PCI Encryption

EncryptRIGHT software gives you a better way to achieve PCI compliance for data encryption and key management. In addition to meeting all your PCI data encryption requirements, EncryptRIGHT includes an optional tokenization module that reduces the scope and cost of a PCI audit.

EncryptRIGHT comes bundled with key management, secure audit logs and predefined PCI reporting capabilities. Comprehensive central key management insures that you comply with PCI key management requirements for key generation, distribution, storage, rotation and replacement. It provides everything you need to achieve PCI compliance for data encryption and key management.

EncryptRIGHT comes with standard PCI reports designed to satisfy your Qualified Security Assessor (QSA), and help you pass your PCI audit. EncryptRIGHT includes:

• PCI-compliant data encryption and key management for one price
• Tokenization to reduce the scope and cost of a PCI audit
• Reports and audit trails for assessment and verification processes
• Broad platform support from PC to mainframe
• A simple desktop application, or API for application integration
• Field, file, database and application-level encryption
• Support for many different development environments
• A choice of databases to implement tokenization
• Wizards to help you get running quickly

EncryptRIGHT provides comprehensive audit log reporting that helps make your PCI audit go more smoothly. The challenge is to adopt effective measures to track and monitor all access to network resources and cardholder data.�

EncryptRIGHT generates the documentation and audit materials you need to pass your PCI audit. With EncryptRIGHT, virtually every relevant system event can be monitored, creating a critical detailed audit report trail. You can build an array of detailed audit reports which track everything from access to card records, actions and changes taken by specific users to password and user ID activity, encryption and decryption of specific fields, access to account numbers and changes to key values and key rotations.

From a data encryption standpoint, PCI does not provide much guidance. The basic requirement is to use "strong cryptography," but there are lots of algorithms, dozens of tools, and many ways to deploy each of them. Strong cryptography is often misapplied as the security model is inappropriate for the business use case. The wrong choice leaves data accessible in clear text, resulting in wasted investment and persistent vulnerabilities.

So which encryption method is the best way to achieve PCI compliance? Which options provide security yet keep costs and complexity under control? Data Encryption 101: Pragmatic Guide to PCI-DSS Requirements, is an unbiased, educational white paper intended to help you determine the right encryption strategy for your situation.

The white paper makes a strong case for implementing application level encryption when the business case justifies it. That's one of many ways EncryptRIGHT can help you achieve PCI compliance for encryption and key management. This document presents a requirement-by-requirement evaluation of how EncryptRIGHT meets PCI data encryption and key management requirements.

Find out how we can help you get PCI compliant with EncryptRIGHT, saving time and cutting your costs. Request more information or sign up for a 30-day free trial.

back to overview

For additional practical information about PCI DSS, try the PCI Security Standards Council website.