Qualys Updates PCI Compliance ToolBy Ericka Chickowski | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The solution offers approved scanning to give channel partners visibility into customer environments and practices so partners can better recommend mitigations that would improve compliance with PCI and also overall security.
This week Qualys introduced an update to its PCI compliance product that it says will help channel partners put tools in the hands of customers that lay the groundwork for future compliance projects via improved self-assessment questionnaire processing and augmented progress tracking.
The new QualysGuard PCI 4.3 bolsters the solution's power to offer approved scanning to give channel partners visibility into customer environments and practices so partners can better recommend mitigations that would improve compliance with PCI and also overall security.
"What we've provided (with QualysGuard PCI) to our partners is a portal to manage their own customer base," says Terry Ramos, vice president of product for Qualys. "Those approved scanning vendors who are our partners have the ability to log in and see how the merchant is complying and really manage what's happening with those merchants."
Ramos says the most important improvement in this iteration of the product is the addition of the SAQ Wizard, which offers an automated way find the correct SAQs, fill them out and submit them with as little pain as possible. Prior to instituting the Wizard, many merchant customers needed their hands held by their channel partners or by Qualys to understand exactly which SAQs they needed to complete and why. The new utility enables end customers the ability get started down the path of on-going compliance and wait to engage with partners until the really important steps of mitigation once questionairre results are in, Ramos says.
The other major improvement is a progress tracking system that is linked to the PCI Council's Prioritized Approach, which gives out-of-compliance merchants guidance on which projects to focus on first when the organization has a lot of work to do to achieve compliance.
"What we did is we took that Prioritized Approach and overlaid it into what we're providing, so now if a merchant goes through the process they see that priority (ranking)," Ramos says. "For the channel that's important so they can see how the customers are meeting those requirements and help them prioritize. So now they can help customers really focus and say 'O.K., we've got to do this section first, this requirement next...' and so on."
In addition to these new tools, QualysGuard's existing SaaS model should definitely appeal to channel partners looking jointly looking with customers for a tool that will enable both entities to control the compliance process as a team, Ramos says.
"It is on demand, so customers and partners can log in anytime," he says. "For a channel provider this is big because they don't have to build their own platform, they don't have to do anything extra. It is delivered off of our SaaS platform for both merchants and them."