By Ericka Chickowski  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Customers are floundering with PCI compliance mandates, but that's where the channel can step in. Savvy solution providers can cut through the complexity to help prioritize projects for customers and make money by focusing on the following seven areas.


While end-to-end encryption is not currently a delineated mandate of PCI, analysts and pundits have deliberated at length as to whether it will be within the next couple of years. At the moment, though, the two major encryption requirements that PCI specifies is that organizations "encrypt transmission of cardholder data across open, public networks" and  that Primary Account Numbers (PAN) not be readable anywhere they are stored, by using either hashed indexes, truncation, tokenization or strong cyptography.

Security organizations point to encryption as the most effective security measure among the data-at-rest compensating controls and channel partners who help clients employ encryption techniques are future-proofing their compliance programs as PCI mandates inevitably tighten up and best-equipping them against the breaches that PCI is meant to fight in the first place.

Many less-mature organizations could stand help from their trusted advisors in regard to encryption. According to Aberdeen, among laggard organizations, just a little over half employ some kind of storage encryption, only 45 percent encrypt backups and archives, just 29 percent employ full-disk encryption and only 46 percent encrypt network communications.


Submit a Comment

Loading Comments...