Ensure PCI Compliance for Unstructured Data

  • Identify all documents containing  cardholder information—including all copies and versions
  • Discover exactly where documents containing cardholder data are stored and take the necessary steps to protect them
  • Get insight into the handling and distribution of documents containing cardholder data to identify and prevent data leaks
  • Manage user permissions to restrict access to cardholder data by business need-to-know
  • Generate a full audit history on every document containing cardholder data
  • Easily define and maintain information security policies for documents containing cardholder data
  • Leverage a single solution across your diverse management and compliance projects

The PCI DSS Compliance Challenge

PCI DSS is a set of twelve regulatory requirements—including security management, encryption, storage procedures and access policies—for safeguarding the personal information of customers who use credit cards.  If your company handles credit card transactions, you must comply with these requirements.
 
Cardholder data is relatively easy to protect when it is stored in databases where it can be easily identified.  But only about 20% of a company’s data exists in this structured form. The other 80% exists as unstructured data that is scattered across the organization.

When cardholder data finds its way into these documents, it can be difficult to identify and protect.  Worse yet, cardholder data in this form can be easily shared, copied and emailed.  It can wind up in new files with different names and formats.  It can be stored anywhere and everywhere.  And it can end up stored in places where access permission policies aren’t always accurately or consistently applied. All of this makes it extremely difficult to ensure that PCI requirements are correctly and consistently applied to cardholder information within unstructured data.

Techniques such as pattern matching tools may be capable of finding credit card numbers within unstructured data—but they are, by themselves, insufficient for protecting all cardholder data that is subject to PCI regulations. To fully comply with PCI requirements, you must be able to fully understand how these documents are used, who has access to them, where they are stored. Only then can you create and apply the policies and business practices needed to effectively protect cardholder information.

So how can you identify all documents that contain confidential cardholder data and see how those documents are being used?  How can you define and automate policies that rigorously protect these documents—wherever they happen to be?  And how can you document this PCI compliance to internal and external auditors?

The Nogacom Solution

Nogacom delivers an effective solution and methodology for assessing and addressing security and PCI compliance risks related to unstructured data—so you can protect cardholder data and your relationships with your customers.

Assess your data.  First, using NogaLogic you can automatically discover all documents containing cardholder data, understand their business use, and analyze the gap between existing business practices and PCI requirements.

Through this process you will:

  • Identify documents containing cardholder information, including all copies and versions —regardless of file formats, file names or storage location
  • See  when, by whom and how documents are being used to better understand your security vulnerabilities and the business processes that created them
  • Map documents to storage resources so you can then create appropriate migration and storage policies

Define your cardholder data protection policies and controls. Once you have this granular visibility and full understanding of how documents containing cardholder data are dispersed and used across your company, you can now use NogaLogic to centrally define policies that mitigate PCI compliance risk.  For example, you can define a policy that automatically restricts access to documents containing cardholder information to a pre-determined set of users.  Or you can define a policy that automatically migrates these documents to a special secure server. Furthermore, through your assessment, you may discover that you need to change current business practices and/or implement additional controls to address the root causes of a PCI compliance problem.

Enforce and monitor.  Once you have defined your cardholder data protection policies, NogaLogic will then automatically implement them. NogaLogic can continue to automatically apply your security policies to any relevant new or updated documents on an ongoing basis.  NogaLogic also provides an audit trail for each piece of data—including date created/changed, author, and storage location—so you can document your compliance with PCI security mandates.

NogaLogic can integrate with PCI DSS software products - including security, access control, and storage management tools - to provide an end-to-end solution for safeguarding cardholder data.

Measure your success.  After your initial assessment and mitigation cycle, you should continuously track access to documents containing cardholder data in order to determine the effectiveness of your policies—and modify any policies or business practices appropriately. You can also use this insight to discover potential misuse of cardholder data and, if necessary, to perform security forensics.

To improve your ability to protect cardholder data and meet PCI compliance requirements, contact Nogacom today >>>

Contact Us

Fields with * are required
Remember my details
 
 
 
 
 
Sign up for email updates
Contact Us
We respect your privacy.