06 October 2015


Marc Lee - Courion

8Posts 22,931Views 0Comments

PCI Compliance: not just a tick box exercise

24 February 2014  |  2398 views  |  0

Verizon recently released its latest PCI Compliance report, which highlighted that businesses are starting to realise the benefits of compliance. It seems that many of the companies that suffered breaches over the last year were PCI compliant at the time of the breach, which emphasises that being compliant is not necessarily going to ensure security. This begs the questions, what else can be done?

As this universe of user identities and access points is growing exponentially, protecting critical company assets against unauthorised access, while maintaining compliance, is becoming increasingly challenging for organisations. Big Identity Data (BID) generated from these access relationships can be used to provision smarter IAM, eliminating audit pains and identifying potential access risks, before they have turned into a real threat for the organisation.

As threats are increasing, companies also need to move beyond the out-of-date mindset of periodically, and manually, reviewing access risk every three, six or twelve months. New security processes are required to ensure that financial service organisations and banks do not lose control over sensitive, private information. It can never be a tick box exercise, as the standard is protecting extremely valuable data.

An outdated approach to managing access to sensitive data exposes financial organisations to significant risk from hackers and other security threats, as there’s no real time view into how this information is being accessed and used. Instead of relying on manual compliance to keep up with regulatory changes, as so many banks do, modern financial organisations need to consider automated systems in order to avoid policy and regulatory non-compliance in the modern work environment. 

Certain facts are hard to contest and sadly reading about the latest data breach has become part of daily life. E-criminals are using more sophisticated techniques that look for loopholes in IT and security systems. It’s critical that companies address these by installing effective mechanisms that allow them to constantly analyse access risk in almost real time and alert IT teams of any abnormal activities that breach internal security policies and compliance standards.

There’s more valuable data online than ever before, with more users accessing it. Yet security is still not at the top of every bank’s agenda. Security culture should be embedded in a financial organisation’s DNA to protect sensitive information. Access rights need to be reviewed not just on a quarterly basis, but constantly, to assure that organisations can efficiently and accurately provision, identify and minimise risks, whilst maintaining continuous compliance.


Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Marc

It’s time to wake up to the insider threat

08 May 2014  |  1359 views  |  0  |  Recommends 0 TagsSecurityRisk & regulation

Who’s to blame for the breach?

06 March 2014  |  2363 views  |  2  |  Recommends 0 TagsSecurityRisk & regulation

PCI Compliance: not just a tick box exercise

24 February 2014  |  2398 views  |  0  |  Recommends 0 TagsSecurityInnovation

Boiling the Ocean

22 November 2013  |  3658 views  |  0  |  Recommends 0 TagsSecurityRisk & regulation

Cyber Security: the Biggest Threat to the UK Banking Sector?

16 October 2013  |  3801 views  |  0  |  Recommends 0 TagsSecurityRisk & regulation

Marc's profile

job title EMEA Sales Director
location London
member since 2013
Summary profile See full profile »
I'm responsible for growing Courion's business across EMEA and building sales and channel programmes in the region.

Marc's expertise

What Marc reads
Marc writes about
Marc's blog archive
2014 (3)2013 (5)

Who's commenting on Marc's posts