Home Articles Why PCI DSS and Security in General?

Why PCI DSS and Security in General?

archives2012

By James Rees, Managing Director Of Razor Thorn Security

The other day I was chatting to a good friend of mine, Lisa. She is an information security manager for a cloud company over in the states, we were having a chat about security in the cloud market and as she was on the inside she gave me an insight into what our cousins over in the states thought about information security.

Lisa, a newcomer to the cloud unlike many of us gave me an excellent fresh eyes perspective on what cloud companies over there are doing the response she gave me was simply:

“Security is a marketable feature”

She could not be more right. Information Security has been fast becoming an important factor in the buyers list of “must have items” the general public are tired with suffering when their credit card details are stolen, or their accounts hacked they have been suffering under this for too long. For example a lady I know recently used her card in a call centre, not long afterwards she discovered somebody had emptied the account attached to the card she used as well as using all of the available overdraft facilities… The bank then froze the account for 28 days to investigate, leaving her stuck.

This type of issue has been occurring time and time again for years and now we are starting to see a demand from the public for excellent levels of security from the people we purchase items from. This is starting to ripple up through the service providers and various other companies in the service industry space and their suppliers, compliance requirements such as PCI DSS has sped this up exponentially…. People and organisations now spend their money carefully on organisations that take Information Security seriously, it’s one of the largest reasons why they buy their services from the people that they do.

Cash is dying. Cold hard cash is only good these days for small items, a chocolate bar, a packet of cigarettes, milk for the office, etc. To add to this, the high street is in a rather sharp decline and has been for some time now. Items we desire can be purchased online now for cheaper, so this is where people are going with their credit cards and their debit cards.

There are hundreds of thousands of companies out there that take card details over the internet or through call centres, this increases every day, each one of those companies taking card payments contractually when they get those merchant accounts and online merchant accounts are signed up to PCI DSS, this means they HAVE to do it. It also means there is a good chance that those companies these merchant organisations deal with will also have to comply under the PCI DSS rules governing service providers and so on and so forth, the chain of PCI DSS can pass through several layers of organisations.

Information Security Is marketable, PCI DSS is marketable. There is a massive market out there for cloud companies to take advantage of if they decide to take security seriously. But one warning, do not pay lip service to information security…. If you do NOT take it seriously at some point you will suffer a security breach, every company does at some point, and when it happens you will suffer and your business will be at risk.

If you are going to have a secure solution then make sure you get the right advice, get a professional on staff or independently to advise you and help you. Information security is commonly viewed as an IT thing, firewalls, antivirus and such software. It is not, it is much wider than that.

Good information security can not only provide you with technical security but also the ability recover faster and mitigate the damage.

Good information security is about the business and protecting your assets.

Good information security is about protecting your reputation.

Good information security is about protecting your clients and customers.

Can you afford not to have information security in the current market?

Finally. Do you want to be the next company explaining to their clients why the ‘secure’ service that you offer suffered a security breach? I know I wouldn’t want to be…

Take security seriously, get the right help to advise you, it has far too many bad consequences if you get it wrong… A simple Google search will show you how bad it can get.