Data Security Firms Ally to Promote Standards

 
 
By Brian Prince  |  Posted 2007-01-30
 
 
 

Eight leading data security companies have joined forces to create an organization to educate the business community on the value of global security standards that protect credit and debit card numbers.

The newly formed Payment Card Industry Security Vendor Alliance will assist the PCI Security Standards Council—an organization composed of merchants, banks and point-of-sale vendors—in educating the business community on the requirements and business value of the Payment Card Industry Data Security Standard.

The data security standard—a series of rules commonly called the "digital dozen"—sets requirements for security management, network architecture, software design and other critical protective measures.

Each of the founding members of PCI SVA—ConfigureSoft, Cyber-Ark, Modulo Security, Proginet, Protegrity USA, Reflex Security, SafeNet and Verisign—will provide flexible PCI Data Security Standard solutions to address the needs of system integrators and business users.

"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst at Enterprise Strategy Group, in a statement.

"These standards impose compliance rules that enterprises handling credit or debit card data must resolve from business and technology perspectives. The PCI SVA is a valuable component in addressing this issue holistically."

Compliance purists stare down anti-virus threat. Click here to read more.

Members of the Alliance said they plan to create a series of case studies, seminars and white papers to show both the value of the PCI DSS requirements as well as how organizations can comply with the standards efficiently and on-budget.

David Taylor, vice president of data security strategies at Protegrity, said there is often confusion among businesses as to what kinds of security controls are required.

"Standards are a moving target," Taylor said, noting that a new set of rules, PCI DSS Version 1.1, was released in September. "They can change."

"We have a very good relationship with the PCI Security Standards Council," he said. "We want to try to help merchants determine their roadmap from wherever they are now to becoming compliant."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

Rocket Fuel