Rising to PCI Challenges and Opportunities

PCI DSS provides a control framework for enterprises to improve operational, security and audit performance. However, the benefits of PCI DSS extend beyond audit costs and results. As a security model, the requirements can help companies to control costs and build a more efficient and reliable IT infrastructure that delivers better service, whilst incurring less risk. Implementing PCI DSS also creates the opportunity to improve business processes and enterprise information security operations.

PCI DSS is regulated by contracts between the sponsoring major credit card companies and their members, merchants and service providers. PCI is enforced through validation requirements to maintain and demonstrate compliance. These requirements vary amongst the payment card companies they are depend on merchant 'level' and are tied to risk recognition and transaction or account volume. In their most comprehensive form, the requirements include onsite security audits, self assessment questionnaires, mandatory penetration testing and network scans. The PCI standard requires continuous validation of security effort.

The PCI standard provides an integrated framework that combines technology, policies, education, awareness and industry best practices. By getting ahead of the compliance curve, organisations that implement PCI DSS can reduce long-term compliance costs and instil best practices across the entire enterprise, making it easier and less expensive to adhere to new future requirements and creating a leaner, more efficient organisation.

Attenda has recently joined the PCI Security Standards Council. As a Participating Organisation, we will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards. To date, for our clients, partners and prospects, we have taken the approach that our services were successfully reviewed during the course of each client's PCI DSS assessment. We are supporting our clients in their PCI DSS audits and have gained a wealth of experience in meeting the requirements of this standard. From an infrastructure perspective, we can design the architecture to meet the requirements of PCI DSS, this could include components such as firewalls, Intrusion Prevention Systems, backup systems, anti-virus systems, core network systems, operating systems and databases.

During 2010, our intention is to adopt a different approach to PCI compliance and look to build-in 'already PCI compliant' elements to the solution architectures and services that we provide, spanning the 12 sections of the PCI DSS process, thus providing the correct combination of technology and service, to reduce the cost, effort and risk associated with gaining and maintaining PCI compliance.

Head in the Clouds?

Everyone is talking about Cloud computing and the potential benefits that it brings on many levels. Cloud computing has the opportunity to dramatically change the way that applications are delivered to both consumers and the enterprise alike. This feature uncovers the business needs and drivers that will lead to the widespread adoption of cloud computing for the enterprise.

Product Focus

We are pleased to announce two new services: Microsoft SharePoint Server Managed Service and our SAP Data Archiving Managed Service. This feature tells you more about these new services.

Announcing our Client Referral Programme

Our new Client Referral Programme sets out to encourage, recognise and reward existing Clients for pro-actively referring new business to Attenda, through the introduction of a new company that could benefit from Attenda's services. Find out more about the Client Referral Programme in this article.

Delivering Flexible, Business-led Reporting with our new Client Portal

Our service management follows the ITIL v3 process framework, combining traditional systems and service management disciplines. This feature describes how the new Client Portal will provide you with greatly enhanced visibility of the service that we deliver.