Title: Vormetric Data Security: Complying with PCI DSS Encryption Rules
1Proven PCI Compliance with Stronger Data
Protection
- Prevent loss of sensitive data with highly
- secure server encryption and key management.
2Data is Everywhere
Public Cloud (AWS, RackSpace, Smart Cloud,
Savvis. Terremark)
Virtual Private Cloud (Vmware,
Citrix, Hyper-V)
Business Application Systems (SAP, PeopleSoft,
Oracle Financials, In-house, CRM, eComm/eBiz,
etc.) Application Server
Remote Locations Systems
Security Other Systems (Event logs, Error
logs Cache, Encryption keys, other
secrets) Security Systems
Storage Backup Systems SAN/NAS Backup Systems
Data Communications VoIP SystemsFTP/Dropbox
ServerEmail Servers
Structured Database Systems (SQL, Oracle, DB2,
Informix, MySQL) Database Server
3Data Security Complying With PCI
!
The Payment Card Industry Data Security Standard
mandates that companies take appropriate steps to
safeguard sensitive cardholder payment
information.
4PCI DSS 2.0 Security Standards Overview
Build and Maintain a Secure Network
1 2
Protect Cardholder Data
3 4
Maintain a Vulnerability Management Program
5 6
Payment Card Industry Data Security Standard
(PCI DSS)
Implement Strong Access Control Measures
7, 8 9
Regularly Monitor and Test Networks
10 11
Maintain an Information Security Policy
12
5PCI DSS 2.0 Mandates Tighter Controls
i
With the release of PCI 2.0 and the increased
need to prove that a method exists to find all
cardholder data stores and protect them
appropriately, the encryption of data will become
even more important to merchants.
2011 Payment Card Industry Report A study
conducted By The Verizon PCI and RISK
Intelligence Teams.
6Many Companies Remain Non-Compliant
21 Compliant
!
79 Non-Compliant
2011 Payment Card Industry Report A study
conducted By The Verizon PCI and RISK
Intelligence Teams.
7Vormetric Protects Cardholder Information
Requirement 7 Restrict access to cardholder
data by business need to know
Requirement 10 Track and monitor all access to
network resources and cardholder data
Requirement 3 Protect stored cardholder data
8Requirement 3
Protect Stored Data
- Without the use of intensive coding or
integration efforts, we protect stored data by
encrypting information and controlling access to
the resources on which the data resides either
an application or a system.
9Requirement 7
Restrict Access to Cardholder Data According to
Need to Know
- Vormetric Encryption combines encryption and key
management with an access control-based
decryption policy, enabling companies to comply
with PCI DSS Requirement 7 in one transparent,
system-agnostic solution.
10Requirement 10
Track Monitor All Access to Network Resources
Cardholder Data
- We enable organizations to comply with PCI DSS
Requirement 10 through auditing and tracking
capabilities, as well as the ability to protect
both system-generated and Vormetric-generated
audit logs.
11What Customers Are Saying
12History of Supporting PCI Compliance
2006
2008
2012
13Vormetric Encryption Architecture
Users
Application
Policy is used to restrict access to sensitive
data by user and process information provided by
the Operating System.
Database
Operating System
FS Agent
SSL/TLS
File Systems
Volume Managers
14Data Security Complying With PCI
DSS Encryption Rules
www.vormetric.com/pci82
15Proven PCI Compliance with Stronger Data
Protection
- Prevent loss of sensitive data with highly
- secure server encryption and key management.
- www.vormetric.com/pci82