Blumira Resources & Blog

PCI DSS: Stories from TAS United & Greenleaf

Written by Kim Brown | Feb 9, 2024 3:21:28 AM

“Blumira turns PCI DSS from a compliance conundrum into an enabler of your company’s mission.”

The Payment Card Industry Data Security Standard (PCI DSS) sets the global benchmark for protecting payment card data. It applies to any business that processes, stores or transmits this sensitive information. Achieving and maintaining PCI compliance is crucial for building trust with customers and avoiding costly fines or damage from a breach.

However, for many businesses PCI DSS can feel like an opaque technical burden detached from real business needs. The standard spans over 200 sub-requirements involving components like firewalls, encryption and access controls. This article tells the inside story of two companies that activated Blumira’s security platform to quickly achieve compliance.

The Challenge:

Securing Remote Work and Achieving Compliance

TAS United is a Texas-based telecom company with a distributed workforce of call center employees working from home. They handle sensitive payment card data, so PCI DSS compliance is mandatory. However, their existing SIEM solution from Splunk required extensive manual effort to analyze log data.  According to Tim Brewer, Systems Analyst and Compliance Officer, “You may as well have had to learn an entire new form of SQL.”

With PCI audits looming and remote staff using personal devices, TAS United needed improved visibility and automation quickly. They sought a SIEM that could accelerate compliance for their lean IT team.

Likewise, Michigan-based Greenleaf Trust faced PCI DSS requirements without resources for a full Security Operations Center. As Systems Architect Todd Tetzlaff shared, sorting through their previous SIEM’s flood of security alerts significantly burdened an already overloaded staff, and annual investigation made it hard to correctly prioritize responses. Both companies realized that the right Blumira platform yoked in compliance issues and prevented them from being a further distraction.

The Solution:

Blumira Provides Visibility and Automation

Blumira cloud SIEM stood out, with easy deployment and expert security analysis. For TAS United, it provided proof of concept, demonstrating their environment in days. According to Brewer, setup was “absolutely simple” compared to most all the alternatives they explored. Blumira immediately gave their team increased visibility.

“We don’t have to go digging to uncover findings, alerts or reports,” said Tim Brewer, TAS United Systems Analyst & Security/Compliance Officer. “We’re already getting a benefit out of Blumira without spending any time fine-tuning it – that’s one thing in the SIEM space you can’t say about other offerings.”

As importantly, Blumira automation helped TAS United accelerate PCI DSS certification. Pre-built threat detection and customizable alerts delivered the logging and reporting they needed to pass assessments. Compliance, in turn, earned them increased business from customers that needed the highest levels of security confidence.

Similarly, Blumira allowed Greenleaf Trust to cut through a lot of the noise.  As CIO Oliver Krings put it, “You’re not just getting a technical reporting structure, you’re getting the analyst.” Clear priority rankings and investigation playbooks enabled his team to focus on the most critical threats.

Both companies achieved concrete business results for different security challenges. For TAS United, it was gaining customers. For Greenleaf Trust, it was protecting client wealth without distraction. Blumira turned PCI DSS from a compliance conundrum into an enabler of these two companies’ respective missions.

Valuable Lessons Learned

All businesses working towards PCI DSS compliance can learn from the stories of TAS United and Greenleaf Trust. Their journeys illustrate three key takeaways:

First, proper data security and compliance builds credibility with customers and stakeholders. However, the path to compliance doesn’t need to detract from core business priorities.

Second, the right technology tailored to small teams makes complex standards more easily achievable. The expertise and automation of Blumira allowed both companies to focus more on growing their businesses.

Finally, manual security tasks are expensive, and can be highly ineffective. TAS United and Greenleaf Trust improved their security and compliance posture without needing to hire additional staff.

As threats and technologies evolve, PCI DSS will continue to change. But its purpose — building trust and preventing breaches — will remain relevant. For any business handling sensitive payment data, the Blumira platform turns compliance from a burden into an advantage by providing the visibility, automation, and expertise needed to secure data and enable business growth.

Blumira is certified Payment Card Industry Data Security Standard (PCI DSS) compliant by a third-party auditor. See how our service maps to PCI DSS for customers.