Solutions by Compliance
PCI DSS Compliance
Protect Payment Card Data and Achieve PCI Compliance
To better protect payment card data and achieve PCI compliance, a layered, granular approach to security must be undertaken. There are four cornerstones to data security that any organization handling cardholder details should look to employ:
Dynamic Access Management
Anyone who is authenticated, whether legitimately or through a malicious attack, should not automatically be able to see and access everything that is within the network. AppGate controls who can access the network based on not only authorization, but also session-specific access based on contextual variables such as user's identity, the type of device being used, whether the device is running security software and so on.
Control Access to Content within Applications
Highly sensitive information should have additional layers of security to better mitigate risk. Controls shouldn’t stop once authorized users are authenticated into the network and applications. Security Sheriff applies content level controls, such as classification and encryption, to ensure that only individuals who need access to payment card data can see and access it. Cryptzone also controls what actions can be taken with the data.
Track and Monitor all Access to Network Resources and Cardholder Data
AppGate and Security Sheriff offer logging mechanisms and the ability to track user activities, critical in preventing, detecting, and minimizing the impact of a data breach. Logging in all environments, including networks and applications, allows thorough tracking, alerting, and analysis if all else fails and information is compromised. Cryptzone provides usage logging offering a strong baseline for evaluating anomalies and determining automated or manual governance needs.
Locate Payment Card Data Systems
Compliance Sheriff automatically detects documents, emails, social media posts and comments that may contain cardholder data and other PII content.
AppGate is a network access security solution that reduces your attack surface by 99% while significantly lowering costs. Based on the Software-Defined Perimeter model, AppGate enforces fine-grained network permissions, automatically tailored to each unique user’s needs.
- Looks at both context and identity to grant access
- Creates a dynamic, encrypted network segment of one from users to managed network resources
- Makes only authorized resources visible on networks, whether cloud, on-premises or hybrid environments
- Automatically adjusts user access based on changes in posture and infrastructure
Compliance Sheriff assures content compliance with standards for privacy, accessibility, social computing, brand integrity, site quality and data and information security. Throughout the development lifecycle, Compliance Sheriff provides control, consistency and visibility of dynamic web content, scripted and contextual on any browser or device and mobile web content.
Security Sheriff automates and enforces data security policies by leveraging dynamic access, deny rules, sharing rules and a secure viewer to help ensure that only authorized users can view, edit and share classified data. Security Sheriff's real-time comparison of file classification and user context provides a granular approach to data security at the item-level to:
- Automatically apply the appropriate level of encryption at the time the file is stored, used or shared
- Automatically restrict access to and encrypt content based on the presence of sensitive data including PII, PHI and other confidentiality factors
- Record all file access history, including RMS actions, user access and sharing events
- Detect potential violations and initiate workflows to remediate and minimize risk
- Utilize granular security to more effectively control access to and the distribution of sensitive data
- Provide audit trails and forensics to track access to sensitive data, ensuring transparency and accountability