Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82
This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.
Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
2. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 2
Data is Everywhere
Business Application
Systems
(SAP, PeopleSoft, Oracle
Financials, In-house, CRM,
eComm/eBiz, etc.)
Application Server
Remote
Locations
& Systems
Storage & Backup
Systems
SAN/NAS Backup Systems Data
Communications
VoIP Systems
FTP/Dropbox Server
Email Servers
Structured Database Systems
(SQL, Oracle, DB2, Informix, MySQL)
Database Server
Security &
Other Systems
(Event logs, Error logs
Cache, Encryption
keys,
& other secrets)
Security Systems
Unstructured Data
File Systems
Office documents,
PDF, Vision, Audio…
Public Cloud
(AWS, RackSpace, Smart
Cloud, Savvis. Terremark)
Virtual & Private
Cloud (Vmware, Citrix,
Hyper-V)
3. Slide No: 3
!
The Payment Card Industry
Data Security Standard
mandates that companies take
appropriate steps to safeguard
sensitive cardholder payment
information.
Data Security
Complying With PCI
4. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 4
PCI DSS 2.0 Security Standards Overview
Payment Card
Industry Data
Security Standard
(PCI DSS)
Build and Maintain a
Secure Network
Protect Cardholder Data
Maintain a Vulnerability
Management Program
Implement Strong Access
Control Measures
Regularly Monitor and
Test Networks
Maintain an Information
Security Policy
1 & 2
3 & 4
5 & 6
7, 8 & 9
10 & 11
12
5. “
i
PCI DSS 2.0 Mandates Tighter Controls
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 5
With the release of PCI 2.0With the release of PCI 2.0 and the
increased need to prove that a
method exists to find all cardholder
data stores and protect them
appropriately, the encryption ofthe encryption of
data will become even moredata will become even more
importantimportant
to merchants.to merchants.
2011 Payment Card Industry Report
A study conducted By The Verizon PCI and RISK
Intelligence Teams.
6. Many Companies Remain Non-Compliant
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 6
2011 Payment Card Industry Report
A study conducted By The Verizon PCI and RISK
Intelligence Teams.
21%
Com
pliant
! 79%79%
Non-CompliantNon-Compliant
7. Vormetric Protects Cardholder Information
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 7
Requirement 3
Protect stored
cardholder data
Requirement 7
Restrict access to
cardholder data by
business need to know
Requirement 10
Track and monitor all
access to network
resources and cardholder
data
8. Requirement 3
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 8
Protect Stored Data
Without the use of intensive coding or integration efforts, we protect stored
data by encrypting information and controlling access to the resources on which
the data resides – either an application or a system.
9. Requirement 7
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 9
Vormetric Encryption combines encryption and key management with an access
control-based decryption policy, enabling companies to comply with PCI DSS
Requirement 7 in one transparent, system-agnostic solution.
Restrict Access to Cardholder Data According to Need to Know
10. Requirement 10
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 10
Track & Monitor All Access to Network Resources & Cardholder
Data
We enable organizations to comply with PCI DSS Requirement 10 through auditing
and tracking capabilities, as well as the ability to protect both system-generated and
Vormetric-generated audit logs.
11. What Customers Are Saying…
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 11
“iVormetric Data Security is quick and easy to
administer, while having negligible impact on
performance. It’s the perfect solution for
meeting PCI DSS requirements.
Daryl Belfry, Director of IT,
TAB Bank
“iOne of the tipping points for us was
Vormetric’s management console. It makes
creating encryption profiles -- which contain
unique guard points, security policies, and
keys -- a snap. It’s one of the easiest
products to implement I’ve ever used.
Jim Fallon, Security Ops manager,
Airlines Reporting Corporation
12. History of Supporting PCI Compliance
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 12
2006 2008 2012
13. Vormetric Encryption Architecture
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 13
Policy is used to restrict
access to sensitive data by
user and process information
provided
by the Operating System.
SSL/TLS
Users
Application
Database
Operating System
FS Agent
File
Systems
Volume
Managers
14. Slide No: 14
Download Whitepaper
DSS Encryption Rules
www.vormetric.com/pci82
Data Security
Complying With PCI
15. www.Vormetric.com
Proven PCI Compliance
with Stronger Data
Protection
Prevent loss of sensitive data with highly
secure server encryption and key management.
www.vormetric.com/pci82
Notes de l'éditeur
Data exists in different formats, states, and locations, including unstructured file systems, structured database systems, and physical, public, private and virtual cloud environments. A comprehensive data security strategy is needed to protect sensitive data and meet industry compliance requirements including: The Hippa HITECH Act, UK Data Protection Act, South Korea’s and Taiwan’s Personal Information Protection Act, PCI DSS
The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information
PCI DSS 2.0 consists of 12 security standards including: Protecting Cardholder Data Implementing Strong Access Control Measures And Regularly Monitoring and Testing Networks while Maintaining an Information Security Policy
With the release of PCI 2.0 the encryption of data will become even more crucial for merchants
However, even with these stringent requirements in place, only 21% of companies were PCI compliant as of 2011
With Vormetric, you can rest assured knowing that your company will meet these requirements and ensure that your cardholder information is safe. Vormetric not only protects stored cardholder information, but also restricts access to data and tracks and monitors all access to network resources.
PCI DSS Requirement 3 requires that all stored cardholder information is protected with Vormetric, stored data is protected through encryption and access control.
Comply with PCI DSS Requirement 7 by implementing strong access control measures with an access control-based decryption policy.
You now also have the ability to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric-generated audit logs.
Listen to what our customer’s are saying: It’s the perfect solution for meeting PCI DSS requirements. It’s one of the easiest products to implement I’ve ever used.
Vormetric has had a long history of supporting PCI Compliance, dating back to 2006 and including customers such as Green Dot, MetaBank, and the Aviation Reporting Corporation.
Vormetric Encryption Expert Agents are software agents that insert above the file system logical volume layers. The agents evaluate any attempt to access the protected data and apply predetermined policies to either grant or deny such attempts. This is a proven high-performance solution that transparently integrates into: Linux, UNIX, and Windows operating systems to protect data in physical, virtual, and cloud environments. across all leading applications, databases, operating systems, and storage devices.
Want to learn more? Visit www.vormetric.com/pci82 to download the complying with PCI whitepaper.