Comprehensive solution helps hotel group clear final hurdle to PCI compliance
Background: The organization operates more than 900 upscale and economy properties in the U.S. Canada and Mexico.
Challenges: With 192,000 employees worldwide, 18,000 are in the U.S. of which approximately 8,000 use the organization's computing assets. They needed to increase overall visibility into their network assets in order to automate audit preparation and ultimately achieve PCI compliance. Starting in early 2007 the organization launched a major PCI Compliance and Vulnerability Management Initiative. At the beginning their top IT executive admitted, "We didn't know what we didn't know," but as its security model matured they came to embrace a more risk-reward perspective. The organization had implemented all of the necessary perimeter and monitoring technology needed, but still didn't know enough about all of its IT assets on the network in order to fully prepare for upcoming audits. So they conducted seven months of testing and evaluating multiple vendors to determine which solutions could increase overall visibility and help clear that final hurdle to achieving PCI compliance.
Best Deployment Scenario - PCI DSS Compliance
Solution provided: After seven months of testing and evaluating several vendors, the organization chose Shavlik's NetChk Configure (formerly NetChk Compliance) to improve their security and compliance readiness. Shavlik's solution was extremely fast to implement and easy to administer. The organization was doing full scans of its IT environment within one week of installation and more importantly Shavlik Technologies delivered a solution with the capability to automatically map its system configurations directly to PCI compliance requirements. NetChk Configure can both scan AND remediate - other solutions require manual remediation of each node. The organization simply didn't have the resources to devote to this extra effort. The simplicity and automation of Shavlik has allowed the organization to assign the management of NetChk Configure to the same full-time employee who also manages its patch and threat management efforts - a significant savings as most of the other solutions evaluated would have required an additional full-time resource just to manage their single solution.
Summary: The PCI initiative was accomplished in December 2008 and the organization is now 100% PCI compliant. The results have been a measurable ROI and auditors acknowledge significant improvement in a short amount of time. The organization now has the visibility and the confidence that the auditor will simply tell them what they already know. The benefits realized include:
Centralized management frees up IT staff
Directly maps system configuration to PCI requirements
Easy and fast to implement and administer
2665 Long Lake Road Suite 400
Roseville MN 55113