26 September 2016

44975

Retired Member

2,009Posts 6,489,847Views 2,284Comments

PCI Compliance: not just a tick box exercise

24 February 2014  |  2602 views  |  0

Verizon recently released its latest PCI Compliance report, which highlighted that businesses are starting to realise the benefits of compliance. It seems that many of the companies that suffered breaches over the last year were PCI compliant at the time of the breach, which emphasises that being compliant is not necessarily going to ensure security. This begs the questions, what else can be done?

As this universe of user identities and access points is growing exponentially, protecting critical company assets against unauthorised access, while maintaining compliance, is becoming increasingly challenging for organisations. Big Identity Data (BID) generated from these access relationships can be used to provision smarter IAM, eliminating audit pains and identifying potential access risks, before they have turned into a real threat for the organisation.

As threats are increasing, companies also need to move beyond the out-of-date mindset of periodically, and manually, reviewing access risk every three, six or twelve months. New security processes are required to ensure that financial service organisations and banks do not lose control over sensitive, private information. It can never be a tick box exercise, as the standard is protecting extremely valuable data.

An outdated approach to managing access to sensitive data exposes financial organisations to significant risk from hackers and other security threats, as there’s no real time view into how this information is being accessed and used. Instead of relying on manual compliance to keep up with regulatory changes, as so many banks do, modern financial organisations need to consider automated systems in order to avoid policy and regulatory non-compliance in the modern work environment. 

Certain facts are hard to contest and sadly reading about the latest data breach has become part of daily life. E-criminals are using more sophisticated techniques that look for loopholes in IT and security systems. It’s critical that companies address these by installing effective mechanisms that allow them to constantly analyse access risk in almost real time and alert IT teams of any abnormal activities that breach internal security policies and compliance standards.

There’s more valuable data online than ever before, with more users accessing it. Yet security is still not at the top of every bank’s agenda. Security culture should be embedded in a financial organisation’s DNA to protect sensitive information. Access rights need to be reviewed not just on a quarterly basis, but constantly, to assure that organisations can efficiently and accurately provision, identify and minimise risks, whilst maintaining continuous compliance.

TagsSecurityInnovation

Comments: (0)

Comment on this story (membership required)

Latest posts from Retired

Modelling fixed income: Why realtime analytics are key

29 July 2016  |  5136 views  |  0 comments | recomends Recommends 0 TagsPost-trade & ops

Who is looking after your cash?

22 June 2016  |  3177 views  |  0 comments | recomends Recommends 0

Content Marketing to promote your App

16 May 2016  |  6380 views  |  0 comments | recomends Recommends 1 TagsMobile & online

Crypto-Finance will transform financial services!

11 May 2016  |  2655 views  |  0 comments | recomends Recommends 4 TagsBlockchainPayments

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Graham Seel
Ketharaman Swaminathan
Gerard Hergenroeder
Konstantin Rabin
Matt Schofield
Anna Robert
Ian Davis
Steve Patel
Aparty Behera
Karim Maalouf