Improving Data Security and PCI Compliance through Key Management Controls

Mar 31, 2010

Download Organizations of all sizes and industries maintain extensive financial, customer and mission-critical business data. When sensitive information is misused or compromised, organizations often pay a heavy price. Recent high-profile security breaches have cost organizations millions in revenue and lost opportunities. These fears, along with new security standards and regulations, have driven IT professionals to deploy encryption more broadly. In this model, the encryption keys used to secure data become the figurative �keys to the kingdom.� The key (not the data itself) becomes the entity that must be safeguarded. Efforts to manage these keys manually, however, represent a significant security risk and become operationally challenging, especially as encryption is deployed across disparate systems and applications. A much broader, systems management approach is required. Such an approach includes automating the creation and management of encryption keys and certificates, configuring the applications that use them and providing comprehensive tools to monitor, control access and report on the status of each component being managed. Venafi invented the industry�s first holistic, enterprise-wide encryption management platform to help organizations simplify the management of encryption keys and certificates across their diverse operating and infrastructure environments. This white paper is broken into sections in an effort to provide information pertinent to different users and their needs, including business, technical and PCI DSS regulation-specific sections. By reading this piece, you will learn how to achieve compliance and better protect data through true enterprise key management, while improving data security, operational efficiency and audit readiness.


Venafi, Inc.