74% of European security executives concerned about impact of payment card data loss
- 4 July 2007 - Qualys, leading provider of on-demand policy compliance and vulnerability management, announced today that Sysnet, Irish compliance consultancy and services organisation, has chosen its software-as-a- service QualysGuard PCI platform to underpin its PCI strategy. Qualys has now been selected by 50% of all Quality Security Assessors and Approved Scanning Vendors (47 QSAs and 62 ASVs) - globally to provide independent certification for PCI and reduce compliance risk for their customers.
All retailers and online merchants are due to comply with the 12 key security standards outlined by the PCI DSS (Payment Card Industry Data Security Standard) covering the protection of cardholder information. Original target date for compliance was end of this month – but among other factors, the complexities of the standard and relatively small security budgets of many retailers and merchants have slowed progress towards this initial deadline. But now the race is on. High profile incidents such as the TK Maxx data breach where 45 million credit card details were lost have greatly sharpened the focus. 74% of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern according to a live survey of 80 senior security executives conducted by Qualys at the Jericho Forum Conference at the InfoSecurity Europe tradeshow in April. Risk mitigation has become a key driver in the wake of these events. A streamlined process that can accurately and efficiently assess vulnerabilities on their network, prioritize vulnerabilities based on risk and remediate the vulnerabilities in a timely and cost-effective manner is exactly what retailers and the financial institutions working with them need.
“We evaluated a number of solutions in selecting a PCI partner” said Tom Moynagh, Managing Director for Sysnet “ but Qualys software-as-a-service based approach was by far the most compelling as it reduces the risk and complexity of security and compliance. We are very impressed by its ease-of-use and deployability. In the past certification has been a long and lugubrious process – now we can achieve it in thirty minutes. The six sigma accuracy and efficiency of QualysGuard is also very reassuring for our customers. They receive clear, accurate and easy to read reports which enable them to prioritise security activities.”
Moynagh also acknowledged that QualysGuard has enabled Sysnet to provide internal scanning to its customers for the first time which is a best practice advocated by PCI DSS.
“We are delighted to see Sysnet join the ranks of Qualys partners and security consultants who are expanding their business by delivering technology-enabled PCI services and reduced compliance cost customers using our on demand delivery model.” said Mark Carolan, Managing Director, Northern EMEA for Qualys.
QualysGuard PCI - built on Qualys’ well known, highly accurate and non-intrusive on demand scanning technology - streamlines and simplifies PCI compliance by providing an easy-to-use, on demand compliance dashboard that leads organisations through each major step in the certification process. As a certified PCI scanning solution, QualysGuard PCI On Demand gives partners the tools they need to evaluate the security of a merchant’s entire network quickly and accurately and then prioritize remediation efforts based on the risk the vulnerabilities pose to the organisation’s PCI compliance posture. More than 75 of the approximately 169 services organisations currently certified to deliver PCI certification are Qualys certified partners and have adopted the Qualys PCI On Demand platform for providing PCI-related services to their clients.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.