Blockchain distributed ledger technology is untested, unproven and overly complex, making it unsuitable for networking, ...
Network-as-a-service market blossoms as demands grow

The network-as-a-service market is attracting more attention, as enterprises look for ways to outsource some of their ...

SearchCloudComputing

IaaS and PaaS blurred lines increase lock-in risks

There are three distinct cloud service categories: IaaS, PaaS and SaaS. However, IaaS and PaaS are getting a little too close, ...
Single pane of glass for multi-cloud management still elusive

Unified management for multi-cloud remains a work in progress. Vendors have yet to produce the perfect single-pane-of-glass tool ...
Microsoft takes holistic approach to IoT security concerns

Azure Sphere extends security from the cloud to the device. It's the most holistic approach on the market and provides another ...

SearchDataManagement

GDPR data protection edicts make good data governance a must

The European Union's new GDPR law puts the onus on companies to ensure that their data governance and management practices enable...
GDPR rules can spur broader steps to protect sensitive data

Companies need to make compliance with GDPR's requirements on managing personal data a priority, but they should also work to ...
Data integrity protection spurs greater security spending

As hacking, ransomware and malware attacks mount, companies place big data protection and integrity among the primary reasons for...

SearchBusinessAnalytics

Cambridge Analytica-Facebook case shows need for ethical data mining

Ethical data collection practices are becoming even more important, as cases like Cambridge Analytica's misuse of Facebook data ...
Rethinking analytics processes spurs enterprise innovation

By taking a fresh look at the makeup of their analytics organizations, enterprises can innovate their business models and take ...
Diversified data sets for analytics deliver top results

Analytics teams should focus on data diversity to ensure that their projects deliver the most meaningful insights -- but they ...

Close