Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Vormetric data security complying with pci dss encryption rules


Published on

Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from

This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.

Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join:
Stay tuned to:

  • Be the first to comment

Vormetric data security complying with pci dss encryption rules

  1. 1. Solution Brief Vormetric Data Security for PCI DSSVormetric Data Security Vormetric Key Features and Benefits:for PCI DSS Compliance • Helps address PCI DSSPayment Card Industry Data Security Standards (PCI DSS) mandate that all Requirements 3, 7, and 10organizations that accept, acquire, transmit, process, and/or store cardholder data must through automatic encryptiontake appropriate steps to continuously safeguard all sensitive customer information. of cardholder data on Linux/UNIX/ While PCI DSS has improved the protection of cardholder information, achieving and Windows servers in physical, virtual, maintaining compliance can pose a number of significant challenges to enterprise risk and cloud environmentsmanagers, information security personnel, and IT operations professionals. • Enforcement of role-based andPCI DSS Compliance Challenges user-based decryption and data integrity policies meets PCI DSS Banks, payment processors, and merchants all rely on increasingly complex, requirementsgeographically distributed networks, typically containing both structured andunstructured data. Cardholder information may be stored in a variety of different • High performance block-leveldatabases and versions, as well as in file server files, documents, images, voice encryption ensures optimal support recordings, access logs, and a broad range of other data repositories. for business processesSafeguarding cardholder data in such a wide variety of assets and locations, in • Granular auditing of data accessa manner compliant with PCI DSS, requires diligent administration and close requests facilitates monitoring for cooperation between the enterprise’s IT teams and the many business units that PCI DSS complianceneed access to the data. Finding the right balance between protecting cardholderinformation, avoiding any disruptions to IT infrastructure, and ensuring uninterrupted • Quick implementation helps meet access to the information that flows through and across these networks is vital to the audit deadlinessecurity and ongoing operation of the business.In order to comply with PCI DSS regulations, IT organizations need the abilityto successfully manage access control, encryption, key management, andauditing of cardholder data at rest. However, many organizations still perceive this “With the release of PCIfunctionality as too complicated to operate and costly to implement. 2.0 and the increasedOrganizations touching cardholder information need a comprehensive data need to prove that asecurity solution that: method exists to find• Enables them to achieve and maintain PCI DSS compliance in a cost- effective manner all cardholder data• Requires minimal administrative support• Integrates transparently with existing applications and complex storage infrastructures stores and protect• Consolidates key and policy management across heterogeneous environments them appropriately, the• Provides strong separation of duties for encryption keys without additional encryption of data will hardware or key management infrastructure• Maintains a high level of system performance with no impact to end users become even more important to merchants.”Vormetric Data Security Source: Verizon 2011 Payment CardThe Vormetric Data Security product portfolio provides data protection offerings Industry Compliance Reportto secure and control enterprise data at rest. It enables enterprises to encryptsensitive data in heterogeneous IT environments, control access to that information,and report on who is accessing the protected data.Vormetric Data Security is comprised of two offerings, Vormetric Encryption andVormetric Key Management. Vormetric Encryption combines encryption and keymanagement for Linux, UNIX, and Windows servers. Vormetric Key Managementsupports storage of encryption keys for Vormetric Encryption Expert agents andTransparent Data Encryption (TDE) environments to both Oracle and Microsoft SQLServer 2008/2012.Vormetric Meets Evolving PCI DSS Encryption Requirements Download the Whitepaper:Vormetric Data Security helps enterprises protect sensitive cardholder information, enabling Vormetric Data Security: Complyingthem to achieve and maintain compliance with PCI DSS. It minimizes administrative overhead with PCI DSS Encryption Ruleswithout compromising key business objectives around agility and system performance.Installed and configured in as little as one week, organizations can transparently encryptsensitive customer information across a dispersed, heterogeneous environments, ensuringprotection of both structured and unstructured data.
  2. 2. Solution Brief Vormetric Data Security for PCI DSSVormetric Data Security enables organizations to address Requirements 3, 7, Customer Successes:and 10 of PCI DSS 2.0, as well as all sub-requirements: Vormetric Enables PCI DSS Compliance PCI DSS Compliance Vormetric Data Requirement Challenges Security Solution Fortune 500 Financial Services Provider PCI DSS Requirement 3 Vormetric Encryption mandates that all data addresses PCI DSS Require- • Business Challenge: Safeguard should be rendered “unread- ment 3 without intensive credit and debit cardholder able–anywhere it is stored”, coding or integration efforts. and provides a number of It protects stored data by information on behalf of clients. methods how that might be encrypting information and • Technical Challenge: Protect a achieved. PCI DSS recognizes controlling access to the hetero geneous environment that Requirement 3: the value of strong cryptogra- resources on which the dataProtect Stored Data phy coupled with proper key resides – either an application includes various data repositories management. or a system. Using policy- and virtual desktop infrastructure based encryption, Vormetric (VDI) environment. Encryption ensures that only authorized users and services • Solution: Vormetric Encryption for can encrypt and decrypt the Linux and AIX servers. data with “beyond-industry- standard” AES 128-bit and 256-bit key length. TAB Bank • Business Need: Encryption of data PCI DSS Requirement 7 Vormetric Encryption mandates that only users and combines encryption and key for banking cardholder information resources that must access management with an access • Technology Need: Protect a cardholder data in order to control-based decryption complete their job should policy, enabling companies to mixed environment containing have access to systems con- comply with PCI DSS Require- structured and unstructuredRequirement 7: taining the data. In order to ment 7 in one transparent, information.Restrict Access maximize the benefits realized system-agnostic solution. Itto Cardholder from encryption, organiza- facilitates compliance by lay- • Solution: Vormetric Encryption for tions are advised to identify ering additional access control Windows and Linux servers.Data According to a solution that enables the functionality over that of theBusiness Need to application of security policies native file system. VormetricKnow on the data itself, as opposed access control, in accordance RSIEH LLC (Rausch, Sturm, Israel, to simply on the systems with the PCI DSS, follows the Enerson & Hornik) or applications that access least-privilege model, which the data. Encryption alone denies any activity that has • Business Need: Protect all is insufficient to provide the not been expressly permit- documents containing cardholder granular control required by ted by an authorized user. the PCI DSS. Encryption is Further, by leveraging the information. only as strong as the associ- organization’s existing authen- • Technology Need: Safeguard ated key management and tication system, Vormetric’s access controls. features introduce negligible information used by credit collection administrative overhead. application without application changes. PCI DSS Requirement 10 Vormetric Encryption enables organizations to comply • Solution: Vormetric Encryption for states that all organiza- tions must track access to with PCI DSS Requirement Windows servers. cardholder data, and to all 10 through its own auditing systems and resources that and tracking capabilities, as can access cardholder data. well as its ability to protectRequirement 10:Track and Monitor both system-generated and Vormetric-generated audit “Vormetric Data SecurityAll Access to logs. The rich auditing capability of Vormetric is quick and easy toNetwork Resourcesand Cardholder Data Encryption enables the review administer, while having of the file I/O activity of the tests performed on security negligible impact on systems. Denied and unau- thorized access attempts to performance. It’s the cardholder data are logged, enabling organizations to perfect solution for track and analyze simulated security breaches. meeting PCI DSS requirements.”About Vormetric Daryl Belfry, Director of IT, TAB BankVormetric is the leader in enterprise encryption and key management for physical,virtual and cloud environments. The Vormetric Data Security product line providesa single, manageable and scalable solution to manage any key and encrypt any file, Vormetric, Inc.any database, any application, anywhere it resides— without sacrificing application 2545 N.1st Street, San Jose, CA 95131performance and avoiding key management complexity. For more information, please 888.267.3727call: (888) 267-3732 or visit: 408.433.6000 sales@vormetric.comCopyright © 2012 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Download the WhitepaperInc. in the U.S.A. and certain other countries. All other trademarks or registered trademarks, productnames, and company names or logos cited are the property of their respective owners.