Dave's Blog

How to build a multi layered approach to compliance and security

September 2, 2021

Anti-virus and office firewalls are no longer enough to fend off cyberattacks alone. In fact, the only way to deal effectively with therisks that make companies vulnerable is if they work together with solution vendors. At the same time, complying with regulations has also become achallenge that must be met.

In a recent SentryBay Twitter poll over 50% of respondents said that their current infrastructure has either failed PCI assessments or is non-compliant with the PCI Data Security Standard (DSS). More than half told us they either believe PCI regulations are not fit for purpose or need adjusting for current hybrid working models. Many indicated that the difficulty lies in addressing numerous security needs as well as contradictory data security standards and compliance requirements.

PCI requirements, despite these findings, are designed to help protect organisations from cyberthreats, but in the context of the huge rise in remote working, it is not always easy to find a suitable approach to managing both.

The fact is that there is no single offering or solution that solves an organisation’s security, privacy and compliance needs on its own. What is required is a multi-layered approach that integrates complementary products and services. This should incorporate policies that allow organisations to block cyberthreats and proactively address gaps in compliance as an interlinked, continuous process

The two disciplines must go hand in hand so that a positive feedback loop that promotes agility and responsiveness can be implemented. This is important because companies are finding PCI compliance to be very complex.In our poll, 24% said that educating employees on their PCI requirements is a leading concern, almost 24% pointed explicitly at process contradictions that create confusion, while 22% said security demands are onerous.

Amidst this perhaps the most alarming finding was that 15%of those that we spoke to said that their organisation experienced a security breach in the past year as a likely result of mishandling payment card or related information.

Companies are fully aware of the dangers of all the different forms of cyberattack. The difficulty is in finding a way to maintaining a compliant cybersecurity posture, even if the organisation has dedicated security resources.

We have written a whitepaper that aims to help outline a suitable approach to covering all security and compliance bases. We outline why it is important to make it multi-layered and backed by regular revision and reviews as the landscape evolves. We fully acknowledge that card and account payments strategies are front of mind in these issues, with personally identifiable information (PII) and personal healthcare information (PHI) at risk in many everyday transactions. At the same time, with governing authorities outlining and mandating new requirements to help safeguard consumers, companies face multiple privacy frameworks and standards in addition to PCI DSS.

The overall objective should be to deliver responsive agility, partly by facilitating incremental change in the face of evolving threats.

Download the Whitepaper
Oops! Something went wrong while submitting the form.

Related Products

explore products

Related News & Resources