Top Banner
www.Vormetric.com Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management.
15

Vormetric data security complying with pci dss encryption rules

May 08, 2015

Download

Technology

CTOBuddy.com

Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82

This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.

Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Vormetric data security complying with pci dss encryption rules

www.Vormetric.com

Proven PCI Compliance with Stronger

Data ProtectionPrevent loss of sensitive data with highly

secure server encryption and key management.

Page 2: Vormetric data security complying with pci dss encryption rules

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2

Data is Everywhere

Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.)Application Server

Remote Locations& Systems

Storage & Backup SystemsSAN/NAS Backup Systems Data

CommunicationsVoIP SystemsFTP/Dropbox ServerEmail Servers

Structured Database Systems(SQL, Oracle, DB2, Informix, MySQL)Database Server

Security & Other Systems(Event logs, Error logsCache, Encryption keys, & other secrets)Security Systems

Unstructured DataFile SystemsOffice documents,PDF, Vision, Audio…

Public Cloud(AWS, RackSpace, Smart Cloud, Savvis. Terremark)

Virtual & Private Cloud (Vmware, Citrix,Hyper-V)

Page 3: Vormetric data security complying with pci dss encryption rules

Slide No: 3

!The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information.

Data Security Complying With PCI

Page 4: Vormetric data security complying with pci dss encryption rules

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4

PCI DSS 2.0 Security Standards Overview

Payment Card Industry Data

Security Standard (PCI DSS)

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy

1 & 2

3 & 4

5 & 6

7, 8 & 9

10 & 11

12

Page 5: Vormetric data security complying with pci dss encryption rules

i

PCI DSS 2.0 Mandates Tighter Controls

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 5

With the release of PCI 2.0 With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the the encryption of data will become encryption of data will become even more important even more important to merchants.to merchants.

2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.

Page 6: Vormetric data security complying with pci dss encryption rules

Many Companies Remain Non-Compliant

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6

2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.

21%Compliant

! 79%79%Non-Non-

CompliantCompliant

Page 7: Vormetric data security complying with pci dss encryption rules

Vormetric Protects Cardholder Information

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7

Requirement 3

Protect stored cardholder data

Requirement 7

Restrict access to cardholder data by

business need to know

Requirement 10

Track and monitor all access to network

resources and cardholder data

Page 8: Vormetric data security complying with pci dss encryption rules

Requirement 3

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8

Protect Stored Data

Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system.

Page 9: Vormetric data security complying with pci dss encryption rules

Requirement 7

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9

Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution.

Restrict Access to Cardholder Data According to Need to Know

Page 10: Vormetric data security complying with pci dss encryption rules

Requirement 10

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10

Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.

Page 11: Vormetric data security complying with pci dss encryption rules

What Customers Are Saying…

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11

“iVormetric Data Security is quick and easy to administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements.

Daryl Belfry, Director of IT, TAB Bank

“iOne of the tipping points for us was Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and keys -- a snap. It’s one of the easiest products to implement I’ve ever used.

Jim Fallon, Security Ops manager, Airlines Reporting Corporation

Page 12: Vormetric data security complying with pci dss encryption rules

History of Supporting PCI Compliance

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12

2006 2008 2012

Page 13: Vormetric data security complying with pci dss encryption rules

Vormetric Encryption Architecture

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13

Policy is used to restrict access to sensitive data by user and process information provided by the Operating System.

SSL/TLS

Users

Application

Database

Operating System

FS Agent

File Systems

VolumeManagers

Page 14: Vormetric data security complying with pci dss encryption rules

Slide No: 14

Download Whitepaper

DSS Encryption Rules

www.vormetric.com/pci82

Data Security Complying With PCI

Page 15: Vormetric data security complying with pci dss encryption rules

www.Vormetric.com

Proven PCI Compliance with Stronger Data

ProtectionPrevent loss of sensitive data with highly

secure server encryption and key management.

www.vormetric.com/pci82