Get PCI Compliance off your mind for good.
Traditional PCI data storage strategies like segmentation have turned out to be difficult to manage, and never fully effective. Plus, managing access to isolated data takes a lot of time and effort. Currently, the most common solutions add layers of complexity and overhead to network administration.
The new philosophy: don't store PCI data at all.
The old way:
While not required by PCI DSS Standards, network segmentation—keeping all the servers and systems that touch credit card data in their own network segment—is strongly recommended. It keeps the majority of your network out of scope for PCI compliance and minimizes your compliance headache by reducing risk, reducing assessment scope and cost, and reducing the difficulty of implementing and maintaining PCI DSS controls.
Ensuring that a system component is properly isolated (segmented) from the CDE is an ongoing, complex effort that eats up resources. Plus, penetration testing must be regularly used to test all segmentation methods to confirm they are operational and effective, and isolate all out-of-scope systems from in-scope systems.
The new way:
Point to Point Encryption
A point-to-point encryption (P2PE) solution cryptographically protects account data—from the moment a merchant accepts payment to the secure point of decryption. By using P2PE, payment card data is unreadable until it reaches the secure decryption environment, which makes it less valuable if stolen.
In data security, Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or value.
Tokenization combined with P2PE
Using Tokenization combined with Point-to-Point Encryption Solution completely eliminates scope and the risk of data compromise.