Trustwave, best known for testing and fixing payment-network vulnerabilities, believes the time is right to also offer a physical security-evaluation service.
The Chicago-based company says its physical-security testing service, announced Oct. 5, will assess a client’s work environment to determine where problems, such as inadequate access controls, may lurk. Other Trustwave services do not cover physical security, a Trustwave spokesperson tells PaymentsSource.
The Payment Card Industry Data Security Standard addresses physical controls, such as restricting access to locations that may hold sensitive data.
“Physical security is often overlooked despite its high risk because companies are often more concerned about internal networks,” the spokesperson says. “While it’s critical to protect the network and the data that resides on that network, it’s just as important to protect physical devices that store that data, like back-up tapes or servers that store data.”
Among the techniques used to assess vulnerabilities, Trustwave will conduct social-engineering tests to evaluate where employees might be manipulated into giving up sensitive information and examine whether they inadvertently are divulging that information via social networking sites.
Clients have asked for this service, and many face multiple compliance standards, such as health-privacy laws, that require physical security testing, the spokesperson says.
“Because physical security is so overlooked, attackers understand that the path of least resistance is walking into a front door and pretending to be something they’re not, which is often what they’ll do,” she says.
Trustwave bases the fees charged for the service on each company’s needs and how many locations it has among other factors.
What do you think about this? Send us your feedback.
