Data-centric Security for HP NonStop and Enterprise-wide Environments
|
|
- Ophelia Willis
- 8 years ago
- Views:
Transcription
1 Data-centric Security for HP NonStop and Enterprise-wide Environments Ernie Tarbox, Voltage Security 2014 Voltage Security, Inc. All Rights Reserved 1
2 Title Agenda Part 1 this morning Common challenges in handling sensitive data Why breaches happen Data-centric security, technology & uses Common Attacks Neutralized, Payments Processing example Part 2 this afternoon A deployment walk-though HP NonStop, IBM z/os, Open Systems and Data Warehouse Practical Applications and Use Cases Payments, Sensitive Personal Data and Enterprise Data Summary 2014 Voltage Security, Inc. All Rights Reserved 2
3 Title About Voltage Security Leading experts in data-centric security Data Encryption and Tokenization - easy and simple even for complex cases Neutralize breach risks, minimize compliance costs, and mitigate advanced threats Enterprise, cloud systems, healthcare, retail, analytics and payment processors. Enabling industry leaders to secure data without friction Over 1,100 Enterprises around the world >68 Million people s data protected by Voltage Secur Top US and EU Healthcare networks and providers 7 of the 10 top U.S. banks, 6 of 8 Top Processors Trillions of transactions secured by Voltage SecureData Leading new standards and trust in proven data protection For Financial Services, Payments, Retail, Healthcare, Telecoms, and Government. 3
4 Title The State of the Nation Data breach costs 2014 Voltage Security, Inc. All Rights Reserved 4
5 Title The State of the Nation Data breach costs Compliance is important, but not the end-game in neutralizing breach risks Voltage Security, Inc. All Rights Reserved 5
6 Title Attack Trends vs. Protection Strategy Effectiveness Data-centric Security Fields & Objects Any databases, any data, anywhere Data in use, in motion, and at rest Traditional infrastructure level protection: Disk, File Data at rest only Data-centric security protects data over its lifecycle vs. broad threats. Data at rest only solutions only protect from physical threats Graph source: Verizon Data Breach Report
7 Title Example Data at Rest Security Data & Applications POS Malware can steal data in the clear in memory Middleware/Network Databases Data is in the clear in this part of the IT Stack File Systems OS Reads & writes disk Sectors Storage Disk storage encrypted 2014 Voltage Security, Inc. All Rights Reserved 7
8 Data Security Coverage End-to-end Data Protection Title IT Security vs. Data-centric Security Threats to Data Traditional IT Infrastructure Security Data Ecosystem Security Gaps Voltage Datacentric Security Data & Applications Credential Compromise Authentication Management Security Gap Traffic Interceptors SSL/TLS/Firewalls Middleware Security Gap SQL Injection, Malware Database Encryption Databases Security Gap Malware, Insiders SSL/TLS/Firewalls File Systems Security Gap Malware, Insiders Disk encryption Storage
9 Title Without data security live data exposed in gaps So how do we eliminate exploitable security gaps across complex data processes? Name SS# Credit Card # Street Address Customer ID James Potter Farland Avenue G Ryan Johnson Grant Street S Carrie Young Cambridge Court B Brent Warner Middleville Road G Anna Berman Hamilton Drive S Live data at risk in storage, memory and in use Business Applications, Data stores and Processes Custom Applications Production Databases & Files Payment Devices ETL & Data Integration Suites 3 rd Party Applications Teradata & Hadoop Mainframe Applications & Databases Cloud Broker Gateways Cloud & Web Applications 9
10 An introduction to data-centric security
11 Title Five Critical Best Practices for Data-centric Security To be effective, a data-centric security strategy must 1. Be unified across mission critical platforms: HP NonStop, IBM z/os, Teradata, Hadoop, cloud and enterprise systems, Payment devices, applications, and data stores 2. Minimize the exposure of live data to only trusted systems or users 3. Utilize standards-based and proven data protection technology for compliance 4. Enable centralized control of key management, tokenization, encryption, audit, and reporting 5. Enable the business process without friction at global scale. 11
12 Title Voltage Data-Centric Security Technologies Format-Preserving Encryption (FPE) Secure Stateless Tokenization (SST) Page-Integrated Encryption (PIE) First Name: Gunther Last Name: Robertson DOB: SSN: Live Data Protects structured data while maintaining functional and analytic integrity of the data High-octane tokenization performance without database management headaches Extends end-to-end protection to browser, through and beyond the SSL tunnel Minimizes implementation time while maximizing data value Ija&3k24kQotugDF2390^32 0OWioNu2(*872weWaasIUah jw2%quifiwuybw3 Traditional Encryption First Name: Uywjlqo Last Name: Muwruwwbp DOB: SSN: Voltage FPE 12
13 Title Data Protection with FPE and SST Name SS# Credit Card # Street Address Customer ID James Potter Farland Avenue G Ryan Johnson Grant Street S Carrie Young Cambridge Court B Brent Warner Middleville Road G Anna Berman Hamilton Drive S FPE FPE SST FPE FPE Name SS# Credit Card # Street Address Customer ID Kwfdv Cqvzgk Ykzbpoi Clpppn S Veks Iounrfo Cmxto Osfalu B Pdnme Wntob Zejojtbbx Pqkag G Eskfw Gzhqlv Saicbmeayqw Yotv G Jsfk Tbluhm Wbbhalhs Ueyzg B Preserve referential integrity across databases and analytic data sets Preserve Data format, logical relationships in the data to preserve analytic meaning Selective, policy controlled encryption/decryption, tokenization, de-tokenization. Enables Data Protection and Data De-identification from one framework Can be used to generate test data for QA, training, analytics, and live production systems 13
14 Title Data-centric Security Standards & Validation ~30 Patents Encryption, Key Management, Tokenization
15 Title Remember this diagram? Name SS# Credit Card # Street Address Customer ID James Potter Farland Avenue G Ryan Johnson Grant Street S Carrie Young Cambridge Court B Brent Warner Middleville Road G Anna Berman Hamilton Drive S Live data at risk in storage, memory and in use Business Applications, Data stores and Processes Custom Applications Production Databases & Files Payment Devices ETL & Data Integration Suites 3 rd Party Applications Teradata & Hadoop Mainframe Applications & Databases Cloud Broker Gateways Cloud & Web Applications 15
16 Title Neutralizing data attackers get nothing sensitive Name SS# Credit Card ## Street Address Customer ID Kwfdv James Potter Cqvzgk Ykzbpoi Farland Avenue Clpppn G S Veks Ryan Iounrfo Johnson Cmxto Grant Street Osfalu B S Pdnme Carrie Young Wntob Zejojtbbx Cambridge Pqkag Court G B Eskfw Brent Warner Gzhqlv Saicbmeayqw Middleville Road Yotv G G Jsfk Anna Tbluhm Berman Wbbhalhs Hamilton Drive Ueyzg B S Live data at risk in storage, memory and Live data is neutralized in use yet still useful Business Applications, Data stores and Processes Custom Applications Production Databases & Files Payment Devices ETL & Data Integration Suites 3 rd Party Applications Teradata & Hadoop Mainframe Applications & Databases Cloud Broker Gateways Cloud & Web Applications 16
17 Data-centric security a common example payment processing and capture
18 Title Example: Data-centric security for Payments Voltage SecureData Enabled Secure Hardware Card Reading Device Voltage SecureData Enabled Payment Host in Merchant or 3rd Party Datacenter Encrypt Track or EMV Card Data instantly on card read/swipe. Point of Sale (POS) Store Retail IT Secure Payment Host Card Data Decrypted Tokenized PAN returned Issuing Bank & Merchant Bank Network End-to-end Device to Host Secure Transactions POS and Retail IT never see live data Encrypted data in transit, Tokenized data in storage If data in the POS or Retail Store IT is attacked, attack gives nothing of value Use standard ISO type transaction messages Host & Terminal Keys frequently rotated automatically reduces exposure to one device if key compromised Only secure card reader hardware and Secure Payment Host process live data
19 Title Example - Data-centric Security and Card Processing Card Networks PAN: De-Tokenize Decrypt & Tokenize Payment Capture Payment Authorization Settlement Processes Logs, Reports, & Backups Customer Service Application Live Data Encrypted in Secure Reader end-toend to Payment Authorization Host SST Tokenized PAN Data used throughout. No Live Data in internal processes or systems Last 4 Digits already available without change 19
20 Neutralizing Title Data in the POS and Store in Large Retail Top US Retailer Risk concern over payment data Thousands of stores across North America Sophisticated POS and Store infrastructure data flows Mag Stripe, EMV, and non-traditional payments Enterprise-wide data-centric security vision: Neutralize Payment data in POS and Store Neutralize Data in Enterprise systems Neutralize data security for enabling Hadoop Solution Components Voltage SecureData Payments, Web and Enterprise In-house Deployment Mission Critical Platforms, Hadoop, Ingenico Readers Success No live data in retail stores Rapidly deployed US-wide stores to mitigate advanced threats in the POS & simplify PCI 3.0 Compliance While enabling the data-driven business Unified data-centric security platform to meet broad risk needs Hadoop, Enterprise, e-commerce, cloud Voltage Security, Inc. All Rights Reserved 20
21 Title Summary - Reducing Breach Risks & compliance costs Removing cardholder data from high-threat environments is the leading approach to reduce breach risks The technology today makes this simpler than ever before Simple for merchants to implement, and low cost to operate or consume Can be deployed quickly to retail, enterprise, and payment processing ecosystems Provides an effective method to mitigate data breach risk caused by advanced threats and insiders Data-centric solutions have proven ROI with cost and risk reduction, and may significantly reduce PCI scope. Enabling re-investment for growth reducing compliance costs while reducing risk. Proven in the largest data-security deployments in the world 21
22 Title Q&A
Securing Hadoop Data Big Data Everywhere - Atlanta January 27, 2015
Securing Hadoop Data Big Data Everywhere - Atlanta January 27, 2015 2015 Voltage Security, Inc. A History of Excellence Company: Founded in 2002 Out of Stanford University Based in Cupertino, California
More informationData-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security
Title Data-Centric security and HP NonStop-centric ecosystems A breakthrough strategy for neutralizing sensitive data against advanced threats and attacks Andrew Price, XYPRO Technology Corporation Mark
More informationFighting Today s Cybercrime
SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.
More informationWhite Paper. White Paper. Data-Centric Protection: Enabling Business Agility While Protecting Data Assets
White Paper Data-Centric Protection: Enabling Business Agility While Protecting Data Assets Vulnerabilities Abound in Data-Driven Enterprises Corporate, government and other enterprises are under relentless
More informationData-Centric Security vs. Database-Level Security
TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides
More informationThe Security Issue Data Marketing 2013 Conference Presented by:
The Security Issue Data Marketing 2013 Conference Presented by: Phil Sewell, Canadian Regional Director About Voltage Security Mission: Data-centric security to combat advanced security threats inside
More informationEnd-to-end Encryption for E-Commerce Payments using Voltage SecureData Web
Technical Brief using Voltage SecureData Web Introduction Today, merchants accepting card-not-present payments on the web are concerned about three major issues affecting their business with respect to
More informationVoltage Secure Commerce
SOLUTION BRIEF Voltage Secure Commerce PROTECT SENSITIVE DATA FROM BROWSER TO BACK-OFFICE Safely Enable Mobile and E-commerce Channels while Simplifying PCI Compliance If your business runs credit card
More informationHP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015
Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles
More informationPayment Security Solution Processor Edition
WHITE PAPER Payment Security Solution Processor Edition For retail and e-commerce card processing environments Introduction This white paper describes Voltage Payment Security Solution Processor Edition
More informationMainframe Data Protection in an Age of Big Data, Mobile, and Cloud Computing
SOLUTION BRIEF Mainframe Data Protection in an Age of Big Data, Mobile, and Cloud Computing Compelling business value propositions such as improved time-to-insight, customer access, business agility, and
More informationVoltage Secure Stateless Tokenization
WHITE PAPER Voltage Secure Stateless Tokenization DATA PROTECTION AND PCI SCOPE REDUCTION FOR TODAY S BUSINESSES Introduction Cyber criminals have proved adept at thwarting existing IT defenses and exploiting
More informationHP SecureData Payments Solution - Processor Edition
White paper Payments Solution - Processor Edition For retail and e-commerce card processing environments HP Security Voltage White Paper Payments Solution - Processor Edition Table of contents 6 8 Introduction
More informationAchieving PCI DSS 2.0 Compliance with Voltage Security
WHITE PAPER Achieving PCI DSS 2.0 Compliance with Security Introduction The Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 1 dictates that organizations processing and storing credit card
More informationSolving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction
Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction Introduction In today s dynamic business environment, corporation s intangible
More informationBig Data, Meet Enterprise Security
WHITE PAPER Big Data, Meet Enterprise Security Will Data Security and Compliance Issues Put Big Data Developments on Hold? Large organizations worldwide are working to develop and deploy Big Data analytical
More informationData Breaches Gone Mad. Straight Away! Wednesday September 28 th, 2011
Data Breaches Gone Mad Learn how to Secure your Data Warehouse Straight Away! Wednesday September 28 th, 2011 Martin Willcox Director Product & Solutions Marketing Teradata Europe, Middle East & Africa
More informationEnterprise Encryption 101. Phil Smith III Voltage Security, Inc.
Enterprise Encryption 101 Phil Smith III Voltage Security, Inc. Agenda Why we re here Encryption basics: terminology and types What is enterprise encryption? Why encryption is difficult and scary The five
More informationBusiness Case for Voltage SecureMail Mobile Edition
WHITE PAPER Business Case for Voltage SecureMail Mobile Edition Introduction Mobile devices such as smartphones and tablets have become mainstream business productivity tools with email playing a central
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationVoltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review
Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...
More informationMeeting Data Residency and Compliance Challenges in Global Enterprises
WHITE PAPER Meeting Data Residency and Compliance Challenges in Global Enterprises Innovative Security Solutions Enhance Business Agility and Reduce Risk Data Security: A Competitive Advantage In today
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationWhat Data Thieves Don t Want You to Know: The Facts About Encryption and Tokenization
What Data Thieves Don t Want You to Know: The Facts About Encryption and Tokenization 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property
More informationEnterprise Data Protection 101
Enterprise Data Protection 101 Phil Smith III, HP Security Voltage Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Agenda
More informationProtecting Data Into and Throughout the Cloud
White paper Protecting Data Into and Throughout the Cloud HP Security Voltage Table of contents 3 4 5 6 6 8 10 The Cloud Outlook: It Changes Data Security-Forever Why Other Cloud Security Solutions Fall
More informationMeeting Data Residency and Compliance Challenges in Global Enterprises
White paper Meeting Data Residency and Compliance Challenges in Global Enterprises Innovative Security Solutions Enhance Business Agility and Reduce Risk HP Security Voltage Table of contents 3 4 5 6 9
More informationCost Savings Solutions for Year 5 True Ups
Cost Savings Solutions for Year 5 True Ups US Dept. of Energy EA Affigent/CDWG/Microsoft Realizing Cost Savings Now and Moving to a Dynamic Datacenter via your Current EA Enterprise Desktop Solutions to
More informationCoalfire Systems Inc.
Security Review Web with Page-Integrated Encryption (PIE) Technology Prepared for HP Security Voltage by: Coalfire Systems Inc. March 2, 2012 Table of contents 3 Executive Summary 4 Detailed Project Overview
More informationPCI Security Standards Council
PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationAchieving PCI DSS 3.0 Compliance with HP Security Voltage
White paper Achieving CI DSS 3.0 Compliance with H Security Voltage H Security Voltage Table of contents 3 3 4 6 8 10 Introduction Overview H Security Voltage Technologies H Security Voltage and CI DSS
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationPROTECTING ENTERPRISE DATA IN HADOOP
TECHNICAL BRIEF PROTECTING ENTERPRISE DATA IN HADOOP Introduction Big Data is an exciting concept and emerging set of technologies that hold seemingly unlimited promise to enable organizations to gain
More informationA Primer on Payment Security Technologies: Encryption and Tokenization
A Primer on Payment Security Technologies: Encryption and Tokenization Solutions like end-to-end encryption and tokenization can help merchants go beyond the current requirements of PCI, solving for many
More informationHow To Reduce Pci Dss Scope
WHITE PAPER Intel Expressway Tokenization Broker PCI DSS Reducing PCI DSS Scope: The Gateway Approach Challenge: Payment applications that handle credit card numbers pull connected systems into PCI DSS
More informationStreamlining Information Protection Through a Data-centric Security Approach
WHITE PAPER Streamlining Information Protection Through a Data-centric Security Approach Overview The sophistication and persistence of criminal attacks on online systems is growing, along with government
More informationEncryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013
Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of
More informationStrong data protection. Strategic business value. www.thales-esecurity.com
Someone is stalking your sensitive data. Coveting your intellectual property. Waiting for the slightest crack in the window of opportunity to hack it, misuse it, and run. How can you best protect and control
More informationEstablishing a Data-Centric Approach to Encryption
Establishing a Data-Centric Approach to Encryption Marcia Kaufman, COO and Principal Analyst Sponsored by Voltage Security Voltage Security: Many data breaches occur at companies that already have a data
More informationE2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA
E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5
More informationTokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?
FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationPractical Advice for Cloud Data Protection
Practical Advice for Cloud Data Protection Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council Cloud & Virtualization
More informationProtecting Data Into and Throughout the Cloud
WHITE PAPER Protecting Data Into and Throughout the Cloud The Cloud Outlook: It Changes Data Security Forever In the borderless world of Cloud computing, everything changes. You cannot deliver Cloud without
More informationCompliance for the Road Ahead
THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationWhite Paper Solutions For Hospitality
White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationDATA SECURITY, FRAUD PREVENTION AND COMPLIANCE
DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationProtecting Enterprise Data In Hadoop HPE SecureData for Hadoop
Protecting Enterprise Data In Hadoop HPE SecureData for Hadoop Introduction Big Data is an exciting concept and emerging set of technologies that hold seemingly unlimited promise to enable organizations
More informationSecurity. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities
One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes
More informationThe PCI Security Standards Council. Bob Russo June 2011
The PCI Security Standards Council Bob Russo June 2011 What are the threats to card data? How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure?
More informationReducing PCI Compliance Costs and Effort with SafeNet Transparent Tokenization
Reducing PCI Compliance Costs and Effort with SafeNet Transparent Tokenization WHITE PAPER Tokenization is gaining increased adoption in a range of organizations and industries. By effectively taking PCI
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationPCI DSS: An Evolving Standard
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
More information8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More information2015 CENTRI Data Breach Report:
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
More informationPAYWARE MERCHANT MANAGED SERVICE
PAYWARE MERCHANT MANAGED SERVICE PAYware MerchanT Managed Service We focus on payments, so you can drive sales Whether you re selling goods or services, managing your own internal high volume payments
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud - Practical advice for cloud data security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance
More informationFirewall Administration and Management
Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationPCI DSS Scope Misconceptions. Focusing Compliance Efforts Where it Matters Most
PCI DSS Scope Misconceptions Focusing Compliance Efforts Where it Matters Most M. Yousuf Faisal Principal Consultant GRC & PCI Practice Lead PCI-QSA, PCIP, CISSP, CISM, CISA. 26 September 2014 Agenda >
More informationUnderstanding the Value of Tokens
Understanding the Value of Tokens 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. Introduction Credit
More informationINSERT COMPANY LOGO HERE. 2015 North American Big Data Analytics Product Leadership Award
2015 INSERT COMPANY LOGO HERE 2015 North American Big Data Analytics Product Leadership Award Contents Background and Company Performance... 3 Industry Challenges... 3 Product Family Attributes and Business
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationPCI Compliance 3.1. About Us
PCI Compliance 3.1 University of Hawaii About Us Helping organizations comply with mandates, recover from security breaches, and prevent data theft since 2000. Certified to conduct all major PCI compliance
More informationThe State of Security and Compliance for E- Commerce and Retail
The State of Security and Compliance for E- Commerce and Retail Current state of security PCI regulations and compliance Does the data you hold require PCI compliance Security and safeguarding against
More informationPCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
More informationAPT Protection Via Data-Centric Security. Alan Kessler President and CEO Vormetric
APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Protect What Matters APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Data Breach Retrospective
More informationIBM and ACI Worldwide Providing comprehensive, end-to-end electronic payment solutions for retail banking
IBM and ACI Worldwide Providing comprehensive, end-to-end electronic payment solutions for retail banking IBM and ACI offer unparalleled expertise in designing and optimizing payment systems As leading
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationAdvanced Biometric Technology
INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationNCR Secure Pay FAQ Updated June 12, 2014
NCR Secure Pay FAQ Updated June 12, 2014 Contents What is NCR Secure Pay?... 1 What is the value of NCR Secure Pay?... 2 Host-based Settlement... 2 Token Replacement... 2 Point-to-Point Encryption (P2PE)...
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationEMV FAQs for developers
EMV FAQs for developers You accept the Information presented herein as is, without any representation as to its accuracy or completeness. What are the three levels of EMV certification? There are three
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationCONTENTS. PCI DSS Compliance Guide
CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not
More informationSecure Payment Transactions and Consumer Information from Point-of-Sale to the Server
Secure Payment Transactions and Consumer Information from Point-of-Sale to the Server Intel delivers flexible, end-to-end data protection for retail point-of-sale transactions any device, anywhere, anytime.
More informationAccelerate Data Loading for Big Data Analytics Attunity Click-2-Load for HP Vertica
Accelerate Data Loading for Big Data Analytics Attunity Click-2-Load for HP Vertica Menachem Brouk, Regional Director - EMEA Agenda» Attunity update» Solutions for : 1. Big Data Analytics 2. Live Reporting
More informationCLOSING THE GAP IN TOKENIZATION: REMOVING THE LAST VULNERABILITY
CLOSING THE GAP IN TOKENIZATION: REMOVING THE LAST VULNERABILITY www.mercatoradvisorygroup.com 1 May 2013 Table of Contents Introduction 3 Tokenization: A Cost-Effective Way to Reduce Exposure 4 Why Invest
More informationGive Vendors Access to the Data They Need NOT Access to Your Network
Give Vendors Access to the Data They Need NOT Access to Your Network Acumera AirGap Architecture By the year 2020 just five years from now it is estimated that 25 billion devices will be connected to the
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More information