This is part two of the three-part blog series dedicated to wireless PCI compliance, which is a hot topic for retailers and other enterprises that accept payment cards. Read part 1 of the series: New PCI 3.1 Guidelines Address SSL Vulnerability; part 3: PCI Compliance and Wi-Fi: Friends or Foes?
Kevin McCauley recently addressed PCI DSS 3.1 requirements and the changing technology landscape in the webinar “Do My Security Controls Achieve Wireless PCI DSS?”
Wireless technologies are evolving rapidly, presenting challenges to compliance and security officers. But the impact is not limited to just security personnel. IT and marketing, while focused on efficiencies and customer engagement, should also learn about wireless threats and trends. Brand protection is a team effort!
Read on for the in-depth look into the trends that impact wireless PCI compliance.
New 802.11ac standard & the impact on wireless PCI compliance
First off, consider the adoption of the 802.11ac Wi-Fi standard and take an informed approach to securing against vulnerabilities in that spectrum. According to IDC’s 2015 Wi-Fi shipment data,
“the 802.11ac standard continues to see adoption at a breakneck pace in the enterprise segment. The 802.11ac standard already accounts for 30% of access point shipments, representing a noticeably faster adoption rate than the 802.11a/b/g to 802.11n transition several years ago.”
802.11ac standard is also coming to consumer devices, creating a large pool of potential rogue access points.
So if you have an aging 802.11 infrastructure, don't delay an upgrade to 802.11ac technology. Best of all, this upgrade does not come at a premium as 802.11ac and 802.11n infrastructure are generally available at comparable prices.
But make sure that your new 802.11ac infrastructure indeed offers 802.11ac wireless scanning. For example, consider a leading manufacturer’s 802.11ac AP, which offers two 802.11ac radios for client access and a third radio for wireless scanning. However, this third radio is an 802.11n radio! Therefore it cannot decode 802.11ac conversation and prevent 802.11ac threats.
Internet of Things is fast becoming a reality
IDC predicts that 29 billion connected devices will exist by 2020 – how will network and security professionals cope?
“Awareness around IoT continues to grow rapidly, even though full IoT reality is expected to come to fruition over the next several years. Still, with new network infrastructure getting deployed today, having an expected lifespan of five to seven years, it is reasonable to expect it will be able to handle the increased demands of IoT-related apps and traditional network access concurrently.”
Nolan Greene, Research Analyst, IDC's Network Infrastructure group (quoting from AirTight Launches 802.11ac AP with ‘IoT-ready' Wireless Intrusion Prevention System)
AirTight is helping merchants prepare by scaling up network monitoring capabilities on its 802.11ac platform. It has the ability to monitor 2000 active wireless devices per AP, which is critical as industries of all kinds move into digital connectivity.
Equally important is the capacity of AirTight's cloud management system to scale to hundreds of thousands of devices being monitored across multiple geographies and customers. This scalability is coupled with AirTight’s patented 802.11ac WIPS technology, which allows for automated 24X7 protection and reporting.
Mobile POS & guest expectations create new requirements for Wi-Fi networks
Point of sale systems are the lifeblood of any merchant’s business. This is a well-established market and upgrade cycles can be long. However, adding mobile POS and prepping for EMV is pushing 47% of restaurants to look at POS upgrades, according to Hospitality Technology’s POS Software Trend Report 2015. This will lead to more and more tablets and other mobile devices being deployed in restaurants, for example. All of them need to be secured and the sensitive traffic protected.
At the same time, the availability of complimentary Wi-Fi access is becoming an increasingly significant factor in consumers’ choice of restaurants, according to the food industry research and consulting firm Technomic. About 40% of participants in a recent study conducted by the company deemed free Wi-Fi an “important” or “very important” consideration in restaurant selection—second only to whether an establishment includes such information as menus on its website, reports Hospitality Technology.
Retailers and restaurant operators especially face the double whammy of being asked to open up their Wi-Fi networks for customer engagement, while locking it down for security. Wireless PCI compliance will be a major factor in the decision-making process for any merchant deploying or upgrading their Wi-Fi networks.
Don't forget the human factors in wireless PCI compliance
Compliance officers are rightly concerned about human factors which can often be the soft underbelly of any security policy.
To future-proof themselves against both inadvertent security lapses and malicious internal or external actions, merchants should consider solutions that offer “behavior-based” security, which includes:
- Strong device behavioral analysis logic, since traditional signatures and threshold based security solutions can’t catch up with the evolving monitoring scenarios.
- Fast response time to threats, to tackle the new and optimized attack and policy violation triggers.
What is behavior-based security? Learn how AirTight implements it on its WIPS system from Hemant Chaskar's blog post: Will Target Breach Prompt Retailers to Raise the Security Bar?
[Tweet "3 Trends Impacting Wireless PCI Compliance via @AirTight blog"]
- The Impact of IoT on Enterprise Wi-Fi via AirTight blog – includes SlideShare
- Register to download the free ebook: “A Guide for Wireless Customer Engagement and Security“
- Why Should my Wi-Fi be PCI Compliant – infogrpahic via SlideShare
- Do My Security Controls Achieve Wireless PCI DSS? PCI Compliance in the New World of Threats – whitepaper [PDF]
- PCI 3.1 and the Impact on Wi-Fi Security – whitepaper [PDF]
- Hospitality Technology – Restaurants Add Free Wi-Fi to the Menu
The third, final installment of the series will include a Q&A with Kevin McCauley that cover the questions received during the live webinar.
Read part 1 of the series: New PCI 3.1 Guidelines Address SSL Vulnerability