Today, Enterprise Management Associates® (EMATM) published a white paper titled,"PCI and Remote Support: How Compliant are the Keys to the Kingdom?" in conjunction with Bomgar, the worldwide leader in secure, appliance-based remote support solutions. The paper outlines how organizations may be failing to meet The Payment Card Industry Data Security Standard (PCI DSS) regulations due to their remote access and support technology. The PCI DSS contains specific requirements for businesses that handle personally identifiable information linked to payment accounts. Ensuring this data isn't compromised due to unsecure remote access systems used for IT support and administrative purposes should be a top concern for any organization handling credit card and payment data.
The challenge of maintaining PCI compliance comes with the main responsibility of keeping personally identifiable information confidential and safe, requiring a focus on IT security tactics, including network defense, vulnerability assessment and data encryption. The white paper notes a specific requirement that calls for strong controls over access to cardholder data management systems, which applies to technologies that enable IT support teams to access and fix IT resources, such as data center systems, employee desktops and laptops, mobile devices, or supported products and technologies in use among customers. Remote access systems provide the capability to directly view and control systems that may hold private cardholder data, so those systems must comply with the PCI DSS from end-to-end. This poses a challenge for companies that use hosted or off-premise remote support solutions as they must ensure that all of their vendors and service providers also adhere to the PCI DSS.
Industry experts agree that it's imperative for organizations to take a good look at their remote support and access solutions to ensure compliance and prevent major data breaches. In fact, Verizon's recent 2011 Data Breach Investigations Report found that remote access and desktop services is the number one attack avenue for hackers, with a whopping 71% of all of the hacking attacks that they assessed conducted through this vector.
So how do you know if your payment data is secure and you're compliant with PCI standards? Nathan McNeill, co-founder and VP of Product Strategy for Bomgar, says keeping remote support internally hosted and controlled keeps you in the driver's seat. "Passing your private data through third-party servers puts yours and your end-users' information at increased risk to fall into the wrong hands," said McNeill. "Most remote control tools cannot integrate with LDAP, some leave little to no audit trail, and others route sensitive data through off-premise servers. With the Bomgar on-premise remote support solution, which works behind your personal firewall, these security challenges are mitigated."
Bomgar (bomgar.com) is the worldwide leader in secure, appliance-based remote support solutions. The company's award-winning solutions enable organizations to improve IT support efficiency by securely accessing and managing virtually any system - Windows, Mac, Linux, BlackBerry, the iPhone, iPad and most versions of Windows Mobile, regardless of their location. More than 5,500 companies around the world have deployed Bomgar's enterprise-class solutions to rapidly transform their IT support functions and significantly improve operational efficiency and customer satisfaction while dramatically reducing costs. Bomgar is privately-held with offices in Jackson, Atlanta, San Francisco, Washington D.C., Paris and London. In 2010, Bomgar was named one of the fastest-growing technology companies in America by Deloitte.