SlideShare una empresa de Scribd logo

Proven PCI Compliance with Stronger Data Protection

Descargar como PPT, PDF
Vormetric Inc
Vormetric Inc

Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82 This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities. Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution. For more information, join: http://www.facebook.com/VormetricInc Follow: https://twitter.com/Vormetric Stay tuned to: http://www.youtube.com/user/VormetricInc

1 de 15
Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management. www.Vormetric.com
Data is Everywhere Public Cloud Virtual & Private Unstructured Data ( AWS, RackSpace, Smart Cloud ( Vmware, Citrix, File Systems Cloud, Savvis. Terremark) Hyper-V) Office documents, PDF, Vision, Audio… Remote Business Application Locations Systems (SAP, PeopleSoft, Oracle Security & & Systems Financials, In-house, CRM, Other Systems eComm/eBiz, etc.) (Event logs, Error logs Application Server Cache, Encryption keys, & other secrets) Security Systems Storage & Backup Systems SAN/NAS Backup Systems Data Communications Structured Database Systems VoIP Systems (SQL, Oracle, DB2, Informix, MySQL) FTP/Dropbox Server Database Server Email Servers Slide No: 2 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Data Security Complying With PCI ! The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information. Slide No: 3
PCI DSS 2.0 Security Standards Overview 1 & 2 Build and Maintain a Secure Network 3 & 4 Protect Cardholder Data Maintain a Vulnerability 5 & 6 Management Program 7, 8 & 9 Implement Strong Access Payment Card Control Measures Industry Data Security Standard (PCI DSS) Regularly Monitor and 10 & 11 Test Networks 12 Maintain an Information Security Policy Slide No: 4 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
PCI DSS 2.0 Mandates Tighter Controls i With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the encryption of data will become even more important “ to merchants. 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams. Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Many Companies Remain Non-Compliant Co 21 m % pl ia n t ! 79% Non-Compliant 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams. Slide No: 6 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Protects Cardholder Information Requirement 3 Requirement 7 Requirement 10 Protect stored Restrict access to Track and monitor all cardholder data cardholder data by access to network business need to know resources and cardholder data Slide No: 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Requirement 3 Protect Stored Data Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system. Slide No: 8 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Requirement 7 Restrict Access to Cardholder Data According to Need to Know Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution. Slide No: 9 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Requirement 10 Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs. Slide No: 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
What Customers Are Saying… Vormetric Data Security is quick and easy to “ i administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements. Daryl Belfry, Director of IT, TAB Bank One of the tipping points for us was i Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and “ keys -- a snap. It’s one of the easiest products to implement I’ve ever used. Jim Fallon, Security Ops manager, Airlines Reporting Corporation Slide No: 11 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
History of Supporting PCI Compliance 2006 2008 2012 Slide No: 12 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Encryption Architecture Users Application Policy is used to restrict access to sensitive data by Database user and process information provided Operating System by the Operating System. FS Agent SSL/TLS File Volume Systems Managers Slide No: 13 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Data Security Complying With PCI DSS Encryption Rules Download Whitepaper www.vormetric.com/pci82 Slide No: 14
Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management. www.vormetric.com/pci82 www.Vormetric.com

Recomendados

Apani PCI-DSS Compliance
Apani PCI-DSS ComplianceApani PCI-DSS Compliance
Apani PCI-DSS ComplianceApani Enterprise Security Software
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Ulf Mattsson
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN FinalZdravko Stoychev, CISM, CRISC
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 

Recomendados

Apani PCI-DSS Compliance
Apani PCI-DSS ComplianceApani PCI-DSS Compliance
Apani PCI-DSS ComplianceApani Enterprise Security Software
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Ulf Mattsson
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN FinalZdravko Stoychev, CISM, CRISC
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditBob Rhubart
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)Network Intelligence India
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009Ulf Mattsson
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Bloombase
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By DesignDocuSign
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
PCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance GuidelinesPCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance GuidelinesAllied Wallet
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 

Más contenido relacionado

La actualidad más candente

Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditBob Rhubart
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009Ulf Mattsson
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Bloombase
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By DesignDocuSign
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 

La actualidad más candente (19)

Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to Audit
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-converted
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and Strategies
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility Enhancements
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattsson
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
 

Destacado

PCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance GuidelinesPCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance GuidelinesAllied Wallet
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudHostway|HOSTING
 

Destacado (7)

PCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance GuidelinesPCI Data Security Standard Compliance Guidelines
PCI Data Security Standard Compliance Guidelines
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
 
CyberArk
CyberArkCyberArk
CyberArk
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the Cloud
 

Similar a Proven PCI Compliance with Stronger Data Protection

Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Ulf Mattsson
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1Khazret Sapenov
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionUlf Mattsson
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
DataPower for PCI
DataPower for PCIDataPower for PCI
DataPower for PCIDanteJara8
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011Ulf Mattsson
 
Retail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingRetail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingKaseya
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 

Similar a Proven PCI Compliance with Stronger Data Protection (20)

Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
DataPower for PCI
DataPower for PCIDataPower for PCI
DataPower for PCI
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
 
Retail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingRetail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance Briefing
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 

Proven PCI Compliance with Stronger Data Protection

  • 1. Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management. www.Vormetric.com
  • 2. Data is Everywhere Public Cloud Virtual & Private Unstructured Data ( AWS, RackSpace, Smart Cloud ( Vmware, Citrix, File Systems Cloud, Savvis. Terremark) Hyper-V) Office documents, PDF, Vision, Audio… Remote Business Application Locations Systems (SAP, PeopleSoft, Oracle Security & & Systems Financials, In-house, CRM, Other Systems eComm/eBiz, etc.) (Event logs, Error logs Application Server Cache, Encryption keys, & other secrets) Security Systems Storage & Backup Systems SAN/NAS Backup Systems Data Communications Structured Database Systems VoIP Systems (SQL, Oracle, DB2, Informix, MySQL) FTP/Dropbox Server Database Server Email Servers Slide No: 2 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 3. Data Security Complying With PCI ! The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information. Slide No: 3
  • 4. PCI DSS 2.0 Security Standards Overview 1 & 2 Build and Maintain a Secure Network 3 & 4 Protect Cardholder Data Maintain a Vulnerability 5 & 6 Management Program 7, 8 & 9 Implement Strong Access Payment Card Control Measures Industry Data Security Standard (PCI DSS) Regularly Monitor and 10 & 11 Test Networks 12 Maintain an Information Security Policy Slide No: 4 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 5. PCI DSS 2.0 Mandates Tighter Controls i With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the encryption of data will become even more important “ to merchants. 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams. Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 6. Many Companies Remain Non-Compliant Co 21 m % pl ia n t ! 79% Non-Compliant 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams. Slide No: 6 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 7. Vormetric Protects Cardholder Information Requirement 3 Requirement 7 Requirement 10 Protect stored Restrict access to Track and monitor all cardholder data cardholder data by access to network business need to know resources and cardholder data Slide No: 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 8. Requirement 3 Protect Stored Data Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system. Slide No: 8 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 9. Requirement 7 Restrict Access to Cardholder Data According to Need to Know Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution. Slide No: 9 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 10. Requirement 10 Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs. Slide No: 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 11. What Customers Are Saying… Vormetric Data Security is quick and easy to “ i administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements. Daryl Belfry, Director of IT, TAB Bank One of the tipping points for us was i Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and “ keys -- a snap. It’s one of the easiest products to implement I’ve ever used. Jim Fallon, Security Ops manager, Airlines Reporting Corporation Slide No: 11 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 12. History of Supporting PCI Compliance 2006 2008 2012 Slide No: 12 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 13. Vormetric Encryption Architecture Users Application Policy is used to restrict access to sensitive data by Database user and process information provided Operating System by the Operating System. FS Agent SSL/TLS File Volume Systems Managers Slide No: 13 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • 14. Data Security Complying With PCI DSS Encryption Rules Download Whitepaper www.vormetric.com/pci82 Slide No: 14
  • 15. Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management. www.vormetric.com/pci82 www.Vormetric.com

Notas del editor

  1. Data exists in different formats, states, and locations, including unstructured file systems, structured database systems, and physical, public, private and virtual cloud environments. A comprehensive data security strategy is needed to protect sensitive data and meet industry compliance requirements including: The Hippa HITECH Act, UK Data Protection Act, South Korea’s and Taiwan’s Personal Information Protection Act, PCI DSS
  2. The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information
  3. PCI DSS 2.0 consists of 12 security standards including: Protecting Cardholder Data Implementing Strong Access Control Measures And Regularly Monitoring and Testing Networks while Maintaining an Information Security Policy
  4. With the release of PCI 2.0 the encryption of data will become even more crucial for merchants
  5. However, even with these stringent requirements in place, only 21% of companies were PCI compliant as of 2011
  6. With Vormetric, you can rest assured knowing that your company will meet these requirements and ensure that your cardholder information is safe. Vormetric not only protects stored cardholder information, but also restricts access to data and tracks and monitors all access to network resources.
  7. PCI DSS Requirement 3 requires that all stored cardholder information is protected with Vormetric, stored data is protected through encryption and access control.
  8. Comply with PCI DSS Requirement 7 by implementing strong access control measures with an access control-based decryption policy.
  9. You now also have the ability to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.
  10. Listen to what our customer’s are saying: It’s the perfect solution for meeting PCI DSS requirements. It’s one of the easiest products to implement I’ve ever used.
  11. Vormetric has had a long history of supporting PCI Compliance, dating back to 2006 and including customers such as Green Dot, MetaBank, and the Aviation Reporting Corporation.
  12. Vormetric Encryption Expert Agents are software agents that insert above the file system logical volume layers. The agents evaluate any attempt to access the protected data and apply predetermined policies to either grant or deny such attempts. This is a proven high-performance solution that transparently integrates into: Linux, UNIX, and Windows operating systems   to protect data in physical, virtual, and cloud environments. across all leading applications, databases, operating systems, and storage devices.
  13. Want to learn more? Visit www.vormetric.com/pci82 to download the complying with PCI whitepaper.