Critical for the January deadline to implement PCI DSS 3.0 Data-at-rest Security/Audit Controls
Vormetric, a leader in enterprise data security for physical, public, private and hybrid cloud environments, today announced that leading PCI-qualified security assessor and independent IT audit firm Coalfire has released guidance for using Vormetric Transparent Encryption to satisfy Payment Card Industry Data Security Standard (PCI DSS) 3.0 requirements in sections 3, 7, 8, 9, 10 & 11 within VMware environments.
When processing credit card data, a critical problem for enterprises wanting to take advantage of the scalability and cost-effectiveness of both traditional VMware virtual environments as well as VMware-based public, private and hybrid clouds, is meeting PCI DSS security standards. With the deadline for the new PCI DSS 3.0 standard rapidly approaching, this timely control mapping and guidance enables customers to easily understand and implement specific protections for data-at-rest required by the standard, while meeting even the most stringent audit requirements.
“The deadline for retirement of PCI DSS 2.0 and mandatory validation under PCI DSS 3.0 is rapidly approaching – January 1, 2015. For customers struggling to meet the PCI requirements and enhanced guidance under PCI DSS 3.0 within VMWare environments, particularly in shared or mixed-mode environments, this is critical guidance for data-at-rest security controls in the areas of encryption, key management, logging and access control directly focused on the Vormetric Transparent Encryption solution,” said Noah Weisberger, Coalfire’s Cloud and Virtualisation Practice Leader. ”Completing any security or compliance audit can be challenging and PCI compliance audits can be especially difficult for most organisations. The combination of the upcoming cut-over to PCI DSS 3.0, the enhanced guidance and rigor required under the new standard, and the many recent data breaches encountered by retailers and other card processors makes this an extraordinarily important task this year.”
Achieving PCI compliance is far from a simple task. The PCI DSS standard provides baseline defence-in-depth structure for developing a robust account data security process – including preventing, detecting and reacting to security incidents. Merchants and service providers are required to validate compliance by assessing their environment against 415 specific test controls. In addition to potentially serious brand reputation issues, failure to meet PCI requirements may lead to fines, penalties, and/or the inability to process credit cards.
“Earlier this year, Vormetric was selected as the Best Security/Compliance solution for Virtual Environments at VMworld. This additional announcement of solution guidance for PCI DSS 3.0 within VMware environments underscores Vormetric’s continued leadership in protecting data-at-rest for our customers using VMware,” said Sol Cates, Vormetric’s CSO. “Those same customers continue to express a strong desire to deploy their production applications into VMware-based public, private and hybrid clouds as well as more traditional VMware virtualisation environments. This well timed PCI DSS 3.0 solution mapping and guidance provides important peace of mind for these customers, they can be confident that their sensitive data is protected in line with the standard.”
Access the complete Coalfire white paper with detailed PCI DSS 3.0 solution guidance for the Vormetric Transparent Encryption within VMware environments online.