SlideShare uma empresa Scribd logo

Vormetric data security complying with pci dss encryption rules

Vormetric Inc
Vormetric Inc

Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82 This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities. Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution. For more information, join: http://www.facebook.com/VormetricInc Follow: https://twitter.com/Vormetric Stay tuned to: http://www.youtube.com/user/VormetricInc

1 de 2
Baixar para ler offline
Solution Brief Vormetric Data Security for PCI DSS Vormetric Data Security Vormetric Key Features and Benefits: for PCI DSS Compliance • Helps address PCI DSS Payment Card Industry Data Security Standards (PCI DSS) mandate that all Requirements 3, 7, and 10 organizations that accept, acquire, transmit, process, and/or store cardholder data must through automatic encryption take appropriate steps to continuously safeguard all sensitive customer information. of cardholder data on Linux/UNIX/ While PCI DSS has improved the protection of cardholder information, achieving and Windows servers in physical, virtual, maintaining compliance can pose a number of significant challenges to enterprise risk and cloud environments managers, information security personnel, and IT operations professionals. • Enforcement of role-based and PCI DSS Compliance Challenges user-based decryption and data integrity policies meets PCI DSS Banks, payment processors, and merchants all rely on increasingly complex, requirements geographically distributed networks, typically containing both structured and unstructured data. Cardholder information may be stored in a variety of different • High performance block-level databases and versions, as well as in file server files, documents, images, voice encryption ensures optimal support recordings, access logs, and a broad range of other data repositories. for business processes Safeguarding cardholder data in such a wide variety of assets and locations, in • Granular auditing of data access a manner compliant with PCI DSS, requires diligent administration and close requests facilitates monitoring for cooperation between the enterprise’s IT teams and the many business units that PCI DSS compliance need access to the data. Finding the right balance between protecting cardholder information, avoiding any disruptions to IT infrastructure, and ensuring uninterrupted • Quick implementation helps meet access to the information that flows through and across these networks is vital to the audit deadlines security and ongoing operation of the business. In order to comply with PCI DSS regulations, IT organizations need the ability to successfully manage access control, encryption, key management, and auditing of cardholder data at rest. However, many organizations still perceive this “With the release of PCI functionality as too complicated to operate and costly to implement. 2.0 and the increased Organizations touching cardholder information need a comprehensive data need to prove that a security solution that: method exists to find • Enables them to achieve and maintain PCI DSS compliance in a cost- effective manner all cardholder data • Requires minimal administrative support • Integrates transparently with existing applications and complex storage infrastructures stores and protect • Consolidates key and policy management across heterogeneous environments them appropriately, the • Provides strong separation of duties for encryption keys without additional encryption of data will hardware or key management infrastructure • Maintains a high level of system performance with no impact to end users become even more important to merchants.” Vormetric Data Security Source: Verizon 2011 Payment Card The Vormetric Data Security product portfolio provides data protection offerings Industry Compliance Report to secure and control enterprise data at rest. It enables enterprises to encrypt sensitive data in heterogeneous IT environments, control access to that information, and report on who is accessing the protected data. Vormetric Data Security is comprised of two offerings, Vormetric Encryption and Vormetric Key Management. Vormetric Encryption combines encryption and key management for Linux, UNIX, and Windows servers. Vormetric Key Management supports storage of encryption keys for Vormetric Encryption Expert agents and Transparent Data Encryption (TDE) environments to both Oracle and Microsoft SQL Server 2008/2012. Vormetric Meets Evolving PCI DSS Encryption Requirements Download the Whitepaper: Vormetric Data Security helps enterprises protect sensitive cardholder information, enabling Vormetric Data Security: Complying them to achieve and maintain compliance with PCI DSS. It minimizes administrative overhead with PCI DSS Encryption Rules without compromising key business objectives around agility and system performance. Installed and configured in as little as one week, organizations can transparently encrypt sensitive customer information across a dispersed, heterogeneous environments, ensuring protection of both structured and unstructured data.
Solution Brief Vormetric Data Security for PCI DSS Vormetric Data Security enables organizations to address Requirements 3, 7, Customer Successes: and 10 of PCI DSS 2.0, as well as all sub-requirements: Vormetric Enables PCI DSS Compliance PCI DSS Compliance Vormetric Data Requirement Challenges Security Solution Fortune 500 Financial Services Provider PCI DSS Requirement 3 Vormetric Encryption mandates that all data addresses PCI DSS Require- • Business Challenge: Safeguard should be rendered “unread- ment 3 without intensive credit and debit cardholder able–anywhere it is stored”, coding or integration efforts. and provides a number of It protects stored data by information on behalf of clients. methods how that might be encrypting information and • Technical Challenge: Protect a achieved. PCI DSS recognizes controlling access to the hetero geneous environment that Requirement 3: the value of strong cryptogra- resources on which the data Protect Stored Data phy coupled with proper key resides – either an application includes various data repositories management. or a system. Using policy- and virtual desktop infrastructure based encryption, Vormetric (VDI) environment. Encryption ensures that only authorized users and services • Solution: Vormetric Encryption for can encrypt and decrypt the Linux and AIX servers. data with “beyond-industry- standard” AES 128-bit and 256-bit key length. TAB Bank • Business Need: Encryption of data PCI DSS Requirement 7 Vormetric Encryption mandates that only users and combines encryption and key for banking cardholder information resources that must access management with an access • Technology Need: Protect a cardholder data in order to control-based decryption complete their job should policy, enabling companies to mixed environment containing have access to systems con- comply with PCI DSS Require- structured and unstructured Requirement 7: taining the data. In order to ment 7 in one transparent, information. Restrict Access maximize the benefits realized system-agnostic solution. It to Cardholder from encryption, organiza- facilitates compliance by lay- • Solution: Vormetric Encryption for tions are advised to identify ering additional access control Windows and Linux servers. Data According to a solution that enables the functionality over that of the Business Need to application of security policies native file system. Vormetric Know on the data itself, as opposed access control, in accordance RSIEH LLC (Rausch, Sturm, Israel, to simply on the systems with the PCI DSS, follows the Enerson & Hornik) or applications that access least-privilege model, which the data. Encryption alone denies any activity that has • Business Need: Protect all is insufficient to provide the not been expressly permit- documents containing cardholder granular control required by ted by an authorized user. the PCI DSS. Encryption is Further, by leveraging the information. only as strong as the associ- organization’s existing authen- • Technology Need: Safeguard ated key management and tication system, Vormetric’s access controls. features introduce negligible information used by credit collection administrative overhead. application without application changes. PCI DSS Requirement 10 Vormetric Encryption enables organizations to comply • Solution: Vormetric Encryption for states that all organiza- tions must track access to with PCI DSS Requirement Windows servers. cardholder data, and to all 10 through its own auditing systems and resources that and tracking capabilities, as can access cardholder data. well as its ability to protect Requirement 10: Track and Monitor both system-generated and Vormetric-generated audit “Vormetric Data Security All Access to logs. The rich auditing capability of Vormetric is quick and easy to Network Resources and Cardholder Data Encryption enables the review administer, while having of the file I/O activity of the tests performed on security negligible impact on systems. Denied and unau- thorized access attempts to performance. It’s the cardholder data are logged, enabling organizations to perfect solution for track and analyze simulated security breaches. meeting PCI DSS requirements.” About Vormetric Daryl Belfry, Director of IT, TAB Bank Vormetric is the leader in enterprise encryption and key management for physical, virtual and cloud environments. The Vormetric Data Security product line provides a single, manageable and scalable solution to manage any key and encrypt any file, Vormetric, Inc. any database, any application, anywhere it resides— without sacrificing application 2545 N.1st Street, San Jose, CA 95131 performance and avoiding key management complexity. For more information, please 888.267.3727 call: (888) 267-3732 or visit: www.vormetric.com. 408.433.6000 sales@vormetric.com Copyright © 2012 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Download the Whitepaper Inc. in the U.S.A. and certain other countries. All other trademarks or registered trademarks, product names, and company names or logos cited are the property of their respective owners.

Recomendados

Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric Inc
 
LODHA ESTRELLA
LODHA ESTRELLALODHA ESTRELLA
LODHA ESTRELLAWallsnroof1
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Recomendados

Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric Inc
 
LODHA ESTRELLA
LODHA ESTRELLALODHA ESTRELLA
LODHA ESTRELLAWallsnroof1
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slidesAlireza Esmikhani
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesProject for Public Spaces & National Center for Biking and Walking
 

Mais conteúdo relacionado

Destaque

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Destaque (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Vormetric data security complying with pci dss encryption rules

  • 1. Solution Brief Vormetric Data Security for PCI DSS Vormetric Data Security Vormetric Key Features and Benefits: for PCI DSS Compliance • Helps address PCI DSS Payment Card Industry Data Security Standards (PCI DSS) mandate that all Requirements 3, 7, and 10 organizations that accept, acquire, transmit, process, and/or store cardholder data must through automatic encryption take appropriate steps to continuously safeguard all sensitive customer information. of cardholder data on Linux/UNIX/ While PCI DSS has improved the protection of cardholder information, achieving and Windows servers in physical, virtual, maintaining compliance can pose a number of significant challenges to enterprise risk and cloud environments managers, information security personnel, and IT operations professionals. • Enforcement of role-based and PCI DSS Compliance Challenges user-based decryption and data integrity policies meets PCI DSS Banks, payment processors, and merchants all rely on increasingly complex, requirements geographically distributed networks, typically containing both structured and unstructured data. Cardholder information may be stored in a variety of different • High performance block-level databases and versions, as well as in file server files, documents, images, voice encryption ensures optimal support recordings, access logs, and a broad range of other data repositories. for business processes Safeguarding cardholder data in such a wide variety of assets and locations, in • Granular auditing of data access a manner compliant with PCI DSS, requires diligent administration and close requests facilitates monitoring for cooperation between the enterprise’s IT teams and the many business units that PCI DSS compliance need access to the data. Finding the right balance between protecting cardholder information, avoiding any disruptions to IT infrastructure, and ensuring uninterrupted • Quick implementation helps meet access to the information that flows through and across these networks is vital to the audit deadlines security and ongoing operation of the business. In order to comply with PCI DSS regulations, IT organizations need the ability to successfully manage access control, encryption, key management, and auditing of cardholder data at rest. However, many organizations still perceive this “With the release of PCI functionality as too complicated to operate and costly to implement. 2.0 and the increased Organizations touching cardholder information need a comprehensive data need to prove that a security solution that: method exists to find • Enables them to achieve and maintain PCI DSS compliance in a cost- effective manner all cardholder data • Requires minimal administrative support • Integrates transparently with existing applications and complex storage infrastructures stores and protect • Consolidates key and policy management across heterogeneous environments them appropriately, the • Provides strong separation of duties for encryption keys without additional encryption of data will hardware or key management infrastructure • Maintains a high level of system performance with no impact to end users become even more important to merchants.” Vormetric Data Security Source: Verizon 2011 Payment Card The Vormetric Data Security product portfolio provides data protection offerings Industry Compliance Report to secure and control enterprise data at rest. It enables enterprises to encrypt sensitive data in heterogeneous IT environments, control access to that information, and report on who is accessing the protected data. Vormetric Data Security is comprised of two offerings, Vormetric Encryption and Vormetric Key Management. Vormetric Encryption combines encryption and key management for Linux, UNIX, and Windows servers. Vormetric Key Management supports storage of encryption keys for Vormetric Encryption Expert agents and Transparent Data Encryption (TDE) environments to both Oracle and Microsoft SQL Server 2008/2012. Vormetric Meets Evolving PCI DSS Encryption Requirements Download the Whitepaper: Vormetric Data Security helps enterprises protect sensitive cardholder information, enabling Vormetric Data Security: Complying them to achieve and maintain compliance with PCI DSS. It minimizes administrative overhead with PCI DSS Encryption Rules without compromising key business objectives around agility and system performance. Installed and configured in as little as one week, organizations can transparently encrypt sensitive customer information across a dispersed, heterogeneous environments, ensuring protection of both structured and unstructured data.
  • 2. Solution Brief Vormetric Data Security for PCI DSS Vormetric Data Security enables organizations to address Requirements 3, 7, Customer Successes: and 10 of PCI DSS 2.0, as well as all sub-requirements: Vormetric Enables PCI DSS Compliance PCI DSS Compliance Vormetric Data Requirement Challenges Security Solution Fortune 500 Financial Services Provider PCI DSS Requirement 3 Vormetric Encryption mandates that all data addresses PCI DSS Require- • Business Challenge: Safeguard should be rendered “unread- ment 3 without intensive credit and debit cardholder able–anywhere it is stored”, coding or integration efforts. and provides a number of It protects stored data by information on behalf of clients. methods how that might be encrypting information and • Technical Challenge: Protect a achieved. PCI DSS recognizes controlling access to the hetero geneous environment that Requirement 3: the value of strong cryptogra- resources on which the data Protect Stored Data phy coupled with proper key resides – either an application includes various data repositories management. or a system. Using policy- and virtual desktop infrastructure based encryption, Vormetric (VDI) environment. Encryption ensures that only authorized users and services • Solution: Vormetric Encryption for can encrypt and decrypt the Linux and AIX servers. data with “beyond-industry- standard” AES 128-bit and 256-bit key length. TAB Bank • Business Need: Encryption of data PCI DSS Requirement 7 Vormetric Encryption mandates that only users and combines encryption and key for banking cardholder information resources that must access management with an access • Technology Need: Protect a cardholder data in order to control-based decryption complete their job should policy, enabling companies to mixed environment containing have access to systems con- comply with PCI DSS Require- structured and unstructured Requirement 7: taining the data. In order to ment 7 in one transparent, information. Restrict Access maximize the benefits realized system-agnostic solution. It to Cardholder from encryption, organiza- facilitates compliance by lay- • Solution: Vormetric Encryption for tions are advised to identify ering additional access control Windows and Linux servers. Data According to a solution that enables the functionality over that of the Business Need to application of security policies native file system. Vormetric Know on the data itself, as opposed access control, in accordance RSIEH LLC (Rausch, Sturm, Israel, to simply on the systems with the PCI DSS, follows the Enerson & Hornik) or applications that access least-privilege model, which the data. Encryption alone denies any activity that has • Business Need: Protect all is insufficient to provide the not been expressly permit- documents containing cardholder granular control required by ted by an authorized user. the PCI DSS. Encryption is Further, by leveraging the information. only as strong as the associ- organization’s existing authen- • Technology Need: Safeguard ated key management and tication system, Vormetric’s access controls. features introduce negligible information used by credit collection administrative overhead. application without application changes. PCI DSS Requirement 10 Vormetric Encryption enables organizations to comply • Solution: Vormetric Encryption for states that all organiza- tions must track access to with PCI DSS Requirement Windows servers. cardholder data, and to all 10 through its own auditing systems and resources that and tracking capabilities, as can access cardholder data. well as its ability to protect Requirement 10: Track and Monitor both system-generated and Vormetric-generated audit “Vormetric Data Security All Access to logs. The rich auditing capability of Vormetric is quick and easy to Network Resources and Cardholder Data Encryption enables the review administer, while having of the file I/O activity of the tests performed on security negligible impact on systems. Denied and unau- thorized access attempts to performance. It’s the cardholder data are logged, enabling organizations to perfect solution for track and analyze simulated security breaches. meeting PCI DSS requirements.” About Vormetric Daryl Belfry, Director of IT, TAB Bank Vormetric is the leader in enterprise encryption and key management for physical, virtual and cloud environments. The Vormetric Data Security product line provides a single, manageable and scalable solution to manage any key and encrypt any file, Vormetric, Inc. any database, any application, anywhere it resides— without sacrificing application 2545 N.1st Street, San Jose, CA 95131 performance and avoiding key management complexity. For more information, please 888.267.3727 call: (888) 267-3732 or visit: www.vormetric.com. 408.433.6000 sales@vormetric.com Copyright © 2012 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Download the Whitepaper Inc. in the U.S.A. and certain other countries. All other trademarks or registered trademarks, product names, and company names or logos cited are the property of their respective owners.