Complying with Governmental & Industry Regulations

Most organizations must comply with one or more governmental or industry regulations. These initiatives are broad in scope, and there is no 'silver bullet' that can make an organization compliant with any one of the regulations, let alone all of them.

Fortunately, when it comes to securing sensitive data there are many common requirements among the different regulations.  This is where Protegrity's Data Security Management solutions shine.  We help comply with Payment Card Industry (PCI) Data Security Standards, HIPAA, GLBA, CA-SB1386, CA-AB1950, Sarbanes Oxley and others.

Some of the common requirements are:

• Protect sensitive data through encryption focused on the sensitive cardholder data, residing at the database level.  As PCI states, encryption is the "ultimate protection".  Our patented solutions deliver the strongest level of protection while maximizing performance.
• Strong key management is an essential component of data encryption. Data security solutions are only as good as the protection and management of these keys. Security depends on two factors: where and how the keys are stored and how access to the keys is controlled.  Our solutions centralize all key management tasks on a single platform and effectively automate administrative key management tasks, providing both operational efficiency and reduced management costs. We also include an automated and secure mechanism for key rotation, replication, and backup.
• Segregating duties between database and security administrators.  Our solutions facilitate this independent responsibility by having the definition and management of security policy separated from the database functions.   Regulations stipulate that a data security system must provide "reasonable protection from threats." Having the ability to log and review the activities of both the Security Administrator and the Database Administrator provides a checks-and-balances approach that protects from all reasonable threats.
• Reporting and monitoring security policy and access to sensitive data through detailed audit trails. Our solutions provide a full audit of activity for sensitive data in accordance with an organization's security policy definition. The audit log tracks who accessed the data, what action was performed, in what database, and when it occurred.  It also logs all attempted access of the data by unauthorized users.  As added protection, we limit access to the encrypted audit log to only designated security administrator.
• Controlling access to sensitive data. Protegrity's solutions define users' access rights and assigns unique access IDs and access privileges based on the organization's security policies.  Access rights can be defined on an individual basis, or more efficiently, through role assignment, and rights can be limited to a specific period of time.  For example, temporary workers or contractors can be authorized access only for specific days and times during the work week or up to a specified date.  We will immediately terminate or block a user's access and privileges should an employee leave or should a suspected breach occur.
• Defining and maintaining a clear and robust security policy. Protegrity's solutions encompass all aspects of security policy management.  After assessment of data risk and vulnerabilities, you can define and automatically apply security policies to all appropriate databases across the enterprise.  Centralized management ensures consistency across the organization and provides complete insight into the effectiveness of your security policy.

It is important to remember these Regulatory Security Standards are considered to be the minimum level of security required to protect sensitive data within an organization.  To safeguard from brand damage and liability you should consider Best Practices when defining security policy.

For more information on how Protegrity can help your organization comply, please contact us.