If you’re doing business and collecting payments via credit card, debit card, or other e-commerce options that allow you to store and/or transmit cardholder data, you are subject to PCI DSS compliance regulations.
In an attempt to reduce credit card fraud, the Payment Card Industry Security Standards Council developed an information security standard for those with access to consumers’ transactions and card numbers. This standard continues to evolve, and is now labeled PCI DSS 2.0. While the compliance verification process isn’t formal for all organizations, they all must meet the standard to manage liability in case of credit card fraud.
Linoma Software has published a new white paper entitled PCI DSS Compliance with Managed File Transfer that reviews the requirements for PCI DSS 2.0, and explains what role implementing a managed file transfer solution can have in meeting several aspects of the regulations, especially the protection of cardholder data. Download the white paper now, and review other resources available at GoAnywhereMFT.com.
By now, most companies have gotten the message that their data – as well as the sensitive data belonging to customers and partners – needs reliable protection from unauthorized access. The ever growing regulatory environment is making it more and more painful for any company who does not take their data security seriously.
The difference between the desire to keep data secure and actually getting it done, however, has proven to be challenging, especially considering the extraordinary amount of data that is being shared among companies and their customers, health care providers, financial institutions and more as part of daily business activities.
A common approach for sharing information with partners is to deploy a FTP or SFTP server in the “public” area of the company’s network called the DMZ (demilitarized zone) where authorized users can drop off or retrieve files. Those files will often remain in the DMZ until an internal program or user copies them into the private network for processing.
Industry regulators and compliance auditors are becoming increasingly alarmed at this practice of staging files in the DMZ, because even if those files are encrypted, they are more susceptible to theft by savvy hackers. Worse yet, if the company decides to move those file servers into the private network, they may unintentionally be allowing unwanted access through open inbound ports.
A solution that’s gaining in popularity is the reverse proxy DMZ gateway, which is used as a secure bridge between your trading partners and your file servers. A DMZ gateway allows you to move file servers and other public services out of the DMZ and into the private network without having to open inbound ports. Because it serves both as a reverse proxy for handling inbound traffic and a forward proxy for any outbound file transfer requests originating from inside your network, DMZ gateways keep the auditors happy and your data safe in the private network.
For more information about how a DMZ gateway works and what advantages it brings to your network security, please download our new white paper DMZ Gateways: Secret Weapons for Data Security. Then, let us know what you think!