Lumeta is now Cyber Asset Manager. Learn More

The Sweeter Side of PCI Compliance

I can’t tell you everything about security pros (be wary of those who claim they can), but I can tell you this: no one goes into security to write reports. They take time; they’re tedious; and writing them doesn’t make your organization any safer. That said, they are important. Security compliance is not all there is to keeping your organization safe, but security standards have an important role in the process. With that role comes oversight and yes, reports.

I’m a security guy myself. Before joining FireMon, I spent 7 years running in-house security for a Fortune 500 company. We handled a significant amount of sensitive data, and part of protecting that data included regulatory compliance. Among others, we adhered to Payment Card Industry Data Security Standard, more commonly referred to as PCI Compliance.

Challenges with PCI Reporting

Barb oversaw PCI compliance at our organization. She needed PCI reports on the first of the month each quarter. My team was responsible for the reports covering our firewalls. Barb was (and still is) great — nice, friendly, easy to work with, yet our teams struggled to get the reports to her on time. Struggled is an understatement. We never got them to her on time. Creating them took my team hours to manually pull the data which meant less time to do the work we needed to do to support our security posture.

However, Barb’s reports were not only necessary to keep our board of directors informed, but they were also needed for annual PCI audits. Compliance audits are justifiably no joke. Regulatory violations have penalties that can seriously impact your ability to conduct business. The process was unsustainable. I began looking for a solution.

stack of audit papers

On-time PCI Reports with Automation

I didn’t have to look far. I looked at the tools we’d acquired for security management. FireMon was among them, and although we hadn’t brought them on for compliance, we quickly discovered they had exactly what we needed. Before, my team would take hours each quarter to manually pull a report for Barb that would inevitably be delivered past deadline. But with FireMon’s built-in compliance assessments, we set up automated reports with the information Barb needed and set it to automatically send each quarter on the day she requested.

Cookies for All

Then I promptly forgot about it. When the next quarter rolled around, I began mentally preparing to start the tedious task of PCI reporting. Before I got too far down the path, Barb showed up at my office with a huge smile and some delicious chocolate chip cookies, thanking me for getting her the report on time. My team was the first team to get her the report she needed; we were also the only team to get it to her on time.

It was the solution we needed that we didn’t know existed. We no longer dreaded the beginning of each quarter, we could stay focused on projects that improved the company’s security posture, and Barb got the information she needed exactly when she needed it. Plus, you know: cookies.

I hired FireMon before I ever came to work here, and I often share this story with security folks I talk to. “Now you might not get cookies from your Barb,” I say. “But stranger things have happened.”

About the Author

You May Also Like

MSP Landscape, an interview with Steve Martinez

We sat down with FireMon’s MSP & Cloud Operations Strategic Account Executive, Steve Martinez to discuss the latest MSP landscape. Here’s how it went: 1. Could you tell us a little about yourself and your role? In total, I have been with FireMon about 17 years, over two tours and

Read More >

Get 9X Better

See how to get:

90% Efficiency Gain by automating firewall support operations

90%+ Faster time to globally block malicious actors to a new line

90% Reduction in FTE hours to implement firewalls

Schedule a Demo