Vormetric Data Security- Complying with PCI DSS Encryption Rules

Views:
 
     
 

Presentation Description

Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82 This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities. Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution. For more information, join: http://www.facebook.com/VormetricInc Follow: https://twitter.com/Vormetric Stay tuned to: http://www.youtube.com/user/VormetricInc

Comments

Presentation Transcript

Proven PCI Compliance with Stronger Data Protection:

Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management.

Data is Everywhere:

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2 Data is Everywhere Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm / eBiz , etc.) Application Server Remote Locations & S ystems Storage & Backup Systems SAN/ NAS Backup Systems Data Communications VoIP Systems FTP/ Dropbox Server Email Servers Structured Database Systems (SQL, Oracle, DB2, Informix , MySQL) Database Server Security & Other Systems (Event logs, Error logs Cache, Encryption keys, & other secrets) Security Systems Unstructured Data File Systems Office documents, PDF, Vision, Audio… Public Cloud ( AWS, RackSpace , Smart Cloud, Savvis . Terremark ) Virtual & Private Cloud ( Vmware , Citrix, Hyper-V)

PowerPoint Presentation:

Slide No: 3 ! The Payment Card Industry Data Security Standard mandates that companies take appropriate steps to safeguard sensitive cardholder payment information. Data Security Complying With PCI

PCI DSS 2.0 Security Standards Overview:

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4 PCI DSS 2.0 Security Standards Overview Payment Card Industry Data Security Standard (PCI DSS) Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy 1 & 2 3 & 4 5 & 6 7, 8 & 9 10 & 11 12

PCI DSS 2.0 Mandates Tighter Controls:

“ i PCI DSS 2.0 Mandates Tighter Controls Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 5 With the release of PCI 2.0 and the increased need to prove that a method exists to find all cardholder data stores and protect them appropriately, the encryption of data will become even more important to merchants. 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams.

Many Companies Remain Non-Compliant:

Many Companies Remain Non-Compliant Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6 2011 Payment Card Industry Report A study conducted By The Verizon PCI and RISK Intelligence Teams. 21% Compliant ! 79% Non-Compliant

Vormetric Protects Cardholder Information:

Vormetric Protects Cardholder Information Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7 Requirement 3 Protect stored cardholder data Requirement 7 Restrict access to cardholder data by business need to know Requirement 10 Track and monitor all access to network resources and cardholder data

Requirement 3:

Requirement 3 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8 Protect Stored Data Without the use of intensive coding or integration efforts, we protect stored data by encrypting information and controlling access to the resources on which the data resides – either an application or a system.

Requirement 7:

Requirement 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9 Vormetric Encryption combines encryption and key management with an access control-based decryption policy, enabling companies to comply with PCI DSS Requirement 7 in one transparent, system-agnostic solution. Restrict Access to Cardholder Data According to Need to Know

Requirement 10:

Requirement 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10 Track & Monitor All Access to Network Resources & Cardholder Data We enable organizations to comply with PCI DSS Requirement 10 through auditing and tracking capabilities, as well as the ability to protect both system-generated and Vormetric -generated audit logs.

What Customers Are Saying…:

What Customers Are Saying… Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11 “ i Vormetric Data Security is quick and easy to administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements . Daryl Belfry, Director of IT, TAB Bank “ i One of the tipping points for us was Vormetric’s management console. It makes creating encryption profiles -- which contain unique guard points, security policies, and keys -- a snap. It’s one of the easiest products to implement I’ve ever used. Jim Fallon, Security Ops manager, Airlines Reporting Corporation

History of Supporting PCI Compliance:

History of Supporting PCI Compliance Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12 2006 2008 2012

Vormetric Encryption Architecture:

Vormetric Encryption Architecture Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13 Policy is used to restrict access to sensitive data by user and process information provided by the Operating System. SSL/TLS Users Application Database Operating System FS Agent File Systems Volume Managers

PowerPoint Presentation:

Slide No: 14 Download Whitepaper DSS Encryption Rules www.vormetric.com/pci82 Data Security Complying With PCI

Proven PCI Compliance with Stronger Data Protection:

Proven PCI Compliance with Stronger Data Protection Prevent loss of sensitive data with highly secure server encryption and key management . www.vormetric.com/pci82

authorStream Live Help