Home Depot. UPS. Michaels. eBay. Marriott. Jimmy John’s. Neiman Marcus. JPMorgan Chase.
These companies provide diverse services to different market segments. They range in size, revenue, and industry. They have one thing in common: credit card data breaches.
It’s no secret that 2013 and 2014 saw record numbers of security breaches, keeping consumers and retailers alike on the edge of their seats wondering if their data was secure. Of course these large retailers had security measures in place, but it’s clear that we need to expand security measures to cover more angles of the business. Safe data, happy customers, successful retailers.
Important Features of Job Scheduling Tools
But what can retailers do that they’re not already doing? Helping retailers meet PCI compliance—the standards set by the Payment Card Industry—is high on the list. Enterprise job scheduling software provides features that significantly boost retailers’ reporting capabilities. And thorough reports lead to successful meetings with auditors, which is one step closer to meeting the twelve requirements of PCI-DSS.
In a recent webinar, HelpSystems experts Robin Tatam, Director of Security Technologies, and Pat Cameron, Director of Automation Technologies, teamed up to discuss meeting PCI compliance with an enterprise job scheduler. They note that the three key features that make job scheduling tools a powerful resource for meeting regulatory requirements are:
- Audit history
- Exception reporting
- Role-based security
Find out why enterprise job scheduling software might be a secret weapon in fighting data breaches and working to meet PCI compliance.
Reporting with an Enterprise Scheduler
Perhaps one of the biggest struggles for modern retailers is finding a safe way to collect data and disseminate it to important stakeholders. The safest way to do so, of course, is to eliminate human intervention and the possibility for error or lack of integrity by automating your reporting and the delivery of your data. A job scheduler can do that for you.
A job scheduling tool like Automate Schedule lets you create electronic reports, including repots for job setup, job history, SNMP trap monitors, and more. Depending on your business needs and the ways in which you want to monitor data and output changes over time, you can customize how long you keep each report on the server. Ultimately, building the necessary documentation manually is a huge burden on your time. Automating your reporting will not only save you time, but it will allow you to build detailed and useful reports about your production job streams and your data.
Automation ensures both consistency and integrity: the jobs that are scheduled to initiate and deliver reports can be scheduled to run at the time that’s best for your business. Automation also ensures that jobs complete successfully. With automatic notification, if a job were to fail, you’d be notified immediately, and you’d be able to intervene to make sure the job finishes as it’s supposed to and the correct data is delivered and reported on. This exception reporting allows you to take action only when necessary.
Why You Need an Audit History Trail
“Automate Schedule's audit log is crucial to us because one of our SOX controls is to validate that we keep schedule logs for a certain period of time. An audit log is critical for a scheduler.”
The benefit of automating your reporting doesn’t stop there. Job scheduling tools that include auditing capabilities—like Automate Schedule—automatically track and monitor any changes made to your production job schedule. Providing your auditors with archived logs of your production job stream helps them understand how your data was handled, when and where it was accessed, what deliverables were created, and how it moved through the enterprise. Audit history reports are essential for meeting regulatory requirements.
Service Corporation International, a large Texas-based company, has a vast amount of file transfers at the core of their business. Frank McCreery, the Director of Production Operations at SCI, notes that “Automate Schedule's audit log is crucial to us because one of our SOX controls is to validate that we keep schedule logs for a certain period of time. An audit log is critical for a scheduler.” Not only does Automate Schedule help SCI improve, automate, and secure managed file transfer, but the auditing capabilities are crucial to their meeting compliance. In this way, it is clear that detailed and automatic reporting is hugely beneficial as companies work to meet compliance regulations.
Creating Role-Based Security Options
Another important safeguard for your data and your production job streams is delineating the access to and function of users within the job schedule. As Robin notes in the webinar, controlling access to the production environment is absolutely essential to meeting the sixth requirement of PCI-DSS: developing and maintaining secure systems and applications. Ensuring the integrity of your database means that you’re protecting any credit card data, which should only be viewed by those with business requirements. Role-based security options allow you to make those distinctions.
Role-based security options in Automate Schedule—which include limitless combinations for administrator, operator, and user—put you in control of who is accessing the schedule and how they can affect the job stream, thereby giving you more visibility into the safety of your workflows. More basic job schedulers like cron or Windows Task Scheduler do not provide you with the same level of granularity and visibility into your job schedule. In fact, because individual users can often schedule tasks locally from these native schedulers, your understanding of who is affecting the overall job schedule is even more limited.
Change control is also a large part of the sixth requirement of PCI-DSS. Automating the move of jobs from a test environment to your production environment is another area where the risk of human error can be eliminated. You should replicate your database on a high availability server to ensure smooth operations in case of a systems failure. This, of course, protects your history, which will be maintained if and when you do some type of failover.
Toward PCI Compliance
The road to PCI compliance—and to a world with no credit card data breaches—is a tough one. Leveraging the tools available in an enterprise job scheduler will alleviate some of the burden of documentation, reporting, and security so that you can rest a little bit easier knowing that your job scheduler is on your side. Here are some additional resources as you explore the ways in which enterprise job schedulers relate to PCI compliance: