Denver International Airport, a StillSecure customer, is anticipating dramatic growth in its cardholder environment because of a planned airport expansion and fundamental operating changes. The airport is turning to managed services for PCI compliance, and as a government entity, will take part in a required bidding process to acquire a card-processing service.
Currently, the airport's credit card exposure is limited to parking facilities. Denver International segments credit card data on a separate network, including separate desktop systems. Employees who need access to both the enterprise and credit card networks use computers attached to one of the other network. The airlines and various vendors are responsible for their own card handling and compliance, said Brian Monroe, CISO of Denver International.
That will change with the upcoming airport expansion, which will include a highly virtualized environment where the airport will offer hosted services for the various airlines. "Our PCI scope is about to get huge in the next two to three years," said Monroe. "We will host the applications for the airlines, and the applications will forward any credit cards for processing. Serving up dynamic environments means we will own the infrastructure, and Denver International will handle credit card transactions for them."
However, Monroe doesn't want to take on full responsibility in-house for PCI compliance in this expanded environment. "We have the in-house expertise, but managed services make sense from a pure cost perspective," he said. "It will be more flexible, faster and more responsive to changes with the common use network."
The Coalfire QSA certification lends credibility to StillSecure's claims that PCI Complete helps assure compliance. "It's an audacious statement they are making, and they've done the right thing and gone reputable QSA," said Forrester's Kindervag. "When you talk to QSAs, Coalfire is a name that usually comes up."
