PCI Security compliance
Move past legacy security challenges & protect your PCI compliance in the cloud
PCI security compliance challenges
Online commercial transactions will hit an estimated $2.35 trillion by 2017 according to eMarketer in their Worldwide Retail Ecommerce Forecast. Ensuring customer confidence in protecting their credit card data, then, is essential for any online retailers. As the ecommerce industry continues on its rapid-growth trajectory, these organizations have begun to adopt more agile IT infrastructures that are scalable, cloud-based, and dynamic.
Unfortunately traditional security controls are not designed to operate effectively in these new environments. Organizations need a variety of IT controls to secure credit card information and to comply with Payment Card Industry (PCI) Data Security Standard (DSS) regulation, and their existing legacy tools can’t keep up.
Halo solves your PCI compliance needs
The CloudPassage® Halo® automated security & compliance platform solves these challenges and provides businesses with the easiest way to achieve compliance with the PCI DSS.
Halo consolidates your traditional PCI controls into a single platform
Where traditional security tools are segmented and bolted-on, Halo provides within a single platform that integrates with your existing orchestration tools in order to provide seamless, continuous PCI compliance.
- File integrity monitoring
- Software vulnerability management
- Configuration management
- Strong access control/server account management
- Log management
- Intrusion detection
Halo satisfies the six PCI DSS goals
Goal 1: Build and maintain a secure network and systems
Halo can ensure that local firewall software is installed and configured properly.
Goal 2: Protect cardholder data
Halo continuously monitors for presence and configuration of encryption functions and access restrictions to cryptographic keys. This monitoring can be performed for operating system, application, and database platforms.
Goal 3: Maintain a vulnerability management program
Halo detects known software vulnerabilities; can enforce secure authentication and logging; ensure ongoing secure configurations; proper maintenance of accounts; monitoring of change control process and environments; and auditing of system and application changes.
Goal 4: Implement strong access control measures
Halo’s system configuration scanning and server account management addresses the majority of server-level access control requirements. Halo also provides a centralized view of server accounts and their privileges across cloud hosting environments.
Goal 5: Regularly monitor and test networks
Halo provides extensive scanning, usage monitoring, logging and alerting capabilities. Halo’s File Integrity Monitoring feature satisfies the PCI DSS requirement for detecting and alerting unexpected changes to critical system files.
Goal 6: Maintain an information security policy
Halo automates deployment and operation of a broad range of controls in rapidly changing public, private and hybrid cloud hosting environments which provides a solid foundation for a consistent and reliable information security policy.
Achieving PCI DSS peace of mind in the cloud
This white paper details the evolution of industry regulations for PCI compliance and how to maintain compliance while benefiting from the scale and cost-effective benefits of the cloud.