By Gennifer Biggs, Business Solutions magazine.
This managed services provider (MSP) leveraged customization and security management to turn a PCI solution into an ongoing and lucrative engagement.
A willingness to evolve to meet the needs of existing customers is often the hallmark of successful small IT solution providers. MSP Bravura Networks discovered that reality as its SMB customers started feeling the impact of compliance laws and turned to Bravura for support. Michael Zadeik, VP of sales and marketing for Bravura, explains that SMBs are slowly but surely being forced to adjust their IT strategies to accommodate laws such as payment card industry data security standard (PCI-DSS), the Healthcare Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley Act (SOX). Such was the case when one of Bravura’s existing customers reached out for support to meet PCI regulations.
Paradigm Investment Group, LLC operates quick-service restaurant (QSR) franchises in Florida, Mississippi, Alabama, and Tennessee, as well as a chain of highend steak houses in Arizona and California. After a PCI audit, Paradigm and its franchise partners had concerns about a potential security breach. “When you’re affiliated with a franchise, a breach can harm the entire brand, so security becomes a high-level concern, and there is tremendous pressure to put the right solutions in place,” explains Zadeik. The time was right for a strategic security plan that would tighten Paradigm’s entire network security net as well as meet PCI requirements.
Address Full Range Of Security, Not Just PCI
Securing the Paradigm network at each of its franchises — which included more than 100 sites across the south and southwest — was a complicated task, explains Joe Robbins, the Bravura systems engineer who coordinated the solution. “Paradigm is very advanced technologically,” says Robbins. “They have an IP address for nearly everything, and we watch it all for them.” In fact, that ability to monitor in-store technology — and integrate a full-fledged security solution into that environment — was a tipping point as Paradigm selected its security solution provider. “We do monitoring and alerting for Paradigm, and our competitors just don’t offer that service, which gave us a definite advantage,” explains Robbins.
Bravura recommended two solutions for Paradigm, with the final choice being a SonicWALL deployment that not only met PCI requirements, but also addressed security issues related to guest wireless networks and basic operational security. Bravura deployed a solution that includes the SonicWALL unified threat management product (TZ100W), its firewall product (NSA 3500), and its Global Management System (GMS) software and corresponding virtual management appliance (UMAEM5000). “One of the features we liked was that we could use the GMS to control and monitor the solution from our offices,” says Robbins. Also, SonicWALL’s customization meant more flexibility for the customer. “Rather than wasting energy by locking the entire network down, we can segment aspects of the network using the SonicWALL solution and then lock down only what we needed to for PCI compliance.”
Zadeik says it was Bravura’s willingness to develop custom options for Paradigm that won the contract. “We made sure we understood their challenges so that we could modify the systems to meet their needs.” For example, on a desktop level, Bravura was challenged to meet the user log requirements of PCI. While there were only a handful of desktop PCs in the back offices, that equipment was used for a variety of reasons and by a number of people. Rather than tackle the elusive task of assigning, maintaining, and managing individual user identities, Bravura set up a common login, but used a custom camera system to visually log the identity of PC users. That solution enabled photo logs that reinforced password logins, avoiding the cost and management headache of a large Active Directory database. “The back office PC is used to place orders and check email — all by different people,” says Zadeik. “It would have been hard to restrict access, and with turnover and forgotten passwords, it was too much to manage individual logins. We resolved that issue by thinking creatively.” To further reinforce security, Bravura hardened the operating system so that general users cannot access stored credit card data; they can only run applications found on the desktop.
So far, Bravura has deployed the PCI security solution in more than 100 restaurants owned by Paradigm. The MSP expects to handle another 30 deployments in the next few years.