Compliance

Policy definition must include the definition of assets, entities and access modes and the relationships between them—in a way that makes sense to both the administrator for setup and management, and lower-level key management components for enforcement. The Compliance Infrastructure makes it easy to apply a policy once and have it implemented—and enforced—across the enterprise.

Get more information on Universal Data Protection Policy

• White Paper: Applying Enterprise Security Policy & Key Management

A critical requirement for many compliance mandates and security best practices is centralized, efficient, and secure management of cryptographic keys and policies, across the key management lifecycle and throughout the enterprise. Some challenges include restricting access to the fewest number of administrators, regular key rotation, separation of duties, and more.

Get more information on Enterprise key management:

• White Paper:Enterprise Guide to Key Management

Securing cryptographic keys provides reliable protection for applications, transactions and information assets. With keys securely stored in hardware, you can ensure both high performance and the highest security available. With robust HSMs, encryption appliances, and key management solutions, organizations can maximize the security of encryption keys and policies, adding a critical line of defense for confidential information. This approach is also the easiest way for organizations to integrate application security in order to achieve regulatory compliance.

Many regulations, including PCI DSS, mandate that sensitive data be adequately protected. Safeguarding regulated data in applications, databases, mainframes, storage systems, laptops, and other areas is a critical requirement for security and compliance. With encryption (and related technologies) employed, even if an organization's initial defenses are subverted, organizations can still guard these critical repositories against theft and manipulation. This will not just meet the demands of regulation, but will also protect your business interests.

• Organizations can leverage encryption solutions that provide granular control over confidential information. Encryption can give security teams an essential means to not only guard against unauthorized access to sensitive records, but to provide the visibility needed to control and track who has accessed or modified sensitive information.
• Database encryption
• Disk and file encryption
• Mainframe encryption
• Protecting cloud instances and volumes
• White paper: Encrypting Critical Data in Databases
• With format-preserving tokenization technology, organizations can convert sensitive records, such as social security numbers or credit card numbers, to an encrypted token in the same format. By preserving the format of information, applications and end user transactions can continue to operate seamlessly, while security teams limit access to sensitive assets.
• Transparent Tokenization White Paper
• Reducing Regulatory Scope with Tokenization Solution Brief
• Q&A: Tokenization for PCI Compliance
• Register now: Encryption vs. Tokenization webinar with Securosis and SafeNet

Making sure only the right people can access private information in today's high risk environments is a critical need if organizations are going to meet their customer and partner expectations. This is also a vital requirement for addressing a range of regulations. Layering access control with both strong, multi-factor authentication solutions and hardware security modules (HSMs) ensures only authorized individuals can access regulated information.

To be effective, the Compliance Infrastructure must deliver capabilities for centrally, comprehensively, and efficiently tracking the activities relating to regulated data. For example, authentication management platforms should enable organizations to centrally manage authentication devices and policies across an enterprise. This management platform must also provide a centralized, efficient way to track and report on authentication-related activities. In addition, encryption appliances should maintain an extensive set of log files that can be used to track administrator and user activities.

Establishing a central point of control and visibility for managing encryption technologies, keys, policies, logging and audits, access controls are critical to the ability to "prove" control of your data. This concept is also essential to enforcing separation of duties. Organizations gain central, efficient enforcement of security controls.

Organizations need to be able to isolate data and associated policies in shared, multi-tenant environments in order move to the cloud without compromising their security posture or compliance status.

Get more information on how to be compliant in the cloud:

• Security Guide: How Cloud Deployment Affects Compliance
• Webcast: Compliance in the Cloud: AWS and SafeNet
• White Paper: A Blueprint for Compliance in the Cloud
• White Paper: Sustaining PCI Compliance in the Cloud