Welcome!

Blog Feed Post

Porticor Helps Organizations Meet PCI DSS Compliance and Secure Credit Card Information Stored in the Cloud

Porticor’s Cloud Key Management and Data Encryption Solution Protects Cloud-based Cardholder and Financial Information from Holiday Hackers and Threats at Organizations such as Payze

CAMPBELL, Calif. – Dec. 2, 2014 – Porticor®, a leading cloud data security company delivering the only cloud-based key management and data encryption  solution that infuses trust into the cloud and keeps cloud data confidential, today announced growing customer traction due to its innovative solution enabling organizations to secure cloud-based credit card and financial information, helping them meet Payment Card Industry Data Security Standard (PCI DSS) compliance.  Customer privacy is of particular concern for financial organizations during the holiday season due to the increase in threats and hacker activity.

The Porticor Virtual Private Data (VPD) platform is a cloud key management and encryption solution that delivers the industry’s most secure cloud encryption key management by enabling organizations to securely maintain control of their own encryption keys.  Unlike traditional data encryption solutions, which are complicated and expensive to deploy and manage, Porticor’s split-key encryption and homomorphic key management system is offered as the industry’s first cloud data protection service of its kind, delivering true confidentiality of credit card and financial data in cloud, virtual and hybrid environments by ensuring encryption keys are never exposed.

“At Payze we’ve setup a credit card processing system within AWS, and as part of our PCI requirements we needed a separate key management system in order to comply with PCI policies,” said Joel Paulin, Founder and Chairman of Payze.  “We’ve integrated Porticor into our encryption key setup to provide seamless additional encryption on top of our existing encryption infrastructure.  This additional level of encryption, with keys isolated from our normal system, and using Porticor’s permissions and controls enables us to have a more secure key management posture going for PCI compliance.  What differentiates Porticor is the product: It is polished, easy to configure, easy to integrate, more reliable, and has greater security than the other options we had seen.”

The main focus of PCI DSS is protecting cardholder data in systems and applications, including data in storage, transmission, and in use.  These requirements are more critical when data is stored and processed in the cloud, an activity escalated during holiday shopping.  Porticor VPD is a complete solution that combines patented key management with state-of-the-art encryption to enable organizations to effectively comply with PCI DSS in the cloud.  Porticor encrypts the entire data layer, including virtual disks, databases, files, and object storage.  It also addresses the processes necessary for managing encryption environments and encryption keys, and provides the security needed for compliance in a convenient, cost-effective, fully cloud-based solution.

“We were impressed with the ease of setting up the Porticor appliance,” added Paulin.  “Compared to the other options we considered, we were more confident in the security of Porticor’s solution, and we appreciate the turnkey nature of it.  Also, because the Porticor systems provide automation of key management, we didn’t need to worry about a server crashing and losing our keys since the automated system would correctly provision our instances, which was a risk for other systems.  Finally, the use of a master key on the appliance kept by us helped give us assurance that Porticor did not know our keys and we had the benefit of dual control, which helped us meet our dual control needs for PCI compliance.”

The PCI Council defined 12 high-level security requirements.  Six of the requirements define the need for both encryption and key management in the cloud to protect credit card information from both inside and outside threats, and are addressed by Porticor.  Porticor gives organizations the ability to meet these requirements by requiring two keys to encrypt or decrypt an object.  In addition, each key is encrypted – to protect it while it is resident in a cloud account – using patent-pending homomorphic key management technology.  In addition, Porticor helps address some of the general PCI DSS requirements beyond encryption and key management.  For more information on how Porticor addressed PCI DSS compliance, see: http://www.porticor.com/pci-white-paper-download/

“Financial organizations are under threat at all times, but especially during this time of year with the increased consumer buying activity,” said Ariel Dan, Porticor Co-Founder and Executive VP.  “Porticor’s VPD is uniquely built to address PCI DSS compliance requirements, and the PCI DSS requirements validate the need for Porticor’s unique approach of combining patented split-key encryption and homomorphic key management with encryption technologies.  Key management is an ongoing challenge for organizations, and Porticor’s homomorphic key management solves this problem and enables companies to achieve compliance.  With Porticor, organizations are assured that credit card information and confidential data are kept safe from outside and internal threats.”

Integrating with major players such as HP, AWS and VMware, Porticor provides the industry’s only software-defined, automated solution that uniquely eliminates the need for cumbersome, non-scalable, and expensive hardware security modules for the cloud.  Uniquely combining data encryption with patented split-key encryption and homomorphic key management technologies, Porticor protects critical data in public, private and hybrid cloud environments.  It provides the strong security needed for compliance in a convenient, cost-effective, fully cloud-based solution.

About Porticor

Porticor is the leading cloud security company delivering easy-to-use and scalable security solutions for cloud data encryption and key management.  The Porticor Virtual Private Data (VPD) system is the industry’s first solution combining data encryption with patented split-key encryption and homomorphic key management to protect critical data in public, private and hybrid cloud environments.  Using breakthrough split-key encryption and homomorphic key management, the Porticor VPD is the only system available that offers the ease-of-use of cloud-based key management without sacrificing trust.  Porticor is an Amazon Web Services Technology Partner, a VMware Technology Alliance Partner, an HP technology partner, and supports other clouds.  The company is headquartered in Tel Aviv, Israel, with offices in Silicon Valley, and is venture backed.  For more information, visit: http://www.porticor.com/.

 

###

The post Porticor Helps Organizations Meet PCI DSS Compliance and Secure Credit Card Information Stored in the Cloud appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Latest Stories
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single threaded, you can effectively identify hot spots in your serverless code. In his session at 20th Cloud Expo, David Martin, Principal Product Owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to ov...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
As enterprise cloud becomes the norm, businesses and government programs must address compounded regulatory compliance related to data privacy and information protection. The most recent, Controlled Unclassified Information and the EU’s GDPR have board level implications and companies still struggle with demonstrating due diligence. Developers and DevOps leaders, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by in...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. This talk, designed for C-level attendees, demonstrates a Live Hack of a virtual environment to show the ease in which any average user can leverage these tools and infiltrate their network environment. This session will include an overview of the Shadbrokers NSA leak situation.
SYS-CON Events announced today that A&I Solutions named "Bronze Sponsor" of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded over 15 years ago in 1999, A&I Solutions continues to provide companies with premier integrated enterprise solutions. By partnering with the trusted and proven solutions of leading technology companies, our customers are assured high performance levels across all IT environments including:...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
While presenting own advanced Robo-Advisory Platform, Michał Różański, Managing Partner at EARP and CEO at Empirica, will illustrate the most important issues of building tailored FinTech software in his session at 20th Cloud Expo. He will share experiences we have gained for over 6 years of developing solutions for financial institutions and FinTech companies, including robo-advisors. We welcome all FinTech innovators interested in how properly implemented technology can move their businesses f...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
Apache OpenWhisk on IBM Bluemix provides a powerful and flexible environment for deploying cloud-native applications driven by data, message, and API call events. In his session at 20th Cloud Expo, Daniel Krook, Software Architect, IBM Watson and Cloud Platform, and Distinguished IT Specialist, will discuss why serverless architectures are attractive for many emerging cloud workloads and when you should consider OpenWhisk for your next project. Then get started on Bluemix with three sample appl...