With the announcement of PCI DSS 3.2 from the Payment Card Industry Security Standards Council hot off the press, it’s important to understand the ramifications of the new requirements.
Stated in last week’s announcement: “A significant change in PCI DSS 3.2 includes multi-factor authentication as a requirement for any personnel with administrative access into environments handling card data. Previously this requirement applied only to remote access from untrusted networks. A password alone should not be enough to verify the administrator’s identity and grant access to sensitive information.”
This means that now all of your system administrators with administrative privileges to payment systems must utilize multi-factor authentication. The good news is that Bomgar has been providing multi-factor authentication capabilities in our secure access solutions for nearly a decade. Over the years we’ve enhanced support capabilities for protocols like RADIUS and KERBEROS to include additional challenge-response mechanisms via email and have worked diligently to ensure that Bomgar is the most secure remote access solution on the market. As a result, enterprises with PCI compliance requirements have flocked to our solutions.
Bomgar provides all system administrators who need access to a PCI environment a secure method for connectivity enforced by multi-factor through our Privileged Access Management and Remote Support solutions. Bomgar’s Secure Access solutions go beyond the requirement by defining the role of the accessor and limiting their privileges to the extent that their business activity requires and can audit and report on all session events with detailed logging and video recordings. The solutions can also obfuscate the credentials that the end user needs for access to PCI environments, and rotate them upon the end of their use through our password management solution, Bomgar Vault.
And as we continue to grow our solution profile, we’re excited to incorporate even more robust and embedded multi-factor technologies that tightly integrate with our secure access and password vault products, and help our customers meet compliance requirements, such as PCI.
In practice, we aim to help all our customers protect their critical assets, by controlling the access, managing the privileged accounts, and securing the session so that businesses can connect fearlessly, while enabling peak productivity.