Legacy equipment, like DVRs and ATGs, often exposes an attack vector to the digital estate of the store, so how do you provide secure remote access to these and other network-connected devices for authorized employees, third-party service providers and business partners?
PCI requirements for secure remote access
Let’s start with what the PCI Security Standards Council requires. According to PCI DSS 12.3.8 and 12.3.9, remote access for vendors and business partners should only be provided when needed and should disconnect after a period of inactivity. The specific requirements read as follows:
- PCI DSS 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
- PCI DSS 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
How to securely enable remote access
With the right solution, all devices (including cameras, DVRs, ATGs and other legacy equipment) in the store’s digital estate can be fully locked down while also being securely, remotely accessible by employees and authorized vendors and business partners.
Scale Computing AcuVigil™ Managed Network Service
The AcuLink™ Remote Access service integrates natively with SC//AcuVigil™ for seamless and secure access from one dashboard. Available in the AcuVigil™ Dashboard, AcuLink provides patented, ephemeral remote access that enables secure connectivity to network devices without exposing your environment.
AcuLink™ provides these key benefits:
- Simple one-click activation of remote sessions from PCI DSS-compliant AcuVigil Dashboard
- Automatic disconnection of remote sessions after a period of inactivity
- Compliance with PCI DSS remote access requirements 12.3.8 and 12.3.9
- Compliant remote access to legacy devices like DVRs and ATGs which are not PCI compliant but are important to store operations
Secure remote access is a functionality that is typically provided by a Managed Network Service Provider (MNSP). A good MNSP is important for the security of your network but can also provide other services for increased uptime, profitability and data intelligence.
What to look for when selecting an MNSP
When selecting a Managed Network Service Provider, you’ll want to choose one that is fully PCI compliant and can provide you with an Attestation of Compliance (AOC). Other considerations are whether they are listed on the Mastercard and Visa PCI compliant service provider registries, are a certified MNSP with Verifone or Gilbarco, and if they provide reliable, 24x7x365 network support.
Keeping your network secure is crucial to keeping payments flowing, avoiding data breaches, and maintaining compliance. Other considerations include tools, equipment and services like:
- A cloud-based dashboard for visibility of all connected devices to ensure they are functional and secure
- Apps and tools for PCI compliance, management, analytics, fuel monitoring, loyalty programs, and more
- A flexible WiFi solution that can be positioned anywhere in the store
- WAN failover enabled for automatic backup network connectivity for maximum uptime
- Cellular failover, including a modem, data plan and flexible carrier options
- VPN connection setup for secure headquarters access to crucial business data at distributed locations
For more guidance, you can refer to our blog post on choosing an MNSP and preparing for outdoor EMV.
The next steps to ensuring secure remote access
Contact Scale Computing today to learn more about SC//AcuVigil and AcuLink Remote Access that provides secure visibility, increased uptime and proactive 24x7x365 network support.