Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82
This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.
Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Vormetric data security complying with pci dss encryption rules
1. Solution Brief
Vormetric Data Security for PCI DSS
Vormetric Data Security Vormetric Key Features
and Benefits:
for PCI DSS Compliance • Helps address PCI DSS
Payment Card Industry Data Security Standards (PCI DSS) mandate that all Requirements 3, 7, and 10
organizations that accept, acquire, transmit, process, and/or store cardholder data must through automatic encryption
take appropriate steps to continuously safeguard all sensitive customer information. of cardholder data on Linux/UNIX/
While PCI DSS has improved the protection of cardholder information, achieving and Windows servers in physical, virtual,
maintaining compliance can pose a number of significant challenges to enterprise risk and cloud environments
managers, information security personnel, and IT operations professionals.
• Enforcement of role-based and
PCI DSS Compliance Challenges user-based decryption and data
integrity policies meets PCI DSS
Banks, payment processors, and merchants all rely on increasingly complex, requirements
geographically distributed networks, typically containing both structured and
unstructured data. Cardholder information may be stored in a variety of different • High performance block-level
databases and versions, as well as in file server files, documents, images, voice encryption ensures optimal support
recordings, access logs, and a broad range of other data repositories. for business processes
Safeguarding cardholder data in such a wide variety of assets and locations, in • Granular auditing of data access
a manner compliant with PCI DSS, requires diligent administration and close requests facilitates monitoring for
cooperation between the enterprise’s IT teams and the many business units that PCI DSS compliance
need access to the data. Finding the right balance between protecting cardholder
information, avoiding any disruptions to IT infrastructure, and ensuring uninterrupted • Quick implementation helps meet
access to the information that flows through and across these networks is vital to the audit deadlines
security and ongoing operation of the business.
In order to comply with PCI DSS regulations, IT organizations need the ability
to successfully manage access control, encryption, key management, and
auditing of cardholder data at rest. However, many organizations still perceive this “With the release of PCI
functionality as too complicated to operate and costly to implement.
2.0 and the increased
Organizations touching cardholder information need a comprehensive data
need to prove that a
security solution that:
method exists to find
• Enables them to achieve and maintain PCI DSS compliance in a cost- effective manner all cardholder data
• Requires minimal administrative support
• Integrates transparently with existing applications and complex storage infrastructures stores and protect
• Consolidates key and policy management across heterogeneous environments them appropriately, the
• Provides strong separation of duties for encryption keys without additional encryption of data will
hardware or key management infrastructure
• Maintains a high level of system performance with no impact to end users become even more
important to merchants.”
Vormetric Data Security
Source: Verizon 2011 Payment Card
The Vormetric Data Security product portfolio provides data protection offerings Industry Compliance Report
to secure and control enterprise data at rest. It enables enterprises to encrypt
sensitive data in heterogeneous IT environments, control access to that information,
and report on who is accessing the protected data.
Vormetric Data Security is comprised of two offerings, Vormetric Encryption and
Vormetric Key Management. Vormetric Encryption combines encryption and key
management for Linux, UNIX, and Windows servers. Vormetric Key Management
supports storage of encryption keys for Vormetric Encryption Expert agents and
Transparent Data Encryption (TDE) environments to both Oracle and Microsoft SQL
Server 2008/2012.
Vormetric Meets Evolving PCI DSS Encryption Requirements
Download the Whitepaper:
Vormetric Data Security helps enterprises protect sensitive cardholder information, enabling Vormetric Data Security: Complying
them to achieve and maintain compliance with PCI DSS. It minimizes administrative overhead with PCI DSS Encryption Rules
without compromising key business objectives around agility and system performance.
Installed and configured in as little as one week, organizations can transparently encrypt
sensitive customer information across a dispersed, heterogeneous environments, ensuring
protection of both structured and unstructured data.