SAN JOSE, Calif., Dec. 16, 2014 /PRNewswire/ -- Vormetric, a leader in enterprise data security for physical, public, private and hybrid cloud environments, today announced that leading PCI-qualified security assessor and independent IT audit firm Coalfire® has released guidance for using Vormetric Transparent Encryption to satisfy Payment Card Industry Data Security Standard (PCI DSS) 3.0 requirements in sections 3, 7, 8, 9, 10 & 11 within VMware environments.
When processing credit card data, a critical problem for enterprises wanting to take advantage of the scalability and cost-effectiveness of both traditional VMware virtual environments as well as VMware-based public, private and hybrid clouds, is meeting PCI DSS security standards. With the deadline for the new PCI DSS 3.0 standard rapidly approaching, this timely control mapping and guidance enables customers to easily understand and implement specific protections for data-at-rest required by the standard, while meeting even the most stringent audit requirements.
"The deadline for retirement of PCI DSS 2.0 and mandatory validation under PCI DSS 3.0 is rapidly approaching – January 1, 2015. For customers struggling to meet the PCI requirements and enhanced guidance under PCI DSS 3.0 within VMWare environments, particularly in shared or mixed-mode environments, this is critical guidance for data-at-rest security controls in the areas of encryption, key management, logging and access control directly focused on the Vormetric Transparent Encryption solution," said Noah Weisberger, Coalfire's Cloud and Virtualization Practice Leader. "Completing any security or compliance audit can be challenging and PCI compliance audits can be especially difficult for most organizations. The combination of the upcoming cut-over to PCI DSS 3.0, the enhanced guidance and rigor required under the new standard, and the many recent data breaches encountered by retailers and other card processors makes this an extraordinarily important task this year."
Achieving PCI compliance is far from a simple task. The PCI DSS standard provides baseline defense-in-depth structure for developing a robust account data security process – including preventing, detecting and reacting to security incidents. Merchants and service providers are required to validate compliance by assessing their environment against 415 specific test controls. In addition to potentially serious brand reputation issues, failure to meet PCI requirements may lead to fines, penalties, and/or the inability to process credit cards.
"Earlier this year, Vormetric was selected as the Best Security/Compliance solution for Virtual Environments at VMworld. This additional announcement of solution guidance for PCI DSS 3.0 within VMware environments underscores Vormetric's continued leadership in protecting data-at-rest for our customers using VMware," said Sol Cates, Vormetric's CSO. "Those same customers continue to express a strong desire to deploy their production applications into VMware-based public, private and hybrid clouds as well as more traditional VMware virtualization environments. This well-timed PCI DSS 3.0 solution mapping and guidance provides important peace of mind for these customers, they can be confident that their sensitive data is protected in line with the standard."
Access the complete Coalfire white paper with detailed PCI DSS 3.0 solution guidance for the Vormetric Transparent Encryption within VMware environments here.
Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world's most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company's scalable Vormetric Data Security Platform protects any file, any database and any application's data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.