Vormetric data security complying with pci dss encryption rules

www.Vormetric.com

Proven PCI Compliance with Stronger

Data ProtectionPrevent loss of sensitive data with highly

secure server encryption and key management.

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2

Data is Everywhere

Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.)Application Server

Remote Locations& Systems

Storage & Backup SystemsSAN/NAS Backup Systems Data

CommunicationsVoIP SystemsFTP/Dropbox ServerEmail Servers

Structured Database Systems(SQL, Oracle, DB2, Informix, MySQL)Database Server

Security & Other Systems(Event logs, Error logsCache, Encryption keys, & other secrets)Security Systems

Unstructured DataFile SystemsOffice documents,PDF, Vision, Audio…

Public Cloud(AWS, RackSpace, Smart Cloud, Savvis. Terremark)

Virtual & Private Cloud (Vmware, Citrix,Hyper-V)

Slide No: 3

!The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information.

Data Security Complying With PCI

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4

PCI DSS 2.0 Security Standards Overview

Payment Card Industry Data

Security Standard (PCI DSS)

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy

1 & 2

3 & 4

5 & 6

7, 8 & 9

10 & 11

12

“

i

PCI DSS 2.0 Mandates Tighter Controls

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 5

With the release of PCI 2.0 With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the the encryption of data will become encryption of data will become even more important even more important to merchants.to merchants.

2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.

Many Companies Remain Non-Compliant

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6

2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.

21%Compliant

! 79%79%Non-Non-

CompliantCompliant

Vormetric Protects Cardholder Information

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7

Requirement 3

Protect stored cardholder data

Requirement 7

Restrict access to cardholder data by

business need to know

Requirement 10

Track and monitor all access to network

resources and cardholder data

Requirement 3

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8

Protect Stored Data

Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system.

Requirement 7

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9

Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution.

Restrict Access to Cardholder Data According to Need to Know

Requirement 10

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10

Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.

What Customers Are Saying…

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11

“iVormetric Data Security is quick and easy to administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements.

Daryl Belfry, Director of IT, TAB Bank

“iOne of the tipping points for us was Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and keys -- a snap. It’s one of the easiest products to implement I’ve ever used.

Jim Fallon, Security Ops manager, Airlines Reporting Corporation

History of Supporting PCI Compliance

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12

2006 2008 2012

Vormetric Encryption Architecture

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13

Policy is used to restrict access to sensitive data by user and process information provided by the Operating System.

SSL/TLS

Users

Application

Database

Operating System

FS Agent

File Systems

VolumeManagers

Slide No: 14

Download Whitepaper

DSS Encryption Rules

www.vormetric.com/pci82

Data Security Complying With PCI

www.Vormetric.com

Proven PCI Compliance with Stronger Data

ProtectionPrevent loss of sensitive data with highly

secure server encryption and key management.

www.vormetric.com/pci82