Protecting data is a crucial component of every company’s cybersecurity strategy. Verizon’s 2021 Data Breach Investigations Report (DBIR) reported 29,207 threat incidents in 2021 and 5,258 confirmed data breaches. Phishing and ransomware proved to be the most successful tactics hackers use to gain access into networks, and regardless of industry, once an infrastructure is breached, highly sensitive data is no longer safe – with the average cost of a data breach in 2021 skyrocketing to $4.24 million.
The DBIR also shows incident and breach patterns that threaten today’s IT systems. Point-of-sale (POS) breaches, cyber espionage, lost and stolen assets, miscellaneous errors, and privilege misuse are all long-standing patterns of data theft that companies face. As businesses have migrated to the online world – with mass adoption of mobile devices, cloud services, and IoT – asset management has become a crucial process in the minds of CIOs to thwart data breach threats.
Bluefin is an industry leader in payment and data security solutions and in 2014, became the first North American provider of a PCI-validated point-to-point encryption (P2PE) solution to immediately encrypt POS payment data upon swipe, dip, tap or key entry in an approved P2PE payment device. As part of the P2PE program, clients and solution providers must adhere to strict chain-of-custody requirements for these devices. That’s why we developed our P2PE Manager®, a 100% online portal for chain of custody, device management and the PCI P2PE attestation. And to provide more convenience, efficiency and asset management, we have now integrated our P2PE Manager with industry leading asset management platform ServiceNow to provide our clients all Manager features right within the ServiceNow interface.
Asset Management and Data Protection as Part of the Cybersecurity Strategy
According to the Cybersecurity and Infrastructure Security Agency (CISA), chain of custody plays an important role in security and risk mitigation for critical infrastructure sectors and their assets.
Chain of custody is a process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.
Examples of assets include equipment, payment devices, infrastructure, and data. Maintaining the chain of custody increases transparency and supports risk mitigation by reducing the opportunity for malicious actors to tamper with the asset (e.g., equipment, data, or evidence). CISA states that “a break in the chain of custody occurring due to a non-validated organization or bad actor gaining custody or access increases the risk that the integrity or reliability of the asset cannot be restored.” Businesses need solutions that provide data protection as well as a secure chain of custody to keep the integrity of data assets and to prevent the risk of data breaches.
Bluefin’s patented P2PE Manager® is a 100% online system that offers organizations that have adopted PCI-validated P2PE an easy-to-use tool to administer their P2PE activities and ensure chain-of-custody compliance, enabling companies to get the full benefits of PCI scope reduction. Clients can monitor the complete lifecycle of each payment device, including:
- Key injection
- Device shipping and tracking for chain-of-custody
- Device Inventory, including location, current state, and attestation management
- Decryption performed by every device
P2PE Manager Integration with ServiceNow
ServiceNow is a digital platform that helps businesses automate workflows to enhance productivity. The ServiceNow integration enables businesses to utilize Bluefin’s P2PE Manager natively from ServiceNow. Key features and benefits include:
- Access daily synchronized partner, client, location, device, attestation, and shipment records directly in ServiceNow to gain visibility and understanding of company data.
- Receive and activate devices included in shipments.
- Update device status to remotely put devices in-service, move them to storage, or RMA devices for repair.
- Create mandatory, annual device attestations to maintain PCI compliance.
- Gain insight into devices with upcoming or post due attestations.
- Update device audit next date to allow for merchant-specific processes with more frequent attestation periods.
- View device chain-of-custody history for any device as tracking evidence; state changes are recorded and journaled to provide a device’s lifecycle evidence for audit purposes.
Bluefin clients who use ServiceNow can get one point of record for all of their assets company-wide, including those that are part of their P2PE program. This avoids having to log into multiple systems in order to get information, while providing enhanced reporting capabilities.
Bluefin clients who use ServiceNow can request to download the P2PE Manager app from the ServiceNow store. Once approved, clients can install and configure the app within their ServiceNow instance. Clients then import data from Bluefin’s P2PE Manager into the P2PE Manager app on ServiceNow. Upon successful completion of the data imports, configuration testing should be done.