services conglomerate, must secure access to systems holding PCI data. Achieving compliance requires investments in tech
ACHIEVING COST-EFFECTIVE COMPLIANCE One solution for a wide range of compliance controls
With stricter industry regulations, Andrew Stark, CISO of a major financial services conglomerate, must secure access to systems holding PCI data. Achieving compliance requires investments in technology, the assessment and validation process and maintaining compliant status. Andrew wants a low-cost, operationally efficient solution that can protect sensitive data from sophisticated cyberattacks and meet compliance objectives.
Architecture Compliance Needs
Limiting Access to Systems with Sensitive Data
• Identify users and systems interacting with PCI data quickly and efficiently. • Minimize large audit footprint of multiple systems and users connected to systems holding PCI data. • Streamline multiple hardware and software solutions to meet compliance requirements. • Prevent traffic from untrusted sources from interacting with systems holding sensitive data.
FIREWALL BREACH OPENS UP PCI DATA Authorized communication path
Andrew creates secure communities of interest (COI) with Unisys Stealth® that consist only of personnel and systems authorized to handle sensitive data. Systems with sensitive data are invisible to untrusted sources and data transferred across the network is unavailable to unauthorized parties, limiting the scope of compliance audits. Supporting wide range of compliance controls, Stealth™ reduces the security application footprint with fewer products to purchase and administer. The software-based solution enables access by identity, not physical devices, so the security of sensitive systems moves with the user for easier management and less overhead.
Corporate Data Center Retail Banking Division
Network breach or unauthorized access
Payment Server
Unauthorized access path
Reporting Server
Attackers accessing PCI data on Reporting Server
Attacker
Core Banking System
ATM Server
• Isolates infrastructure holding PCI data from all other systems.
Microsegmentation to Meet Compliance
• Identifies traffic flow of sensitive data in real time, saving cycles spent on scope analysis before annual audits. • Visualizes network traffic to quickly find users and systems connected to PCI infrastructure, decreasing compliance audit scope, cost and time. • Protects transmitted data across open, public networks by encrypting all traffic within COI.
PCI COMPLIANCE WITH STEALTH Authorized communication path
Corporate Data Center Retail Banking Division
Network breach or unauthorized access
Payment Server
Unauthorized access path Unauthorized access averted Members assigned to Stealth COI
Reporting Server PCI data protected as Reporting Server (now part of Stealth COI) is invisible to attackers.