BOSTON, MA--(Marketwire - December 9, 2009) - In a new study on
PCI DSS and Protecting Cardholder Data,
the organizations earning top results were found to achieve and sustain
compliance with PCI DSS at a 50% lower cost than all other respondents. The
third annual study on protecting cardholder data by
Aberdeen Group, a Harte-Hanks Company
(
NYSE:
HHS), provides year-over-year insights into the progress that
affected organizations have made in achieving and sustaining compliance
with PCI DSS, as well as the specific areas of greatest challenge.
The research showed that consistent network vulnerability scanning,
application vulnerability scanning, and penetration testing are core
capabilities for enhancing security and achieving and sustaining PCI
compliance. The top-performing companies in the study are spending 61% less
than all others in these areas, while achieving better results. The threat
landscape is constantly changing, and realistically companies can neither
adopt a "set and forget" approach to security nor hope that either the
compliance requirements or the threats will simply go away. Most attacks
can be avoided by being vigilant -- regardless of whether the organization
has been certified as PCI compliant.
Data protection represented an area of above-average investments that
yielded below-average results for the majority of respondents, as well as
one of the consistently largest gaps between the leading and lagging
performers in current use of enabling technologies such as encryption,
enterprise key management, content monitoring and filtering, and access
management. While all companies should do a better job of leveraging these
technologies to protect cardholder data in the here and now, they should
also pay close attention to collaborations between payment processors and
technology solution providers to promote alternatives such as tokenization
and end-to-end encryption for the elimination of stored cardholder data
altogether. The most effective way to protect data is not to block the
attacker, but to take away the attacker's target.
"Over the course of three annual benchmark studies on PCI DSS and
protecting cardholder data, Aberdeen's research has shown that for the
leading organizations PCI compliance is a natural outcome of best practices
in IT Security, as opposed to a mere check-the-box effort at compliance,"
said Derek E. Brink, CISSP, vice president and research fellow for IT
Security, Aberdeen Group. "The top performers in the 2009 study achieve and
sustain PCI compliance at a 50% lower cost than all other participants,
while still dedicating sufficient resources for sustainable programs and
improvements."
A complimentary copy of "
The 2009 PCI DSS and Protecting Cardholder
Data" report is made available in part by the following underwriters:
SAINT Corporation, and Tripwire.
To obtain a complimentary copy of the report, please visit:
http://www.aberdeen.com/link/sponsor.asp?cid=5892.
To view complimentary 30-minute webcasts highlighting findings from this
and other Aberdeen IT Security research, visit
http://www.brighttalk.com/channels/1209/view.
For additional access to complimentary
Information Technology research, visit
research.aberdeen.com.
About Aberdeen Group, a Harte-Hanks Company
Aberdeen provides fact-based research and market intelligence that delivers
demonstrable results. Having queried more than 30,000 companies in the
past two years, Aberdeen is positioned to educate users to action: driving
market awareness, creating demand, enabling sales, and delivering
meaningful return-on-investment analysis. As the trusted advisor to the
global technology markets, corporations turn to Aberdeen for insights that
drive decisions.
As a Harte-Hanks Company, Aberdeen plays a key role of putting content in
context for the global direct and targeted marketing company. Aberdeen's
analytical and independent view of the "customer optimization" process of
Harte-Hanks (Information - Opportunity - Insight - Engagement -
Interaction) extends the client value and accentuates the strategic role
Harte-Hanks brings to the market. For additional information, visit
Aberdeen or call (617) 854-5200, or to
learn more about
Harte-Hanks,
call (800) 456-9748.
© 2009 Aberdeen Group, Inc., a Harte-Hanks Company
451 D Street, Suite 710
Boston, Massachusetts 02210-1928
Telephone: (617) 854-5200
Fax: (617) 723-7897
www.aberdeen.com
Contact Information: Media Contact:
Derek E. Brink
Aberdeen Harte-Hanks
(617) 854-5254
Derek.Brink@aberdeen.com