Networking

09:00 AM
Connect Directly
RSS
E-Mail
50%
50%

StillSecure's PCI Compliant Managed Service

StillSecure is offering a PCI-specific managed services package, PCI Complete, that secures credit card data processing, policy and process controls, and other security technologies required by the Payment Card Industry Data Security Standard (PCI DSS). Companies can leverage PCI Complete through their own data centers, across the corporate WAN, or in hosted data centers owned by ViaWest. StillSecure says other data center hosting partners will be announced.

StillSecure is offering a PCI-specific managed services package, PCI Complete, that secures credit card data processing, policy and process controls, and other security technologies required by the Payment Card Industry Data Security Standard (PCI DSS). Companies can leverage PCI Complete through their own data centers, across the corporate WAN, or in hosted data centers owned by ViaWest. StillSecure says other data center hosting partners will be announced.

StillSecure made a good choice by partnering with a recognized service provider and integrating its PCI program through them rather than creating its own data centers, said John Kindervag, senior analyst at Forrester Research. "There's more assurance that it is going to be done right by partnering with a service who knows how to properly host data--reputable people who have been around a long time," he says.

StillSecure's controls have been validated by audit and compliance firm Coalfire, which provides PCI compliance services, including  qualified security assessor (QSA) audits. ViaWest data centers are certified as compliant for Section 9, which covers physical access to cardholder data, and Section 12, which requires maintaining a security policy governing employees and contractors.

StillSecure's managed security services are implemented through a physical or virtual appliance and covers credit card handling in the companies processing center as well as in remote sites like retail stores, service stations with convenience stores, etc. The service creates a single, PCI-compliant card-processing environment in a hub-and-spoke scenario, with multiple locations feeding card data to a central point through secure connections.

StillSecure says that its service will meet 165 of 176 PCI requirements if it is "deployed in a PCI-compliant or Section 9-compliant facility." The service includes a gap analysis to determine what a company has to do to reach compliance. Some requirements are outside the control of StillSecure and can only be addressed by the credit card processor, such as having the proper anti-virus, password policies, secure coding practices, compliant point-of-sale (PoS) systems and WPA or WPA2 wireless security for all access points. Included in the service is consulting for the customer to satisfy the requirements for which they are responsible. The security controls provided by PCI Complete, combined with the customer's own controls, completes the package.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed