PCI DSS compliant online backup solution

If your business accepts card payments, then it will need to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS). Your customers will expect the data on their credit and debit cards to be suitably protected by organisations like your own, and the 12 basic security requirements that make up PCI DSS are instrumental in helping to minimise the risk of data theft and fraud. At the same time, secure online backups are imperative in the interest of smooth business operations and continuity. But have you given much thought to the importance of such backups also being compliant with PCI DSS, and whether you may presently be breaking compliance?

Proxar IT Support helps to draw businesses’ attention to this aspect, via its dedicated PCI DSS online backups. There are so many measures that conscientious businesses need to have in place to ensure PCI DSS compliance. They need to ensure the building and maintenance of a secure network, for example, with a firewall configuration being installed and maintained for the protection of cardholder data and no vendor-supplied defaults being used for such security parameters as system passwords. Cardholder data can be better protected with its encrypted transmission across open, public networks, while a vulnerability management program will also need to be overseen, with secure systems and applications being developed and maintained and anti-virus software also used and frequently updated.

Those firms wishing to ensure their compliance with the PCI DSS standard also need to oversee the implementation of strong access control measures, with access to cardholder data being restricted by business need-to-know and a unique ID being assigned to anyone with computer access. Networks also need to be regularly monitored and tested, and an information security policy maintained. In short, plenty of work is required to ensure PCI DSS compliance, but many firms are unaware of how easily they could find themselves in violation of the standard. Secure online backups can certainly pose difficulties in this respect. A robust, offsite backup depends on the storage of data in a location geographically separate to that of the source data. This requirement does not change with the attendant need to be PCI DSS compliant.

Your business may already carry out a great volume of card transactions on a daily basis, with major card suppliers like VISA and Mastercard. You may have therefore already invested significantly in ensuring PCI DSS compliance, including shoring up your network security and having a strong firewall in place to give your customers confidence that their cardholder data is being suitably protected. Your present backup arrangements may involve a daily copy of all data being made on a disk or tape. But with encryption not being used for either the tape or disk, PCI DSS dictates against the data not only being taken offsite, but even copied. Taking such a disk or tape offsite therefore constitutes a breach of PCI DSS compliance.

That’s why your firm may instead turn to the secure online backups of Proxar IT Support, which are completely designed around the requirements of PCI DSS compliance. Our PCI DSS online backups involve the secure transmission of strongly-encrypted nightly backups. These secure online backups are held offsite, encrypted in a data centre, with the raw data not being accessible to any individual, at any stage. In the event that a restore is required, our technology enables you to easily and quickly retrieve lost files, which are again entirely encrypted in readiness for transmission back to your network. You can then unravel this encryption once the backed up data is returned to the confines of your firewalled network.

It all helps to explain why, when so many firms operating online require completely compliant PCI DSS backups, they choose Proxar IT Support.

For more information please contact us