Provide a brief description of the Solution, Service Provided, or Initiative
Canadian retailers and companies with an online e-commerce presence must now adhere to the Payment Card Industry Data Security Standards (PCI DSS) for the protection of cardholder data of consumers and businesses. End to End Networks provides a managed service for PCI governance, risk, and compliance. The service we provide assures our clients’ security risks are addressed as part of best practices and rigorous audit processes. When it comes to compliance, businesses often make the mistake of viewing compliance as a “checklist” as opposed to an ongoing process. The assumption is that their responsibilities end once compliance is achieved. With continuous changes to regulations, evolving security threats need to be accommodated. A network is a living and breathing entity which means constant changes need to be tracked and analyzed to ensure compliance remains intact. We have developed a unique Managed Service offering for governance, risk, and compliance which directly satisfies PCI DSS requirements, guaranteeing a stamp of approval for the annual certification process. End to End Networks’ Managed Service has resulted in hundreds of successful PCI audits conducted by leading Qualified Security Assessors (QSA) including: Deloitte, KPMG, Telus, and Trustwave. Description of the service: Changes to the network are constantly required and as our clients’ Network Managers, it is our responsibility to ensure a change management process is in place to sustain compliance. We ensure all changes are tracked and validated to eliminate potential risks. For risk analysis and remediation, we conduct a PCI Policy Review and Risk Assessment with our clients to examine critical security and business approved risks. The ability to provide an audit trail is critical to the majority of compliance directives. Our Managed Service includes a variety of reporting and logging capabilities so that critical information is readily available. We have developed an automated reporting process to audit against industry standard security parameters, conduct point-in-time device scans, and analyze activity logs. For optimal network performance, we use our Award Winning Client Management Portal, eView™, to manage critical devices and accessibility.
Describe what makes this Solution, Service Provided, or Initiative original or innovative
Along with pro-active monitoring and notification associated with network downtime or security attacks, our Managed Service includes an automated device configuration back up process so service restoration can be implemented quickly. We go above the accepted norm by performing security configuration audits every 24 hours, 365 days a year. In addition, our Security team is alerted to all security changes prompting immediate validation.
Describe the improvement this Solution, Service Provided, or Initiative made to the customer’s sales or revenues. What changed?
The value of End to End Networks’ Managed Service is quantified in terms of business risk mitigation and loss of revenue. PCI DSS has some very stringent and specific penalties levied by credit card companies. These can include fines as high as $500,000 per breach and the suspension of credit card transactions either of which can bankrupt a business. Without taking essential security measures, it can also affect a company’s corporate reputation if a security breach were to occur. Trader Corporation is a valued client of End to End Networks for over 15 years. They are a Canadian leader in print and online vertical media with approximately 160 publications and 22 websites. The company’s publications have a weekly readership of approximately 1 million and its network of web sites attracts close to 3.5 million unique visitors per month. Over the past 5 years, Trader Corporation has morphed from being a print publisher to an almost exclusive online business. As a result, Trader Corporation’s data security infrastructure has been built around PCI. Since credit card fraud is a growing concern for e-commerce sites, Trader Corporation has taken the necessary steps by working closely with End to End Networks to protect their clients’ data and guarantee 100% security. In 2009, both Trader Corporation and End to End Networks worked together to re-engineer the network architecture to meet and maintain compliance. Based on their strategic technology roadmap, they created a safe infrastructure that supports the foundation of their business and the sensitive payment card information. We optimized their PCI investment and limited their IT scope to minimize the overall impact of compliance by providing alternative cost-effective network design recommendations. We also protected and maximized their IT investment by utilizing their existing network infrastructure when considering changes to fulfill compliance requirements. Our managed service offering has also allowed Trader Corporation to leverage End to End Networks additional certified resources and reduced their recurring costs related to PCI compliance. “End to End Networks’ Security teams shortened our implementation and design cycles and minimized our infrastructure costs by leveraging our existing architecture. They have developed and streamlined a manageable IT process, reassuring us that we are meeting all security measures and are prepared for the annual PCI compliance assessments,“ says Will Crichton, IT Director, Trader Corporation.
Describe the improvement this Solution, Service Provided, or Initiative made to the customer’s efficiency. What changed?
As a leader in its industry, Trader Corporation can now say they are one of the first to be ready to meet and maintain compliance. Throughout the years, both Trader Corporation and End to End Networks have built a network together and continue to be above industry standards. End to End Networks has a team of network and security experts with certifications and over 18 years of technical experience. By leveraging End to End’s team of professionals, Trader Corporation can continue to focus on their go-to-market strategies.
How did this Solution, Service provided, or Initiative improve the customer’s ability to serve its internal and/or external clients?
Trader Corporation has now addressed the business risks of storing, processing, and transmitting cardholder information without facing any penalties. They have demonstrated their ability to stay competitive and keep above industry norms. They can now guarantee their customers and government regulators that all payment data is secure and meets compliance standards. Customers can now store their data and credit card information with confidence.
In what ways does this Solution or Service Provided go above and beyond industry norms and expectations?
Today, many Managed Service Providers offer the standard perimeter security service (firewall management and intrusion detection). End to End Networks takes a step further by tying its Managed Service to auditing functions of PCI and executing an ongoing management process for compliance. We’ve taken security management from the minimum PCI requirements and standard monthly/annual service to a daily by minute process. Since 2007, we recognized the demand to meet PCI compliance and have progressively evolved our service to satisfy our clients’ unique business needs.
