Nutanix, Inc. is pleased to report that Coalfire Systems, Inc. (Coalfire), a Payment Card Industry Qualified Security Assessor (QSA) company, has conducted an independent technical assessment of the core components of the software based Nutanix® Cloud Platform and found that Nutanix solutions can be used by the customer to effectively provide support for PCI DSS payment entities’ objectives and requirements. This opinion applies to common scenarios such as merchant point-of-sale (POS) and many other payment card applications.
You can read the full Coalfire opinion here.
Why is this a big deal? Companies running retail PCI workloads have to choose infrastructure that not only delivers excellent performance, reliability, ease of use, and economics, but also helps support their ability to remain compliant and secure.
Superior customer experience is often what differentiates the best retailers from the rest, and especially in the COVID era. The majority of customer interaction happens online and having an easy, secure, and intuitive point-of-sale is no longer optional for businesses.
People want personal online profiles that offer a convenient way to deal with recurring payments or quick checkouts with saved credit card information. Unfortunately, credit card fraud has gotten exponentially worse over the years and retailers have been hot targets for these cyber attacks.
Customers must be confident that retailers and online service providers are taking the appropriate measures to secure their sensitive card information against breaches. A recent survey sponsored by Centrify Corporation found that about 65 percent of victims report “loss of trust” with an organization as a result of a breach. This can result in reduced business and losing customers to more trustworthy competitors.
Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including:
- Point-of-Sale (POS) devices
- mobile devices, personal computers, or servers
- wireless hotspots
- web shopping applications
- paper-based storage systems
- transmission of cardholder data to service providers
- within remote access connections
Vulnerabilities may also extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards.
To tackle these issues, the top five payment card companies JCB International, MasterCard, American Express, Discover Financial Services, and Visa Inc. combined forces to establish the Payment Card Industry Security Standards Council (PCI SSC). PCI SSC’s mission is to govern payment processing while protecting their clients and businesses.
Protecting Cardholder Data with PCI Security Standards
PCI SSC established Payment Card Industry Data Security Standards (PCI DSS) to safeguard information. Compliance helps to alleviate vulnerabilities and protect cardholder data. These standards and security best practices must be adopted by the payment card brands for all entities that process, store, or transmit cardholder data and sensitive authentication data. Any business that transacts via credit card has a responsibility to ensure global payment account data security. Breaches do more than impact customers; they can have a big impact on a company's reputation.
Nutanix Enterprise Cloud for Retail
Nutanix, the recognized industry leader for hyperconverged infrastructure (HCI), provides a modern, cloud-like datacenter to power retail business transformation. Digitally enabled user experiences in retail require robust infrastructure, but with solutions that are easy, intelligent, resilient, and secure. Nutanix solutions support retailers and delight their end customers across channels and offer immersive personalized experiences in smart stores and ensure a connected digital supply chain.
Nutanix Technology – A Great Bet.
The Experts Weigh In.
The Nutanix platform is powerful, flexible, and scalable to virtually all environments. Coalfire - a trusted cybersecurity advisor - reviewed the Nutanix core software product for its efficacy in assisting payment card entities and PCI service providers with deployments that may be subject to assessment for the PCI DSS compliance. Coalfire assessed:
- Nutanix core platform - AOS software for HCI, AHV and Karbon software for virtualization and Kubernetes, and Prism software for management.
- Nutanix Flow software, which is network security built into AHV virtualization and managed through Prism Central.
- Calm software, which provides application automation and lifecycle management for the Nutanix public clouds as part of the Nutanix platform.
- Nutanix Files software, a scale-out distributed file storage solution supporting Server Message Block (SMB) and Network File System (NFS) on top of Nutanix AOS.
- Nutanix Objects software, a scale-out, distributed Simple Storage Service (S3) compatible object storage solution on top of Nutanix AOS.
Coalfire opines that the reviewed Nutanix solution can be effective in providing significant and substantial support for PCI DSS payment entities’ objectives and requirements.
Through a feature review and technical deep dive, Coalfire was able to evaluate the architectural integrity and completeness of Nutanix to support most of the technical controls in 11 of the 12 PCI DSS requirements.
According to Coalfire, Nutanix solutions can be effective in providing significant and substantial support for PCI DSS payment entities’ objectives and requirements. This opinion applies to common scenarios such as merchant point-of-sale (POS) and many other payment card applications.
© 2021 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.
Source:
PCI DSS Quick Reference Guide: https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf?agreement=true&time=1534870826847