Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82
This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.
Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
Maintaining Trust & Control of your Data in the Cloud
Proven PCI Compliance with Stronger Data Protection
1. Proven PCI Compliance
with Stronger
Data Protection
Prevent loss of sensitive data with highly
secure server encryption and key management.
www.Vormetric.com
2. Data is Everywhere
Public Cloud Virtual & Private
Unstructured Data ( AWS, RackSpace, Smart Cloud ( Vmware, Citrix,
File Systems Cloud, Savvis. Terremark) Hyper-V)
Office documents,
PDF, Vision, Audio…
Remote Business Application
Locations Systems
(SAP, PeopleSoft, Oracle
Security &
& Systems Financials, In-house, CRM, Other Systems
eComm/eBiz, etc.) (Event logs, Error logs
Application Server Cache, Encryption
keys,
& other secrets)
Security Systems
Storage & Backup
Systems
SAN/NAS Backup Systems Data
Communications Structured Database Systems
VoIP Systems (SQL, Oracle, DB2, Informix, MySQL)
FTP/Dropbox Server Database Server
Email Servers
Slide No: 2 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
3. Data Security
Complying With PCI
!
The Payment Card Industry
Data Security Standard
mandates that companies take
appropriate steps to safeguard
sensitive cardholder payment
information.
Slide No: 3
4. PCI DSS 2.0 Security Standards Overview
1 & 2 Build and Maintain a
Secure Network
3 & 4 Protect Cardholder Data
Maintain a Vulnerability
5 & 6
Management Program
7, 8 & 9 Implement Strong Access
Payment Card
Control Measures Industry Data
Security Standard
(PCI DSS)
Regularly Monitor and
10 & 11
Test Networks
12 Maintain an Information
Security Policy
Slide No: 4 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
5. PCI DSS 2.0 Mandates Tighter Controls
i
With the release of PCI 2.0 and the
increased need to prove that a
method exists to find all cardholder
data stores and protect them
appropriately, the encryption of
data will become even more
important
“
to merchants.
2011 Payment Card Industry Report
A study conducted By The Verizon PCI and RISK
Intelligence Teams.
Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
6. Many Companies Remain Non-Compliant
Co 21
m %
pl
ia
n t
! 79%
Non-Compliant
2011 Payment Card Industry Report
A study conducted By The Verizon PCI and RISK
Intelligence Teams.
Slide No: 6 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
7. Vormetric Protects Cardholder Information
Requirement 3 Requirement 7 Requirement 10
Protect stored Restrict access to Track and monitor all
cardholder data cardholder data by access to network
business need to know resources and cardholder
data
Slide No: 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
8. Requirement 3
Protect Stored Data
Without the use of intensive coding or integration efforts, we protect stored
data by encrypting information and controlling access to the resources on which
the data resides – either an application or a system.
Slide No: 8 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
9. Requirement 7
Restrict Access to Cardholder Data According to Need to Know
Vormetric Encryption combines encryption and key management with an access
control-based decryption policy, enabling companies to comply with PCI DSS
Requirement 7 in one transparent, system-agnostic solution.
Slide No: 9 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
10. Requirement 10
Track & Monitor All Access to Network Resources & Cardholder
Data
We enable organizations to comply with PCI DSS Requirement 10 through auditing
and tracking capabilities, as well as the ability to protect both system-generated and
Vormetric-generated audit logs.
Slide No: 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
11. What Customers Are Saying…
Vormetric Data Security is quick and easy to “ i
administer, while having negligible impact on
performance. It’s the perfect solution for
meeting PCI DSS requirements.
Daryl Belfry, Director of IT,
TAB Bank
One of the tipping points for us was i
Vormetric’s management console. It makes
creating encryption profiles -- which contain
unique guard points, security policies, and
“
keys -- a snap. It’s one of the easiest
products to implement I’ve ever used.
Jim Fallon, Security Ops manager,
Airlines Reporting Corporation
Slide No: 11 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
12. History of Supporting PCI Compliance
2006 2008 2012
Slide No: 12 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
13. Vormetric Encryption Architecture
Users
Application
Policy is used to restrict
access to sensitive data by
Database user and process information
provided
Operating System by the Operating System.
FS Agent
SSL/TLS
File Volume
Systems Managers
Slide No: 13 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
15. Proven PCI Compliance
with Stronger Data
Protection
Prevent loss of sensitive data with highly
secure server encryption and key management.
www.vormetric.com/pci82
www.Vormetric.com
Notas del editor
Data exists in different formats, states, and locations, including unstructured file systems, structured database systems, and physical, public, private and virtual cloud environments. A comprehensive data security strategy is needed to protect sensitive data and meet industry compliance requirements including: The Hippa HITECH Act, UK Data Protection Act, South Korea’s and Taiwan’s Personal Information Protection Act, PCI DSS
The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information
PCI DSS 2.0 consists of 12 security standards including: Protecting Cardholder Data Implementing Strong Access Control Measures And Regularly Monitoring and Testing Networks while Maintaining an Information Security Policy
With the release of PCI 2.0 the encryption of data will become even more crucial for merchants
However, even with these stringent requirements in place, only 21% of companies were PCI compliant as of 2011
With Vormetric, you can rest assured knowing that your company will meet these requirements and ensure that your cardholder information is safe. Vormetric not only protects stored cardholder information, but also restricts access to data and tracks and monitors all access to network resources.
PCI DSS Requirement 3 requires that all stored cardholder information is protected with Vormetric, stored data is protected through encryption and access control.
Comply with PCI DSS Requirement 7 by implementing strong access control measures with an access control-based decryption policy.
You now also have the ability to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.
Listen to what our customer’s are saying: It’s the perfect solution for meeting PCI DSS requirements. It’s one of the easiest products to implement I’ve ever used.
Vormetric has had a long history of supporting PCI Compliance, dating back to 2006 and including customers such as Green Dot, MetaBank, and the Aviation Reporting Corporation.
Vormetric Encryption Expert Agents are software agents that insert above the file system logical volume layers. The agents evaluate any attempt to access the protected data and apply predetermined policies to either grant or deny such attempts. This is a proven high-performance solution that transparently integrates into: Linux, UNIX, and Windows operating systems to protect data in physical, virtual, and cloud environments. across all leading applications, databases, operating systems, and storage devices.
Want to learn more? Visit www.vormetric.com/pci82 to download the complying with PCI whitepaper.