Myth 5: Project X will make me compliant

Be wary of vendors who make a product seem too good to be true. There is no product that will make your network completely PCI compliant without any problems. Learn to recognize the white papers that accurately describe their products.

Published: 13 Aug 2007

By John Kindervag

Human nature is such that we look for the easy way out of problems. Product manufacturers understand this. Every product manufacturer worth its salt has a whitepaper on how they will make an organization compliant. Some of these whitepapers have good, comprehensive information that can help IT staff make responsible decisions related to mitigating gaps in their PCI status. Other vendors overstate their claims and promise much more than they can deliver.

PCI has 12 sections with many details within each requirement that must be met. Unfortunately no single product, or even a single vendor, can supply all of the "stuff" needed to become fully compliant.

The company who becomes PCI compliant will have a holistic security strategy that focuses much more on the big picture related to the intent of the requirements, than a point product focus that will create a management nightmare in the future.

Beware of the overpromising vendor.

Conclusion

The PCI Data Security Standard is neither difficult nor frightening. As you know, it is a positive, measured response to an enormously difficult and dangerous problem. As your client's trusted adviser, you can help them understand the value of compliance.

Five myths of PCI compliance

Introduction to the myths of PCI compliance
Myth 1: PCI is hard
Myth 2: PCI will make us secure
Myth 3: Encryption is scary
Myth 4: "I don't take enough credit cards…"
Myth 5: Product X will make me compliant

About the author

John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Why your company needs the Payment Card Industry Data Security Standard If you think Payment Card Industry Data Security Standard is just for merchants, think again. Here's why virtually every company can boost security and address risk issues using PCI DSS.

Does retail security take a backseat during the 'holiday IT lockdown'? The Target data breach highlighted a dirty secret in retail IT: "Holiday IT lockdown" periods that limit security activity put retailers at risk.

Amazon public cloud ready for enterprise prime time, partners and customers say Perceptions of Amazon public cloud services -- especially when it comes to security and compliance -- don't reflect reality, proponents say.

PCI DSS compliant cloud providers: No PCI panacea Organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI obligations, security experts say.

PCI DSS 2.0 standard released, but detailed virtualization guidance still unavailable This morning the Payment Card Industry (PCI) Security Standards Council, which creates standards with which anyone handling credit card data must comply, released the second version of its Data ...

PCI DSS certification: Three myths that affect its success in India When it comes to PCI DSS certification, much fear, uncertainty and doubt surrounds the standard. Here's a look at why these are just myths, not facts.

MicroscopeUK

Myth 5: Project X will make me compliant

Be wary of vendors who make a product seem too good to be true. There is no product that will make your network completely PCI compliant without any problems. Learn to recognize the white papers that accurately describe their products.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

HP expands channel finance options

Context warns channel to expect challenging year ahead on the PC front

SonicWall and Veeam enhance managed service support

SearchSecurity

Ideal DevSecOps strategy requires the right staff and tools

City of Pensacola hit by ransomware attack

Ryuk ransomware change breaks decryption tool

SearchStorage

Get to know storage-as-a-service providers and their offerings

Quobyte storage brings satellite imagery down to Earth

Startup Komprise extends data analysis to AWS object stores

SearchNetworking

7 factors to consider in network redundancy design

Silver Peak SD-WAN orchestrator scales to thousands of sites

Test your knowledge of SD-WAN deployments and testing

SearchCloudComputing

Get started with Azure tags

Review these Azure Service Bus best practices

Instill cloud change management best practices

SearchDataManagement

Aerospike 4.8 advances database persistent memory support

Data warehouse technologies evolve as vendors look skyward

How to streamline feature engineering for machine learning

SearchBusinessAnalytics

Easy-to-use coding tools a new opportunity for BI vendors

Low-code tools serve BI customer needs

Augmented analytics tools: Business uses, benefits and barriers

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.