EncryptionBy Ericka Chickowski | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Customers are floundering with PCI compliance mandates, but that's where the channel can step in. Savvy solution providers can cut through the complexity to help prioritize projects for customers and make money by focusing on the following seven areas.
While end-to-end encryption is not currently a delineated mandate of PCI, analysts and pundits have deliberated at length as to whether it will be within the next couple of years. At the moment, though, the two major encryption requirements that PCI specifies is that organizations "encrypt transmission of cardholder data across open, public networks" and that Primary Account Numbers (PAN) not be readable anywhere they are stored, by using either hashed indexes, truncation, tokenization or strong cyptography.
Security organizations point to encryption as the most effective security measure among the data-at-rest compensating controls and channel partners who help clients employ encryption techniques are future-proofing their compliance programs as PCI mandates inevitably tighten up and best-equipping them against the breaches that PCI is meant to fight in the first place.