News flash, your cloud servers are probably not secure against Internet-based attacks! OK, not really a news flash, but how many cloud server owners are actually doing something about it? By default they may have little or no network security. A basic firewall is, depending upon your provider, usually the free, included offering (if you [...]

Gartner recently released their Retail Security & Compliance Survey 2011 that details the costs associated with becoming PCI compliant. Excluding the cost of assessors – these costs are estimated at $1.7 million over the survey period, 2.35 years. Level 1s  spent approximately $2.1 million on PCI compliance and Level 2-4s approximately $1.1 million. In the [...]

File Integrity Monitoring Helps Companies Identify and Remediate Imminent Security Breaches Superior, CO – June 21, 2011 – StillSecure®, a managed network security solutions and certified compliance company, today introduced the StillSecure File Integrity Monitoring Service for organizations seeking to ensure that their systems have not been compromised and those currently struggling with regulatory compliance [...]

Last week I was asked to present at a chapter meeting of AFCOM in Chicago.  The Chicago AFCOM Chapter, along with CoreLink Data Centers, were wonderful hosts. With a topic as broad as Internet Security, it is sometimes difficult to narrow down what people should know.  after some thought and some discussions, we decided that [...]

McDonald’s announced in an email to their customers Friday that Arc Worlwide, a marketing services arm of Ad giant Leo Burnett, was hacked and allowed a large amount of McDonald’s customer data to be “obtained by an unauthorized third party.”    According to an article in the Orange County Register: Arc Worldwide, a long-time business partner of McDonald’s, told [...]

Everyone is talking about moving to “The Cloud,” but not everyone is talking about the same thing. If you’re considering moving some or all of your network infrastructure to a cloud offering you may be baffled by what people mean when they talk about “The Cloud,” what type of cloud you should use, what new [...]

While listening to Dr. Anton Chuvakin (@anton_chuvakin) the other afternoon on a webcast and talking briefly with Joshua Corman (@joshcorman) the other week, I started to realize that the problem the merchant industry is dealing with around compliance vs. security isn’t really with the PCI DSS.  The PCI DSS is just about a goal – getting people [...]

The concept for PCI Complete came about a year ago when I was tasked to improve the “PCI support” for our products and services. As I interviewed merchants, QSAs, and partners one thing became frighteningly clear, the compliance process that merchants struggle with for protecting our personal and credit card information is broken. This probably [...]

We believe it’s time our industry stepped up to the plate.  Claims that technology products will make someone PCI compliant have to stop.  Hand waves towards compliance aren’t acceptable any more.  Companies that sit on both sides of the table – both auditor and service provider – are setting their clients up for failure and damaging the reputation of our industry.

PCI compliance is the best way to give companies a solid baseline for security moving forward – but only if it’s done correctly.  It’s no wonder that the distraction of the current solutions delude companies into thinking they are secure as a result of their compliance efforts.  Compliance should be achievable and manageable so companies aren’t distracted from taking true, measurable steps towards better levels of security.

And, that’s how PCI Complete was born. Out of the frustration and confusion that we were hearing from customers; out of the pain of melding a variety of solutions, processes, and personnel to solve a problem that has vexed the vast majority of merchants and transaction processors; and, out of the gap in the market – where no single, consistent PCI solution existed.