Policy, Compliance

Debate: Should vendors deploy best-of-breed solutions to meet PCI compliance?

February 7, 2008
FOR, by Bryan Cote, senior product manager, Ecora Software

Solutions which are comprised of best-of-breed components offer clients the ability to select vendors with the experience needed to address their unique business challenges and implement those components in an incremental fashion as their compliance requirements dictate.

While it may be obvious that there are differences in competencies for a network vulnerability scanning vendor and a server configuration auditing application, those differences become more distinct when you factor in the need to apply those competencies to a host of different customer profiles and operational requirements.

All-in-one solutions tend to be configured to “typical” business and operational profiles. Best-of-breed solutions tend to address a broader set of requirements and offer broader value than simply addressing the compliance issue at hand. In terms of responding to evolving standards such as PCI, best-of-breed solutions tend to respond faster with updates and enhancements, enabling you to respond quicker.


AGAINST, by Kris Lovejoy, director of IBM corporate security strategy
Industry estimates indicate that the rate of PCI compliance is less than 50 percent, in part because it's difficult to integrate a multitude of disparate point solutions into an effective PCI security program. Companies have discovered that achieving PCI compliance can be a complex and lengthy initiative, especially when trying to design, implement and manage numerous independent PCI solutions.

Partnering with a proven and global PCI compliance provider gives customers a single enterprise that can architect, implement and manage a complete end-to-end PCI program, in the most efficient manner possible. Only a full-service PCI compliance provider can offer a fully independent and officially certified PCI assessment team and solutions (hardware, software and services) to address all 12 PCI requirements, along with design expertise and remediation staffing to help an organization achieve full PCI compliance.

PCI compliance validation is a yearly requirement. It makes sense to have a well-established partner you can trust for continued support.
prestitial ad