Challenges with PCI Reporting
Barb oversaw PCI compliance at our organization. She needed PCI reports on the first of the month each quarter. My team was responsible for the reports covering our firewalls. Barb was (and still is) great — nice, friendly, easy to work with, yet our teams struggled to get the reports to her on time. Struggled is an understatement. We never got them to her on time. Creating them took my team hours to manually pull the data which meant less time to do the work we needed to do to support our security posture.
However, Barb’s reports were not only necessary to keep our board of directors informed, but they were also needed for annual PCI audits. Compliance audits are justifiably no joke. Regulatory violations have penalties that can seriously impact your ability to conduct business. The process was unsustainable. I began looking for a solution.
On-time PCI Reports with Automation
I didn’t have to look far. I looked at the tools we’d acquired for security management. FireMon was among them, and although we hadn’t brought them on for compliance, we quickly discovered they had exactly what we needed. Before, my team would take hours each quarter to manually pull a report for Barb that would inevitably be delivered past deadline. But with FireMon’s built-in compliance assessments, we set up automated reports with the information Barb needed and set it to automatically send each quarter on the day she requested.
Cookies for All
Then I promptly forgot about it. When the next quarter rolled around, I began mentally preparing to start the tedious task of PCI reporting. Before I got too far down the path, Barb showed up at my office with a huge smile and some delicious chocolate chip cookies, thanking me for getting her the report on time. My team was the first team to get her the report she needed; we were also the only team to get it to her on time.
It was the solution we needed that we didn’t know existed. We no longer dreaded the beginning of each quarter, we could stay focused on projects that improved the company’s security posture, and Barb got the information she needed exactly when she needed it. Plus, you know: cookies.
I hired FireMon before I ever came to work here, and I often share this story with security folks I talk to. “Now you might not get cookies from your Barb,” I say. “But stranger things have happened.”