Vormetric Data Security: Complying with PCI DSS Encryption Rules

1
Proven PCI Compliance with Stronger Data
Protection

• Prevent loss of sensitive data with highly
• secure server encryption and key management.

2
Data is Everywhere
Public Cloud (AWS, RackSpace, Smart Cloud,
Savvis. Terremark)
Virtual Private Cloud (Vmware,
Citrix, Hyper-V)
Business Application Systems (SAP, PeopleSoft,
Oracle Financials, In-house, CRM, eComm/eBiz,
etc.) Application Server
Remote Locations Systems
Security Other Systems (Event logs, Error
logs Cache, Encryption keys, other
secrets) Security Systems
Storage Backup Systems SAN/NAS Backup Systems
Data Communications VoIP SystemsFTP/Dropbox
ServerEmail Servers
Structured Database Systems (SQL, Oracle, DB2,
Informix, MySQL) Database Server
3
Data Security Complying With PCI
!
The Payment Card Industry Data Security Standard
mandates that companies take appropriate steps to
safeguard sensitive cardholder payment
information.
4
PCI DSS 2.0 Security Standards Overview
Build and Maintain a Secure Network
1 2
Protect Cardholder Data
3 4
Maintain a Vulnerability Management Program
5 6
Payment Card Industry Data Security Standard
(PCI DSS)
Implement Strong Access Control Measures
7, 8 9
Regularly Monitor and Test Networks
10 11
Maintain an Information Security Policy
12
5
PCI DSS 2.0 Mandates Tighter Controls
i
With the release of PCI 2.0 and the increased
need to prove that a method exists to find all
cardholder data stores and protect them
appropriately, the encryption of data will become
even more important to merchants.

2011 Payment Card Industry Report A study
conducted By The Verizon PCI and RISK
Intelligence Teams.
6
Many Companies Remain Non-Compliant
21 Compliant
!
79 Non-Compliant
2011 Payment Card Industry Report A study
conducted By The Verizon PCI and RISK
Intelligence Teams.
7
Vormetric Protects Cardholder Information
Requirement 7 Restrict access to cardholder
data by business need to know
Requirement 10 Track and monitor all access to
network resources and cardholder data
Requirement 3 Protect stored cardholder data
8
Requirement 3
Protect Stored Data

• Without the use of intensive coding or
  integration efforts, we protect stored data by
  encrypting information and controlling access to
  the resources on which the data resides either
  an application or a system.

9
Requirement 7
Restrict Access to Cardholder Data According to
Need to Know

• Vormetric Encryption combines encryption and key
  management with an access control-based
  decryption policy, enabling companies to comply
  with PCI DSS Requirement 7 in one transparent,
  system-agnostic solution.

10
Requirement 10
Track Monitor All Access to Network Resources
Cardholder Data

• We enable organizations to comply with PCI DSS
  Requirement 10 through auditing and tracking
  capabilities, as well as the ability to protect
  both system-generated and Vormetric-generated
  audit logs.

11
What Customers Are Saying
12
History of Supporting PCI Compliance
2006
2008
2012
13
Vormetric Encryption Architecture
Users
Application
Policy is used to restrict access to sensitive
data by user and process information provided by
the Operating System.
Database
Operating System
FS Agent
SSL/TLS
File Systems
Volume Managers
14
Data Security Complying With PCI
DSS Encryption Rules
www.vormetric.com/pci82
15
Proven PCI Compliance with Stronger Data
Protection

• Prevent loss of sensitive data with highly
• secure server encryption and key management.
• www.vormetric.com/pci82