The evolution of the communications industry to converged networks running voice and data applications has spurred significant conversation around the need for enhanced security solutions. After all, adding voice traffic — and the large number of endpoints accessing the converged networks — naturally increases security risks.
It’s probably not something most people have cause to think about, save IT managers and CTOs.
But, if you use credit cards, you’re actually closer to this situation than you would care to believe, and closer than I would have cared to believe. You see, over the past few years, I have had credit cards from the same issuer replaced at least three times due to potential security breaches. That’s cause for concern, and it’s made me think about what the bank is doing to address the situation.
Of course, I don’t have insight into the specifics of the situations. Nevertheless, I have to wonder, knowing that there is a strong possibility it has to do with network intrusion. Frankly, I know people who have had to deal with identity theft and credit card fraud, and it’s not something I care to encounter myself. I promise you, it’s not fun.
That said, I have to believe the institution is taking steps to address the situation. No bank can afford to ruin its reputation for a lack of investment in appropriate security, not to mention the high cost to replace thousands of cards.
But, there are factors playing against these banks and, indeed, they may not themselves be entirely at fault here — if at all.
The simple fact is that Internet purchases are at an all-time high — it’s convenient, it reduces travel time, and you can find more products at the lowest possible prices. This holds for consumers as well as businesses, who are also finding it increasingly convenient to order online from vendors like CDW and W.B. Mason.
What it all amounts to is that purchasers are increasing their own risk simply by leveraging technology. It also means that those vendors that operate online, along with the banks that process those transactions, also inherit significant risk, and the responsibility for protecting their customers’ confidential data.
When you factor a growing interest in migrating to IP-based communications, such as VoIP and Unified Communications, where voice, data, and other means of communication run side by side on converged networks, that risk multiplies. The move to IP Communications, of course, is being driven by a combination of factors, including aging legacy systems that need to be replaced, a drive for enhanced productivity and collaboration enabled by UC solutions, and, of course, the need to cut costs, which has always been a driving force for VoIP adoption.
Why is this relevant?
Your credit card data is no different from any other communications packets that traverse any of the multiple communications channels in use today, which means it is equally at risk, as recent security breaches have shown.
What it means is that it is incumbent upon businesses that are privy to such sensitive information must carefully consider their options for network security, including encryption, resource access control, security policy enforcement, traffic monitoring, and threat mitigation, in order to effectively secure the sensitive customer data that runs across their networks.
Specifically for the card payment industry, the PCI Security Standards Council has a stated mission to drive payment account data security education and awareness, including development of the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a comprehensive set of requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures designed to help organizations proactively protect customer account data.
The PCI Standards Security Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.
Compliance with PCI DSS is an integral part of the security considerations of any business that handles sensitive cardholder data; it also must become a critical component of developing security solutions for today’s VoIP and UC infrastructures.
I had the pleasure of hosting a Webinar recently focused specifically on these very concerns — how to ensure PCI compliance when deploying IP communications solutions. It’s a foregone conclusion that vendors are going to continue to enhance their solutions, which only increases the need to for education around appropriate security measures.
To talk about the PCI DSS itself, and to delve into the specific security implications of VoIP and UC deployments with regards to the Standard, Sipera Systems’ vice president of Marketing Adam Boone joined Trevor Horwitz, principal at TrustNet for an event called, Credit Card Security Rules: Do Your Enterprise’s Communications Systems Threaten Compliance?
Sipera Systems provides education and solutions for real-time UC security for both businesses and service providers. Much of its expertise is gleaned from the research conducted by its VIPER Lab, allowing Sipera to develop its solutions for comprehensive threat protection, policy enforcement, access control, and privacy protection for its clients and a variety of vertical markets, including finance, healthcare, government, education, retail, manufacturing, and more.
TrustNet provides consulting and solutions to help businesses identify, measure, and manage technology-related risks across their various systems and business processes, leveraging cutting-edge security technology. It has significant expertise in managing compliance with PCI standards.
The two firms, in fact, recently announced a partnership to help drive market awareness and adoption of the measures required to secure credit card data with an eye toward PCI DSS compliance.
Leveraging their firms’ overlapping areas of expertise, Boone and Horwitz spent an hour not only explaining PCI DSS and the impact of VoIP and UC on compliance, but also discussed many of the common vulnerabilities and risks that business must consider as they formulate a technology migration strategy, including best practices from real-world experiences, and how to effectively assess your network for risk and exposure.
If your company has already deployed VoIP, UC, or SIP Trunking solutions, or is planning to do so, be sure to check out the archived Webinar today. This is your opportunity — and it’s your obligation to your company and its customers — to ensure you are up to speed on the latest security measures. Don’t wait until it’s too late and you have to explain how a security breach resulted in exposure of critical data. Take proactive measures now.
No comments:
Post a Comment