Scribd
Upload
29 views15 pages

PCI Compliance Solutions and Vendor Guide

The document discusses PCI solutions and what to look for in a vendor. It covers the current state of the PCI market, how to get the most from PCI solutions, how to choose a vendor, whether one vendor can address all needs, and some conclusions. The document provides advice on focusing on policy and procedure over just technical fixes, leveraging industry analysts in the selection process, having realistic expectations of what one vendor can do, and taking a long term strategic view rather than just focusing on short term compliance.

Uploaded by

sa9317982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views15 pages

PCI Compliance Solutions and Vendor Guide

The document discusses PCI solutions and what to look for in a vendor. It covers the current state of the PCI market, how to get the most from PCI solutions, how to choose a vendor, whether one vendor can address all needs, and some conclusions. The document provides advice on focusing on policy and procedure over just technical fixes, leveraging industry analysts in the selection process, having realistic expectations of what one vendor can do, and taking a long term strategic view rather than just focusing on short term compliance.

Uploaded by

sa9317982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Specific Solutions for PCI and

What to Look for in a Vendor

Geoff Webb
Senior Product Marketing Manager
NetIQ
Agenda

§ PCI Solutions – state of the market


§ Getting the most from your PCI solutions
§ How to choose a vendor
§ How much can one vendor really do?
§ Some conclusions
The state of the market

§ Summary of current market conditions


§ Window to compliance is closing
§ New vendors constantly entering the market
§ There is a need to not only implement, but also
document
§ Increasing need for security of hosts and applications
(vs. network devices)
The state of the market

§ Summary of current market conditions


§ Window to compliance is closing
§ New vendors constantly entering the market
§ There is a need to not only implement, but also
document
§ Increasing need for security of hosts and applications
(vs. network devices)
§ Fragmentation of vendors for PCI solutions
§ Few broad vendors (many niche vendors)
§ MSP? Appliances? Software solutions? All?
The state of the market

§ What can be solved technically?


§ Many requirements in PCI are technical but…
§ …many are procedural
§ Some are fundamentally cultural
The state of the market

§ Back to basics
§ Not everything is a technical fix
§ Start with policy and procedure
§ Build a policy that matches PCI
§ Understand how that policy maps to your
organizations
§ Roll it out
§ Track it
Policy-led compliance
Getting the most from PCI

§ Is PCI just overhead?


§ There are ways to realize some ROI
§ Plan beyond compliance
§ Better security reduces risk
§ Operational efficiencies can be realized
§ Shorter path to meet future compliance goals
Choosing vendors

§ What to look for in a vendor


§ Experience and references
§ Ability to implement in the timeframe
§ Ability to support more strategic goals
§ Technical support capabilities
§ Geographic support
§ Financial viability
§ Depth of knowledge upon which you can draw
Choosing vendors

§ What to avoid
§ New to the space (e.g., new to log management)
§ No track record with PCI DSS
§ Too narrow an offering
§ Over-promising
§ Too rigid a solution
§ Must be positioned beyond PCI
Choosing vendors

§ Smoothing the process


§ Leverage industry analysts (e.g., Gartner, Forrester)
§ Be clear on objectives for that relationship
§ Pilot and refine
§ Look for as broad support as possible
§ Reduces the number of relationships
Choosing vendors

§ Smoothing the process


§ Leverage industry analysts (e.g., Gartner, Forrester)
§ Be clear on objectives for that relationship
§ Pilot and refine
§ Look for as broad support as possible
§ Reduces the number of relationships
§ Plan for problems
§ Most implementations take 12 to 18 months
§ Most cost more than anticipated (150% to 350%)*
* Aberdeen Group
How much can one vendor do?

§ Have realistic expectations


§ Build in ample time for integration with your
existing processes
§ Plan to support from within your own resources
§ Define areas of competency
§ Don’t forget to track and document as well as
secure
Some conclusions

§ Don’t panic
§ OK, just a little.
§ Do be proactive
§ Work with vendors to set expectations
§ Measure their success
§ Hold vendors accountable
§ Don’t be too short-term focused
Questions?
Click on the questions tab on your screen, type in your question
(and name if you wish) and hit submit.

You might also like