Configuration & Change Management

Customers are floundering with PCI compliance mandates, but that's where the channel can step in. Savvy solution providers can cut through the complexity to help prioritize projects for customers and make money by focusing on the following seven areas.

Configuration and Change Management
One of the most meaningful security practices demanded by PCI requirements, configuration and change management tools and practices are critical to reduce the number of vulnerabilities within  IT infrastructure on an ongoing basis. Unsurprisingly, these tools and practices are employed by a full 100% of organizations deemed best-in-class in PCI compliance by Aberdeen. But more than 1/3 of laggard organizations still fail to implement any kind of configuration management.

And even those who do have configuration management in place fail to automate it or audit its configurations. An April 2009 survey conducted by Shavlik Technologies showed that only 52 percent of IT managers regularly audit their configurations.  And 90 percent of them still use manual or only semi-automated configuration processes.