Bsafe Launches Compliance Software for PCI
May 4, 2010 Alex Woodie
Achieving and maintaining PCI compliance is one of the most important tasks for IT professionals working for companies in the retail industry. However, when it comes to the System i platform, PCI terms and requirements often don’t match up well with i/OS security concepts. Companies can get aid to overcome this PCI hurdle by using a power tool designed specifically for the platform, such as the new PCI Accelerator Package unveiled last month by Bsafe Information Systems.
Bsafe’s new PCI Accelerator Package is a set of pre-defined reports and alerts aimed at helping System i users speed up their compliance activities for the Payment Card Industry’s (PCI) Data Security Standard (DSS), which is a set of minimum security standards that retailers are required to maintain with their front- and back-office computer and network systems in order to continue to process credit card transactions.
While IBM security experts helped to introduce some i/OS and z/OS concepts to PCI (which was originally written from the point of view of Windows and Unix security administration), PCI compliance remains a big challenge for many i/OS shops–and a big driver of business for companies in the i/OS security business, such as Bsafe and its competitors.
The PCI Accelerator Package is not Bsafe’s first security product that addresses PCI compliance. Three years ago the company launched a product called the Policy Compliance Manager, which is a component of its flagship suite of i/OS security tools, called Bsafe/Enterprise Security, to address a range of compliance concerns, including PCI, HIPAA, SOX, Basel-II, and COBIT.
But Bsafe executives soon discovered that customers wanted more PCI-specific functionality from their investments in Policy Compliance Manager and Bsafe/ES, and that’s when Bsafe created the PCI Accelerator Package.
“Numerous companies have used Bsafe/Enterprise Security for IBM i to address PCI compliance requirements,” states Shimon Bouganim, who once again holds the title of CEO at Bsafe. “When supporting our customers in their implementation effort, we noticed the need for additional out-of-the-box functionality to meet strict compliance deadlines. This is why we decided to develop the Bsafe/PCI Accelerator Package.”
The PCI Accelerator Package functions as a sub-component of Policy Compliance Manager to ensure that certain i/OS security settings (in one or more server or partition) are configured properly to achieve and maintain PCI compliance. It does this by applying new PCI templates to the Policy Compliance Manager software, and by generating the necessary reports that demonstrate compliance.
Bsafe also included a series of alerts into the new PCI product. Whenever an action is taken in i/OS that violates the company’s PCI security policy (as stated in Policy Compliance Manager), the software can automatically generate an alert and send it to a reporting application via simple network management protocol (SNMP).
What’s more, when the software detects an activity or transaction that violates the company’s PCI security policy, Bsafe’s software can be configured to block the action, such as by revoking a special authority, disabling a user profile, or executing a custom programming. This powerful functionality is achieved through the use of triggers, the company says.
The new PCI templates are the key for achieving and maintaining compliance, says Itay “Ty” Karny, Bsafe’s vice president for North America. “Template-based compliance management has emerged as a revolutionary methodology to achieve the complex task of enterprise-wide compliance,” Karny states in a press release. “The use of this methodology provides for a consistent and systematic approach for creating and maintaining policies.”
The PCI Accelerator Package is available now. Pricing was not disclosed. For more information, visit www.bsafesolutions.com.