PCI DSS 3.1 is scheduled to become effective as of June 30, 2016, and with that comes several changes - and challenges for security professionals. The most notable changes include:
- Clarification that PCI DSS applies to all entities that store, processes or transmits account data;
- SSL no longer being regarded as a secure technology and, therefore, no longer can be used as a security control;
- Clarification that passwords must be changed at least once every 90 days.
Some organizations may interpret these changes as an order to shore up their level of compliance. But Tim Brown of Dell argues that becoming compliant should, in fact, come as a result of your security program. All data that falls under PCI DSS 3.1 should be appropriately secured, and effective identity and access management also leads to effective compliance.
In this exclusive interview, Brown discusses:
- The biggest challenges organizations face as a result of these changes brought about by PCI DSS 3.1;
- Why network security is instrumental to ultimately meeting PCI DSS 3.1;
- How Dell security solutions prepare its customers to stay secure, pass audits today and be prepared for future changes in the standard.
As a Dell Fellow and CTO of Dell Security, Brown leverages his strong industry knowledge in retail, finance, healthcare, education, manufacturing and government to provide customers with proactive approaches to solving their greatest security and compliance challenges. Brown has over 20 years of development experience in security technology, including identity and access management, security compliance, threat research, vulnerability management, encryption, managed security services and cloud security. In addition, he holds over 20 patents on security-related topics.