News Stay informed about the latest enterprise technology news and product updates.

The effects of PCI DSS, compliance requirements on the security industry

Paul Judge of Barracuda Networks and Joshua Corman of the 451 Group discuss whether compliance hinders the creation of innovative security technologies.

Any analyst or security expert will tell you that the Payment Card Industry Data Security Standard (PCI DSS) has had a profound effect on the security industry.

The credit card giants created the PCI Security Standards Council in 2006 to supply a blueprint that merchants can use to better protect credit card data. While some studies suggest PCI DSS compliance requirements are encouraging merchants to deploy a minimal level of security, critics such as Joshua Corman, director of enterprise security research at the 451 Group, point to some potentially negative consequences.

In this edition of Security Wire Weekly, Corman and Paul Judge, chief research officer of Barracuda Networks, talk about compliance's role in shaping the security industry and whether it has hindered the emergence of innovative security technologies. Judge argues that compliance has stimulated specific security markets, cranking up competition. "Everyone benefits from a vast amount of improvements over a short amount of time," Judge said.

Corman, however, explains that compliance incentivizes behaviors and actions and can result in unintended consequences. PCI 6.6 helped fuel adoption of Web application firewalls, and "caused potentially some innovation and competition in a very narrowly defined category of security controls." But many of the security controls advocated by PCI and other compliance mandates are well past their expiration date and pretty easily defeated on a regular basis, Corman said.

Play now:

You must have Adobe Flash Player 7 or above to view this content.See to download now.
Download for later:

The effects of PCI DSS
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As

Read about how PCI DSS requirements and compliance is straining UK retail and finance firms.

Dig Deeper on PCI Data Security Standard

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.