Corporate level first
In the process of becoming Level 1-compliant, La
Senza focused first on implementing IBM ISS,
concentrating at the corporate level. It also
purchased and implemented IBM's Intrusion
Prevention (IPS) and Intrusion Detection (IDS)
systems.
In essence, the Security Solutions framework
helps retailers like La Senza "drive fraud out
of the process by helping to protect the
identity of transaction parties and the
integrity of transactions themselves," says
Richard Orgias, security systems manager of
sector solutions for IBM.
La Senza uses IBM's ISS, IDS and IPS on all of
its headquarters-based IBM servers. IDS,
Marcotte says, "helps ensure that internally or
externally, nothing unauthorized is touching our
system."
All of La Senza's data logs, including those not
generated by IBM system applications, are sent
in real time to IBM's Managed Services
repository where they are monitored in real
time.
The bottom line, Marcotte says, is that the
Security Solutions framework gives La Senza
executives "peace of mind."
"There really is no return on investment working
on projects like becoming PCI-compliant," he
says. "It is about eliminating the risks and a
matter of knowing that our data is secure and
our brands are secure and safe. That's
protection for our customers and protection for
our brand.
"Even if we have to pay a fine for being
non-compliant, that would not be as bad as
having our brand name enter the newspapers
because we lost critical customer data," he
says. |
