How does my Business become PCI Compliant?

PCI compliance can be a difficult standard to meet if you are unsure where your data rests in your network. PCI compliance sets out a series of instructions that your organisation must implement and maintain in order to ensure that any and all payment card transactions are kept secure and all efforts have been made to protect and keep private the customers’ sensitive data. This can prove to be an extremely challenging endeavour if the correct systems to identify sensitive data are not already in place.

 Failing to comply with the PCI standards is a major problem, as the fines alone could put a company out of business ranging from $5,000 to $10,000 per month, depending on the severity of non-compliance. It can also ruin an organization’s reputation with major creditors.  Perhaps more importantly, not complying to PCI DSS can increase an organization’s risk of data breaches, which can create a public backlash, loss of customers, and severe reputation issues. Organisations of all sizes store large volumes of data. The storage and processing of data is an integral part of modern business. With such large volumes of data being created and stored every day, naturally sensitive data will make up a portion of this information.

Sensitive data can come in many forms. The most common of which is Personally Identifiable Information or PII. This type of data constitutes any information that indicates the identity of an individual. Examples of this type of data include names, date of birth, addresses, social security numbers and credit card information. Organisations that deal with this kind of information have an ethical duty of care to maintain the security and privacy of this data so as not to expose the details of the individuals whose data they store.

Data security standards such as GDPR and PCI DSS set out a mandate for organisations to keep certain types of sensitive information secure by having the appropriate protection methods in place. The issue that arises from the storage of a large amount of data is that as the volume of data increases, it becomes more difficult to keep track of what data you are storing. It is therefore important to identify the sensitive data that is stored in your network so that you can take corrective action to ensure you meet compliance standards. But finding this sensitive data can be a challenge.

Ground Labs solutions’ can scan both structured and unstructured data sources to help you to discover exactly what data you have and where it rests in your network. For example, if you are a financial organisation that deals with a lot of credit card information on a daily basis, you will need to ensure this data is stored safely. Issues can arise if this data is not managed and audited properly on a regular basis.  

At Ground Labs, we understand that sensitive information can sometimes get misplaced or stored in insecure locations. That’s why we have designed our product to look not just in the places you would expect your data to be hiding but everywhere sensitive data could be resting. From log files to email locations, Enterprise Recon can scan and report back on many different types of sensitive data across a vast array of target types. On-premise servers to cloud storage, Windows Workstations and servers, Exchange on-prem and O365 mail, MS SQL Databases, SAN and NAS devices. These are just some of the most common environments where Enterprise Recon has detected sensitive for our customers. Enterprise Recon comes pre-configured out of the box with over 200 data types to assist you in your search for sensitive information in your network. But if there is a specific data type that is not already pre-configured, we can assist you in creating your own custom data type profile to ensure that you have the ability to find any form of sensitive data you need.

Remaining compliant with global standards such as GDPR and PCI DSS is a constant challenge. Finding sensitive data and understanding where it is is just the first important step to achieving a compliant data storage environment. Once the sensitive data has been found, remediation action needs to be taken to ensure that the data you have found is being stored in a manner that complies with the data security standard you are endeavouring the uphold.
Enterprise Recon offers several efficient and simple options to remediate the data you have identified after scanning is complete. The options are Masking the sensitive data, securely encrypt to AES standards and secure deletion which renders all deleted files unrecoverable once carried out. These options were designed specifically with common standards such as GDPR and PCI DSS in mind. Our aim is to simplify the compliance process by taking the stress out of tackling the complex challenges of compliance and meeting them with a simple and easy to use solution. As many security experts understand, achieving compliance is not a simple one-step solution. It is an ongoing process that requires constant vigilance and auditing of your network to keep track of data at rest in your network.