Somerford Associates Limited, Park House, Church Place, Swindon, UK SN1 5ED Tel. +44 1793 698 047
www.somerfordassociates.com
Management Solutions
National Survey Finds Most Companies Expect to be Compliant with PCI Standards within 18 Months
Findings indicate authentication and access among top priorities; 44 percent have
deployed two-
LEXINGTON, MA-
Survey Facts
The time is now for most companies to select, buy and deploy technologies to achieve compliance within 18 months:
- Companies across a variety of industries must comply with the PCI DSS requirements or risk steep penalties and fines – most deem compliance very important to avoiding unnecessary risk and related costs. Many firms are actively engaged in the PCI DSS compliance process by examining the specific requirements, retaining a consultant and/or implementing technologies to satisfy the industry mandates.
- Despite the latest PCI DSS compliance requirements deadline having passed in June2008, only 39 percent of respondents confirmed they are currently compliant
- Of the 61 percent of respondents that are not yet compliant, 53 percent expect to become compliant within 12 months; 65 percent expect to be compliant within 18 months
- 90 percent of those respondents not yet compliant view PCI DSS compliance as important; 44 percent consider it very or extremely important
Authentication and access technologies are clear priorities to achieving PCI DSS compliance:
- The PCI DSS regulations cover twelve specific areas across IT disciplines, with many tied to authentication and access technologies that are the current focus of investments for respondents’ compliance efforts. Many respondents have outlined specific authentication and access technologies as areas they still need to invest in to satisfy compliance requirements and to achieve key security objectives overall.
- To control individual access to computing resources and cardholder information, 74 percent have assigned a unique user ID, 63 percent have deployed strong authentication technologies and 63 percent have deployed password management technologies
- 35 percent of respondents have already deployed single sign-
on (SSO), and 39 percent have deployed physical access security cards - In pursuit of PCI DSS compliance to satisfy the 12 specific regulations: 68 percent
of respondents have already restricted access to cardholder data based on need-
to- know; 73 percent have assigned a unique ID to each person with computer access; 75 percent restrict physical access to cardholder data; 70 percent track and monitor all access to network resources and cardholder data
Companies are moving beyond simple ‘check-
- As companies work towards meeting the PCI DSS mandates, there is a group of respondents that are concerned with more than simple compliance. Instead, while interested in compliance, their primary driver is to improve their security in a holistic manner.
- 26 percent of those not yet compliant aim to have the best security available in the industry to protect data
- 31 percent acknowledge the risk of significant penalties is their primary driver for achieving PCI DSS compliance
The study was conducted in June and July 2008, culminating in 64 responses from IT
decision-
Links
Full results of the “Identity Management Trends in PCI Compliance 2008”.
Quote attributed to Omar Hussain, President and CEO, Imprivata, Inc.
“Ensuring PCI DSS compliance is at the top of the list for organizations taking payment card information – more so now than ever before with the latest deadline having recently passed and the final set of requirements and documentation to be issued by the end of 2008. Though a large majority of companies are still not yet compliant, they are actively engaged in efforts to achieve compliance. Authentication and access technologies are clearly among the highest priority, as they can satisfy a number of requirements simultaneously.”
About Imprivata
Imprivata is the converged authentication and access management company. Its OneSign platform helps organizations safeguard enterprise information assets by enabling secure employee access to networks and applications—improving user productivity and convenience, while reducing the time, risk and cost of complying with data privacy and protection regulations. OneSign has received top ratings in product reviews throughout the industry and has been awarded numerous accolades from leading publications including Information Security, InfoWorld and SC Magazine. Headquartered in Lexington, Mass., Imprivata is one of the fastest growing IAM companies with more than 650 customers and over 200 partners around the world.
- Westinghouse Rail Systems Gets Employee Productivity On the Right Track With Imprivata
August 17, 2009
- Imprivata Extends Onesign’s Identity Management Capabilities with Integration with IBM Tivoli Identity Manager
January 26, 2009
- Imprivata Nominated for Three SC Magazine 2009 Awards, Recognizing Broad Capabilities Of OneSign Platform
December 15, 2008
- AppGate CEO named most valuable performer
December 9, 2008
- Access management: AppGate Network Security
December 02, 2008
- National Survey Finds Most Companies Expect to be Compliant with PCI Standards within 18 Months
October 27, 2008
- Meggitt Avionics Chooses Imprivata OneSign for Authentication & Access Management
October 2008
- Mothercare addresses PCI compliance requirements with Imprivata
November 29, 2007
- Serco Selects AppGate to Deliver Integrated IT Security and Secure Access to Council Services and IT Systems
April 26, 2006