View Transcript

Kurt: I really see three main challenges over and over again with organizations who are trying to achieve PCI compliance, especially as they’re moving into the cloud.

The first is understanding the scope of their cardholder data environment. PCI DSS is very specific about how to define the scope, but it is more difficult in a cloud environment, and I find that a lot of organizations misunderstand how to actually define that scope properly, which then results in making it very difficult for them to achieve compliance.

The second challenge is understanding the shared responsibility model in the cloud. Cloud vendors are not responsible for all of your security or compliance and understanding that is key to being able to achieve PCI compliance.

And then, finally, once they do understand what their responsibilities are, a lot of organizations really struggle in determining what tools they need to buy and then implementing, managing, and monitoring those tools to meet the PCI requirements. They lack the staff and the processes to actually make that work easily.

ACCELERATE COMPLIANCE

With Armor, any technology team can manage compliance in the cloud, giving you the assurances needed to manage sophisticated payment applications with increased flexibility, scalability and reliability.

Armor provides security and compliance benefits by mapping security controls to PCI compliance mandates that reduces regulatory scope, simplifying the auditing process and lowering management costs.

MEET THE COMPLIANCE EXPERT
To help you navigate the hundreds of controls and simplify your approach, CISO Kurt Hagerman talks about the challenges, pitfalls and best practices in the world of PCI compliance.

Easier PCI Cloud Compliance

Simplify the burden of PCI DSS compliance with Armor. Data workloads and applications protected by Armor inherit compliance controls from our PCI DSS 3.2-compliant managed cloud security solutions. This means easier PCI DSS assessments and heightened security without the need for additional overhead or DIY security tools.

Why Armor for PCI DSS compliance:

  • PCI DSS 3.2-Compliant Solutions: Armor cloud security solutions are compliant against PCI DSS 3.2. This means that our solutions are configured to meet standards set by the PCI Security Council.
  • Inherited Compliance Controls: Armor customers receive inherited compliance for data workloads and applications from our PCI DSS 3.2-compliant solutions.
  • PCI DSS compliance Expertise: Cloud-ready organizations trust us to protect their customers’ payment card-related data at all costs.
  • Security-driven compliance: True cloud security is more than just a checklist; it’s about letting compliance be an outcome of a security program, not its driver. Our approach to security does just that: proactive cyber security powered by the experts in our 24/7/365 security operations center (SOC).

Our purpose-built managed cloud security solutions were created to simplify compliance – minimizing PCI DSS-related anxiety and preventing breaches of payment card information.

PCI DSS Cloud Compliance FAQ

Need-to-know facts on PCI compliance in the cloud

Overwhelmed by PCI DSS compliance? Learn how to overcome the complexity and prepare for your next third-party audit or self-assessment with our PCI DSS cloud compliance frequently asked questions (FAQ).

PCI FAQ

Inherited PCI DSS Controls

Armor customers inherit PCI DSS 3.2 compliance that addresses many of the controls mandated by the PCI Security Council. This means streamlined assessments as well as cost savings for organizations without robust cloud security programs.

Click on the tabs below to see key PCI DSS controls addressed by our solutions:

Armor Security Services PCI DSS 3.2 Controls Risk Mitigation
Intrusion Detection 11.4 Malicious allowed traffic
Internal Network Vulnerability Scanning 11.2.3) Exploits due to missing patches or updates; improper network firewall configuration
File Integrity Monitoring 11.5 Monitoring unauthorized changes to critical files
OS Patching/Updating 6.0, 6.2) OS weaknesses Malware Protection
Malware Protection 5.1, 5.2, 5.3 Compromise due to virus/malware infection
Log Management 10.1, 10.2.2-10.2.7, 10.3, 10.5, 10.6, 10.7 Detection of malicious activity

View the entire Armor Anywhere PCI Compliance Matrix.

Armor Security Services PCI DSS 3.2 Controls Risk Mitigation
IP Reputation Filtering Security best practice Activity from known bad sources
DDoS Mitigation Security best practice Loss of availability due to high volume of malicious activity
Web Application Firewall 6.6 Application layer flaws and exploits
Intrusion Detection 11.4 Malicious allowed traffic
Network Firewall (Hypervisor-Based) 1.1.5, 1.1.6, 1.1.7, 1.2.2, 1.2.3, 1.3.3, 1.3.5 Unwanted network connectivity
Secure Remote Access (Two-factor authentication) 8.3 Unauthorized remote use of administrative access
Secure Remote Administrative Access 2.3 Disclosure of administrative credentials
OS Patching/Updating 6.1, 6.2 OS weaknesses Malware Protection
Malware Protection 5.1, 5.2, 5.3 Compromise due to virus/malware infection
Log Management 10.1, 10.2.2-10.2.7, 10.3, 10.5, 10.6, 10.7 Detection of malicious activity
Physical Security 9.1, 9.2, 9.3, 9.4 Physical theft or compromise of data

View the entire Armor Complete PCI Compliance Matrix.

Find Your PCI Compliance Solution

PCI DSS Compliance Expertise

Leverage our PCI DSS expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support to support the team responsible for managing PCI DSS-related cloud security controls.

  • Our CISO is your CISO: Add to your cloud security roster with experienced cloud security experts to help guide you through compliance audits.
  • Certifiable cyber security badasses: Relentless monitoring and rapid support from highly trained professionals with a combined 60 cyber security certifications.
  • Proven cloud security results: Our SOC managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016.

Our talent doesn’t just extend your team, they become part of it – seamlessly incorporating their skill set and expertise into your cloud security roster. Together with our best-of-breed security technologies, they guarantee a level of cloud security and performance that only Armor can provide.

Learn More About Our Expertise and Processses

Security-Driven PCI DSS Compliance

Our approach to cloud security focuses on security first, letting compliance follow as a result. It’s why we’re able to boast a protection rate of 99.999% across all customer instances alongside streamlined PCI DSS attestation.

We do this by orienting and adapting our managed security solutions to achieve the highest level of protection in the cloud.

  • Advanced threat intelligence: We stay ahead of emerging threats using data aggregated from 150-plus global sources and Dark Web monitoring. We leverage this intelligence to form a proactive defense around all customer instances so they’re protected before threat actors can even initiate their attack. View the results of our ongoing threat intelligence in the monthly Armor Threat Intelligence Briefing.
  • Transparent cloud security: Track the status of your Armor-protected data in the Armor Management Portal. This intuitive, single-pane-of-glass-view delivers real-time insights into your security posture, including when patches are needed, malware events, OS logs and firewall rules.

With nearly a decade of cloud security experience and expertise, we’ve standardized effective processes for defending against even the most sophisticated cyber attacks. This provides peace of mind that your customers’ payment card data is secure and compliant – helping you maximize your cloud investment.