18th PCI London, 24 January 2019, London, UK
“There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks,” Rodolphe Simonetti, global managing director for security consulting, Verizon
The elephant in the PCI DSS room is this: why, after more than a decade of developments in standards, technologies and best practice, a very significant proportion of companies subject to the regime are either unable or unwilling to achieve compliance, or, if they initially achieve it, to maintain it?
In the mix of people, process and technologies, something must still be going wrong.
So what is it?
One answer can be found in the classifieds: too many companies looking to achieve compliance still hire PCI DSS project managers on a six-month contract – the clear implication being that they view compliance as a project rather than a process.
The fact that so few companies maintain continuous compliance seems to confirm that committing resources to PCI DSS post-initial compliance remains an issue.
This approach is building up real trouble for the firms that employ it. It was never a sustainable way to deal with protecting customers from data compromise and in a world of rapid digital transformation and technology change it will be exposed as foolhardy.
But the other reason for continued failure is that PCI DSS compliance is getting harder, widening the gap between the resources and skills devoted to it and the complexity of the challenge. Companies’ tech landscape is expanding and changing. Multi- and hybrid Cloud is the norm. Digital transformation, new payment, banking and e-Commerce platforms complicate things further as do acquisitions and other core business issues.
So are current models of PCI DSS staffing and resources fit for purpose in this new world? If not, what does a best practice PCI DSS compliance system look like? And where can technology help?
The 18th PCI London will look at the latest in the processes and technologies used to protect payment and personal data. There will be real-life case studies, strategic talks and technical break-out sessions from PCI teams behind some of the world’s most admired brands, who know, just like you, that payment security is now more important to business than ever.