www.Vormetric.com Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management.
May 08, 2015
www.Vormetric.com
Proven PCI Compliance with Stronger
Data ProtectionPrevent loss of sensitive data with highly
secure server encryption and key management.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2
Data is Everywhere
Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.)Application Server
Remote Locations& Systems
Storage & Backup SystemsSAN/NAS Backup Systems Data
CommunicationsVoIP SystemsFTP/Dropbox ServerEmail Servers
Structured Database Systems(SQL, Oracle, DB2, Informix, MySQL)Database Server
Security & Other Systems(Event logs, Error logsCache, Encryption keys, & other secrets)Security Systems
Unstructured DataFile SystemsOffice documents,PDF, Vision, Audio…
Public Cloud(AWS, RackSpace, Smart Cloud, Savvis. Terremark)
Virtual & Private Cloud (Vmware, Citrix,Hyper-V)
Slide No: 3
!The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information.
Data Security Complying With PCI
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4
PCI DSS 2.0 Security Standards Overview
Payment Card Industry Data
Security Standard (PCI DSS)
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
1 & 2
3 & 4
5 & 6
7, 8 & 9
10 & 11
12
“
i
PCI DSS 2.0 Mandates Tighter Controls
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 5
With the release of PCI 2.0 With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the the encryption of data will become encryption of data will become even more important even more important to merchants.to merchants.
2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.
Many Companies Remain Non-Compliant
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6
2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.
21%Compliant
! 79%79%Non-Non-
CompliantCompliant
Vormetric Protects Cardholder Information
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7
Requirement 3
Protect stored cardholder data
Requirement 7
Restrict access to cardholder data by
business need to know
Requirement 10
Track and monitor all access to network
resources and cardholder data
Requirement 3
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8
Protect Stored Data
Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system.
Requirement 7
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9
Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution.
Restrict Access to Cardholder Data According to Need to Know
Requirement 10
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10
Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.
What Customers Are Saying…
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11
“iVormetric Data Security is quick and easy to administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements.
Daryl Belfry, Director of IT, TAB Bank
“iOne of the tipping points for us was Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and keys -- a snap. It’s one of the easiest products to implement I’ve ever used.
Jim Fallon, Security Ops manager, Airlines Reporting Corporation
History of Supporting PCI Compliance
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12
2006 2008 2012
Vormetric Encryption Architecture
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13
Policy is used to restrict access to sensitive data by user and process information provided by the Operating System.
SSL/TLS
Users
Application
Database
Operating System
FS Agent
File Systems
VolumeManagers
Slide No: 14
Download Whitepaper
DSS Encryption Rules
www.vormetric.com/pci82
Data Security Complying With PCI
www.Vormetric.com
Proven PCI Compliance with Stronger Data
ProtectionPrevent loss of sensitive data with highly
secure server encryption and key management.
www.vormetric.com/pci82