Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Agiliance Launches Cloud-Based PCI Compliance Service

Governance, Risk and Compliance (GRC) solutions provider Agiliance today announced the launch of Agiliance Continuous Compliance Service™ (CCS) for PCI, a cloud-based solution that manages the entire PCI life cycle.

Governance, Risk and Compliance (GRC) solutions provider Agiliance today announced the launch of Agiliance Continuous Compliance Service™ (CCS) for PCI, a cloud-based solution that manages the entire PCI life cycle.

Priced at $87,500 per year, Agiliance CCS for PCI enables organizations to build a GRC program to satisfy all internal and external stakeholders over time. The company says its solution helps overcome the dilemma of continuous consulting and transition to an approach of continuous compliance instead, with an investment payback ranging from two to six months for Level-1 and Level-2 merchants.

The new requirements of PCI 2.0 present a daunting challenge. They require an organization’s existing security policies to include virtualized environments, policy governance, risk remediation and 100 percent asset coverage. The sheer volume of data required to scope, analyze, mitigate, certify and maintain people, assets, data sets and applications renders the traditional approach of continuous consulting in combination with Microsoft Excel spreadsheets ineffective.

Eric Schou from McAfee suggests that automation is key when it comes to compliance. “With the amount of regulations worldwide, there is no possible way you can remain compliant with out some kind of automated solution. In fact, there are already more than 400 compliance mandates worldwide, and 50% of companies have to comply with 10 or more regulations annually. Annual PCI audits and quarterly SOX reports tend to cause the most pain these day, but don’t fall into the trap of focusing on an individual regulation or audit. Trying to handle regulations “one by one” is a recipe for disaster,” Shou writes in his recent SecurityWeek column.

According to Verizon’s 2010 PCI report, only 22 percent of businesses achieved compliance at Initial Report of Compliance (IROC). An independent survey conducted by PSC Payment and Security Experts reveals that this number falls to 18 percent within 60 days of certification. Consequently, many organizations will be pressured to improve the way they operate and automate their PCI compliance process.

Agiliance says that with its CCS for PCI solution, organizations can achieve the following benefits:

• Certify 61 percent faster

• Save over 50 percent in costs

• Remove audit fatigue

• Improve reputation

• Achieve real-time monitoring of PCI compliance status

• Provide current documentation, evidence and reports for both internal resources as well as external consultants (e.g., Qualified Data Security Companies and Qualified Security Assessor)

Written By

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...