RSA Enhances Its PCI Solutions through Collaboration with Cisco
Share:
Set of audited reference architectures to help retailers worldwide meet broad compliance challenges while bolstering security efforts
NEW YORK, Jan. 14 -- RSA, The Security Division of EMC (NYSE:EMC), today announced the interoperability of five RSA® PCI Solutions in the Cisco Payment Card Industry (PCI) reference architectures. The Cisco PCI Solution for Retail Validated Network Designs help retailers of all sizes effectively address the data security requirements mandated by the PCI Data Security Standard (PCI DSS).
The Cisco Validated Network Designs, which have been validated by external PCI Qualified Security Auditor (QSA) Verizon Business, offer a set of cost- effective, audited solutions that help customers meet many of the most challenging PCI DSS requirements, including authentication, encryption and compliance reporting. RSA is leveraging the Cisco PCI Validated Network Designs to help enable retailers to easily integrate new or existing technology solutions into their in-store, Internet edge and data center environments in a PCI DSS compliant manner.
"The complexity of PCI compliance cannot be untangled by a single product or set of products; the requirements call for a holistic strategy that spans people, process, and technology," said Jim Melvin, vice president of Marketing and Security Solutions at RSA. "Smart retailers, who take advantage of PCI DSS as an opportunity to establish a foundation of broad data security best practices, will be better prepared to not only achieve and maintain PCI DSS compliance, but to ready their organizations for new data security and compliance requirements that may emerge in the future."
Delivering one of the industry's most comprehensive PCI DSS solutions
Cisco PCI Solution for Retail in-store network designs, deployed in Cisco's technology labs provide clear, in-depth guidance on how retailers may deploy associated RSA and Cisco products in a PCI validated manner. Retailers can consult Design & Implementation Guides for technical instruction on the deployment of particular products to address specific PCI requirements. Furthermore, retailers may review a Report on Compliance from Verizon Business, which provides feedback from a certified PCI QSA regarding the ability of RSA and Cisco products to be deployed in a manner that meets specific PCI DSS requirements.
"The strategic alliance between RSA and Cisco centers on the development of technology to bring data protection into the network to help customers simplify the protection of sensitive information," said Melvin. "Today with our combined expertise, we are able to offer retailers one of the industry's most comprehensive sets of audited technologies and services designed to protect credit card data whether it resides in-store, at the Internet Edge or at the data center."
The RSA technology solutions included in the Validated Network Designs include:
o Encryption and key management: RSA® Key Manager and RSA® File Security Manager are designed to enable retailers worldwide to address PCI Requirement 3 by helping to secure data from its creation at the point-of-sale application, through all endpoints -regardless of whether data resides in the network, an application, database, files
and folders, or disk/tape storage. In addition, RSA's enterprise-wide key management solution is engineered to help ensure that data will be both available and properly protected no matter when or where it is needed.
o Authentication and authorization: RSA SecurID® two-factor authentication technology and RSA® Access Manager are designed both to help retailers address PCI Requirements 7 and 8 by creating tools to positively establish the identities of users, and to ensure that only authorized users may access cardholder data. RSA's strong authentication and authorization solutions are designed to deliver out-of-the-box integration with hundreds of products that can be part of a PCI infrastructure, such as VPNs, firewalls, and application servers, enabling retailers to ensure that users accessing cardholder systems are trusted.
o Compliance and security information management: RSA enVision® technology is engineered to allow retail businesses to effectively meet PCI DSS Requirement 10 by establishing a centralized point for tracking and monitoring access to cardholder data throughout a PCI environment. RSA's solution is also built to retain an audit trail history as required by PCI mandates. These solutions also allow for out-of-the-box PCI compliance reports, significantly easing the process of demonstrating compliance to auditors.
RSA Professional Services and Technology Solutions offer strategic, consultative approach to broader compliance
Beyond the RSA technology solutions included in the Cisco PCI Solution for Retail reference architectures, merchants embarking upon PCI compliance initiatives can look to RSA® Professional Services for up-front consulting services that will help them begin with a clear understanding of their current PCI posture so that they can then develop a compliance strategy that best matches their needs.
In order to secure card holder data, as in accordance with the PCI DSS, companies must monitor where the data is stored throughout their enterprise. RSA Professional Services helps enable customers to understand where cardholder data exists across the organization so that it can be secured and managed throughout its lifecycle. To achieve this, RSA Professional Services uses a range of application, network and data discovery, and classification technologies to analyze the location and transaction flow of cardholder data, making securing the data easier.
After discovering cardholder data, retailers must understand any existing PCI compliance gaps in order to identify remediation needs. Through a PCI Readiness Assessment service, RSA Professional Services helps retailers understand their current PCI posture and develop a prioritized remediation roadmap prior to undergoing a formal PCI audit.
In addition to these consulting services, RSA PCI Solutions - including RSA® Data Loss Prevention Suite, RSA® Database Security Manager, RSA® Digital Certificate Solutions, EMC Smarts®, EMC Voyence® and EMC Physical Security Solutions - help retailers address PCI requirements related to data leakage, database encryption, strong authentication, application discovery, network change management and physical security, respectively.
To see demonstrations of RSA PCI Solutions at the National Retail Federation conference, please visit booth #3154. For more information about RSA PCI Solutions, please visit http://www.rsa.com/pci.
About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance and access control, encryption and key management, compliance and security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
Source: EMC Corporation
CONTACT: Jessica Hawks, EMC Corporation, +1-781-515-6067, jessica.hawks@rsa.com,
or Sandra Heikkinen, +1-212-905-6043, sandra@outcastpr.com
Web site: http://www.emc.com/
http://www.rsa.com/
