Set of audited reference architectures to help retailers worldwide meet broad compliance challenges while bolstering security efforts
NEW YORK, NY – January 14, 2008
NEW YORK, NY – January 14, 2008 – RSA, The Security Division of EMC (NYSE: EMC), today announced the interoperability of five RSA® PCI Solutions in the CiscoPayment Card Industry (PCI) reference architectures The Cisco PCI Solution for Retail Validated Network Designs help retailers of all sizes effectively address the data security requirements mandated by the PCI Data Security Standard (PCI DSS).
The Cisco Validated Network Designs, which have been validated by external PCI Qualified Security Auditor (QSA) Verizon Business, offer a set of cost-effective, audited solutions that help customers meet many of the most challenging PCI DSS requirements, including authentication, encryption and compliance reporting. RSA is leveraging the Cisco PCI Validated Network Designs to help enable retailers to easily integrate new or existing technology solutions into their in-store, Internet edge and data center environments in a PCI DSS compliant manner.
“The complexity of PCI compliance cannot be untangled by a single product or set of products; the requirements call for a holistic strategy that spans people, process, and technology,” said Jim Melvin, vice president of Marketing and Security Solutions at RSA. “Smart retailers, who take advantage of PCI DSS as an opportunity to establish a foundation of broad data security best practices, will be better prepared to not only achieve and maintain PCI DSS compliance, but to ready their organizations for new data security and compliance requirements that may emerge in the future.”
Delivering one of the industry’s most comprehensive PCI DSS solutions
Cisco PCI Solution for Retail in-store network designs, deployed in Cisco’s technology labs provide clear, in-depth guidance on how retailers may deploy associated RSA and Cisco products in a PCI validated manner. Retailers can consult Design & Implementation Guides for technical instruction on the deployment of particular products to address specific PCI requirements. Furthermore, retailers may review a Report on Compliance from Verizon Business, which provides feedback from a certified PCI QSA regarding the ability of RSA and Cisco products to be deployed in a manner that meets specific PCI DSS requirements.
“The strategic alliance between RSA and Cisco centers on the development of technology to bring data protection into the network to help customers simplify the protection of sensitive information,” said Melvin. “Today with our combined expertise, we are able to offer retailers one of the industry’s most comprehensive sets of audited technologies and services designed to protect credit card data whether it resides in-store, at the Internet Edge or at the data center.”
The RSA technology solutions included in the Validated Network Designs include:
Encryption and key management: RSA® Key Manager and RSA® File Security Manager are designed to enable retailers worldwide to address PCI Requirement 3 by helping to secure data from its creation at the point-of-sale application, through all endpoints – regardless of whether data resides in the network, an application, database, files and folders, or disk/tape storage. In addition, RSA’s enterprise-wide key management solution is engineered to help ensure that data will be both available and properly protected no matter when or where it is needed.
Authentication and authorization: RSA SecurID® two-factor authentication technology and RSA® Access Manager are designed both to help retailers address PCI Requirements 7 and 8 by creating tools to positively establish the identities of users, and to ensure that only authorized users may access cardholder data. RSA’s strong authentication and authorization solutions are designed to deliver out-of-the-box integration with hundreds of products that can be part of a PCI infrastructure, such as VPNs, firewalls, and application servers, enabling retailers to ensure that users accessing cardholder systems are trusted.
Compliance and security information management: RSA enVision® technology is engineered to allow retail businesses to effectively meet PCI DSS Requirement 10 by establishing a centralized point for tracking and monitoring access to cardholder data throughout a PCI environment. RSA’s solution is also built to retain an audit trail history as required by PCI mandates. These solutions also allow for out-of-the-box PCI compliance reports, significantly easing the process of demonstrating compliance to auditors.
RSA Professional Services and Technology Solutions offer strategic, consultative approach to broader compliance
Beyond the RSA technology solutions included in the Cisco PCI Solution for Retail reference architectures,merchants embarking upon PCI compliance initiatives can look to RSA® Professional Services for up-front consulting services that will help them begin with a clear understanding of their current PCI posture so that they can then develop a compliance strategy that best matches their needs.
In order to secure card holder data, as in accordance with the PCI DSS, companies must monitor where the data is stored throughout their enterprise. RSA Professional Services helps enable customers to understand where cardholder data exists across the organization so that it can be secured and managed throughout its lifecycle. To achieve this, RSA Professional Services uses a range of application, network and data discovery, and classification technologies to analyze the location and transaction flow of cardholder data, making securing the data easier.
After discovering cardholder data, retailers must understand any existing PCI compliance gaps in order to identify remediation needs. Through a PCI Readiness Assessment service, RSA Professional Services helps retailers understand their current PCI posture and develop a prioritized remediation roadmap prior to undergoing a formal PCI audit.
In addition to these consulting services, RSA PCI Solutions – including RSA® Data Loss Prevention Suite, RSA® Database Security Manager, RSA® Digital Certificate Solutions, EMC Smarts®, EMC Voyence® and EMC Physical Security Solutions – help retailers address PCI requirements related to data leakage, database encryption, strong authentication, application discovery, network change management and physical security, respectively.
To see demonstrations of RSA PCI Solutions at the National Retail Federation conference, please visit booth #3154. For more information about RSA PCI Solutions, please visit www.rsa.com/pci.
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance and access control, encryption and key management, compliance and security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
RSA, enVision and SecurID are either registered trademarks or trademarks of RSA Security, Inc. in the U.S. and/or other countries. EMC Smarts and Voyence are registered trademarks of EMC Corporation. All other company and product names may be trademarks of their respective owners.
This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) fluctuations in VMware, Inc.’s operating results and risks associated with trading of VMware stock; (vi) competitive factors, including but not limited to pricing pressures and new product introductions; (vii) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (viii) component and product quality and availability; (ix) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (x) insufficient, excess or obsolete inventory; (xi) war or acts of terrorism; (xii) the ability to attract and retain highly qualified employees; (xiii) fluctuating currency exchange rates; and (xiv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent corporation of RSA Security Inc., with the U.S. Securities and Exchange Commission. RSA and EMC disclaim any obligation to update any such forward-looking statements after the date of this release.