Foundation of PCI Compliance: Identity Management

Foundation of Identity Management written over image of a credit card

These days, ecommerce is quickly becoming the new normal for shopping. With a couple clicks and 16 magic numbers (plus an expiration date and a CVC/CCV code), you can get almost anything you want on the internet. But what happens to your credit card information once your payment goes through? Is it safe from hackers? Well, hopefully the IT organization behind your ecommerce purchases have been focused on the foundation of PCI compliance: identity management.

What is PCI Compliance?

PCI Compliance LogoThe Payment Card Industry Data Security Standard (PCI DSS) is a compliance regulation that covers the storage and management of customer credit card information, specifically the cardholder data environment (CDE). There are 12 sections in the requirement list for PCI DSS compliance, which ultimately boil down to a few fundamental concepts. Reducing even further, at the foundation of those concepts is identity management, or ensuring that the right people have access to CDEs and customer info, and the wrong people don’t.

Of course, controlling access to critical servers, applications, and data makes a great deal of sense, and it isn’t just limited to those organizations that are subject to PCI compliance. Identity management is a core function of practically all of IT. But, for those companies dealing with credit card information and are subject to PCI requirements, there is an added level of scrutiny to ensure that their systems and processes for user management and identity security are rock solid.

The Right Tools for the Job

Red Gear With WrenchIn many cases, PCI compliance comes down to leveraging the right tools (and processes) for the job. When it comes to identity management, no solution is better suited than the identity provider, often called directory services. With a directory, IT admins can regulate the privileges of user identities, and subsequently federate proper access to the proper people. This functionality is especially pertinent regarding processes like on/offboarding, where controlling access to sensitive data is is crucial.

One such directory service that’s gaining traction, especially in the PCI compliance space, is JumpCloud® Directory-as-a-Service®. JumpCloud innovates the concept behind traditional directory services by offering (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/foundation-pci-compliance-identity-management/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 149 posts and counting.See all posts by zach-demeyer