Create Backward and Forward Compatibility
Attribute No. 6: Create backward and forward compatibility
Interoperability with the relevant set of related systems should be a given with any emerging technology. In the case of access control and to meet PCI requirements, the base-line integration points are with LDAP, Active Directory, remote and network authentication systems (TACACS and RADIUS), configuration and change management systems, encryption applications, and even security information management (SIM) systems.
From an architectural perspective, many large companies keep PCI data on mainframe systems which, despite any potential interoperability issues, are still critical systems. As companies embrace virtualization as a way to maximize resources while minimizing costs, all potential support and interoperability issues specific to virtual environments must be considered as well.
As the first mandate developed specifically for ensuring a specific set of best practices for information security, the PCI DSS standard has been instrumental in aligning security operations to business processes. With other mandates and laws such as the Health Insurance Portability and Accountability Act (HIPAA) undergoing refinements to make security controls more clear-cut and effective, the vendor community has stepped up and made compliance management a reality-enabling security managers to automate critical aspects of compliance-driven audit preparation and reporting.
As security teams have learned time and time again, when you automate highly-manual, error-prone processes, the result is almost always an improved security profile. In an industry not known for good news, it's worth acknowledging the progress that IT security professionals, lawmakers, vendors and other members of the information security ecosystem have made in aligning security and compliance objectives.
Dave Olander is President and CEO at Xceedium. Dave assumed the President and CEO position in January 2010. Prior to that, Dave served as senior vice president of engineering. A seasoned executive, Dave joined Xceedium from netForensics where he was vice president of engineering. At netForensics, Dave led strategic development of their security information management product family. Prior to netForensices, Dave was at Raritan where he instituted new engineering processes to accelerate delivery of Raritan's second-generation digital KVM switch.
Dave has over 25 years of senior leadership experience and product engineering management with HP, AT&T Bell Laboratories, BEA, Novell, UNIX System Laboratories and Improv Technologies. Dave's product experiences span UNIX operating systems, middleware platforms, out-of-band access solutions, and security software. Dave holds a Master's degree in Computer, Information and Control Engineering from the University of Michigan, and a Bachelor's degree in Computer Science from Clarkson University. He can be reached at firstname.lastname@example.org.