1 Reply Latest reply on Jul 24, 2018 5:35 PM by Brad Sheridan

    Financial Industry?  Are you PCI Compliant?

    Ed Egan

      PCI = Payment Card Industry  https://www.pcisecuritystandards.org/

       

      Are you a Tableau user working in the financial industry and are required to follow PCI security standards.  If so I'd be very interested to hear from you.

       

      I work for a company that provides a variety of services for credit unions and banks and security, regulation, and privacy are paramount.  On that note, we use Tableau Server to provide analytics for our clients.  Part of our security is a regularly scheduled vulnerability scan that's performed against the tableau server VM.  However on a regular basis Tableau Server fails during these scans.  Our short-term fix is a coordinated forced reboot.  We've been talking to Tableau Support about this issue  and the best response we've received is to restrict the ports we scan. This simply is unacceptable. Vulnerability scans need to be performed against all machines internally and externally and not just a specific port.  Hackers look for any ports open, not just ones that are published by a vendor such as Tableau. 

       

      If you use Tableau Server how do you ensure your machine is not susceptible to vulnerabilities and that your information is secure?  

        • 1. Re: Financial Industry?  Are you PCI Compliant?
          Brad Sheridan

          Hi Ed.  I realize that your post is a little over 6 years old, but figured I'd respond anyway

           

          I'm currently evaluating Tableau's new 'subscription-based' licensing and one of the considerations is whether to move our on-prem (actually running on an EC2 instance in AWS) Tableau Server to have Tableau host it for us.  I was researching the PCI/DSS/HIPA compliance of Tableau's hosting and came across your post.

           

          Wondering if you'd be interested in comparing notes on a brief phone call?

           

          Thanks

          Brad