Data security is a hot topic in government, corporate, and news circles today. It’s hard to pick up a newspaper or read an online news feed or blog without encountering a discussion of security concerns, security guidelines, or security breaches. And organizations with databases of confidential customer or patient information need to be especially vigilant of security threats.
But for the retailer, as an example, the task of keeping customer data secure and a corporate network compliant to Payment Card Industry Data Security Standards (PCI DSS) is not an easy one. Since 2004, the PCI standards have required retailers to meet stringent security guidelines, including maintaining a secure network, protecting cardholder data, regularly monitoring networks, and maintaining an information security policy. A retailer who is not compliant may face stiff fines and could even lose the ability to process payment cards.
The Wi-Fi Factor
More recently, the growing popularity and widespread use of wireless Wi-Fi networks has brought new security threats, prompting changes in 2009 to the PCI standards. The guidelines now require retailers to ensure the security of the cardholder data environment by regularly scanning all sites for wireless threats. This means that a sampling of sites is no longer sufficient and that retailers must scan all sites at least once a quarter, whether they use Wi-Fi or not. As a result, many retailers who thought they were compliant are scrambling to address issues they didn’t know they had.
Detecting Rogue Wireless Devices
Enter the Hughes PCI Wireless Scanning Service, a new tool to assist retailers to quickly and cost-effectively meet the revised PCI standards. As part of the service, which is an enhancement to the Hughes Security Services suite, Hughes operates a centralized delivery system employing a wireless access point at each retail location, which scans for the presence of unauthorized wireless devices. Any rogue wireless device is detected automatically and the retailer is notified electronically for remediation actions. Optionally, Hughes can dispatch a trained technician to locate and remove the rogue device.
The new wireless PCI scanning service from Hughes is a turnkey, fully managed solution that includes everything a retailer needs for compliance, including software, hardware, and a monitoring system. Supporting the standard Wi-Fi frequencies, including the recently ratified 802.11N, the system exceeds PCI requirements by continuously monitoring all sites. In addition, the service provides automated remote containment of suspected rogue access points for added protection before a security breach can spread.
Streamlining the Compliance Process
“By eliminating the costs and complexities of deploying access points at all sites, the Hughes PCI Wireless Scanning Service can help reduce compliance management costs,” said Doug Medina, Hughes senior director of enterprise marketing. “There’s no need to hire additional IT staff to manage and monitor a wireless network or to travel and inspect all sites once a quarter.”
Because the wireless monitoring network seamlessly integrates with a retailer’s existing network, minimal network engineering is needed by internal staff. Hughes supplies quarterly reports and streamlines PCI audits and examinations, making the compliance process as seamless and inexpensive as possible. As an added benefit, the wireless monitoring network can provide services such as private wireless access for employees and public guest Wi-Fi services, helping to improve return on investment.
It may not be a simple task to manage evolving security threats or meet changing PCI standards. But with the Hughes PCI Wireless Scanning Service, retailers can streamline the process—ensuring that they are preserving their PCI certification and, at the same time, safeguarding their customers.