Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric

More documents

Recommendations

Info

• Secure access. Capabilities need to be in place to ensure that only authorized staff can access administrative functions. • Performance and high availability. The server should support high volumes <strong>of</strong> encryption routines and token requests without impeding <strong>the</strong> performance <strong>of</strong> associated applications and workflow. In addition, <strong>the</strong> server should be enabled for continuous processing, even in <strong>the</strong> event <strong>of</strong> a server outage. Hurdles to Developing a Centralized Encryption Management Server Developing all <strong>the</strong> capabilities outlined above can present significant challenges if a security team seeks to build a solution in-house. Following are a few <strong>of</strong> <strong>the</strong> biggest hurdles an internal team could face in this endeavor: • Developing application interfaces. Developing a custom RFC for SAP and a Web Services interface for o<strong>the</strong>r applications may require unique expertise and consume significant resources. Consideration must be made for how this interface will affect business workflow, SAP tables, and overall application performance. Developing ei<strong>the</strong>r <strong>of</strong> <strong>the</strong>se interfaces would require a great deal <strong>of</strong> expertise in order to ensure performance and availability. • Developing token applications. Writing an application that is capable <strong>of</strong> issuing and managing tokens in heterogeneous environments and that can support multiple field-length requirements can be complex and challenging. Fur<strong>the</strong>r, ongoing support <strong>of</strong> this application could be time consuming and difficult. • Development time. Allocating dedicated resources to this large undertaking and covering for responsibilities this staff would o<strong>the</strong>rwise be fulfilling could present logistical, tactical, and budgetary challenges. • Development expertise. For many organizations, locating <strong>the</strong> in-house expertise to develop such complex capabilities as key management, token management, policy controls, and heterogeneous application integration can be very difficult. • Accommodating new algorithms. Over time, an organization’s security needs change, and so <strong>the</strong> cryptographic algorithms or encryption mechanisms in use may also change. Once initial development has been done, <strong>the</strong> development team may need to add capabilities for integrating with a new protocol or encryption solution, which may entail a substantial rewrite <strong>of</strong> <strong>the</strong> application in use. • Minimizing impact on application performance. Writing code that interfaces with multiple applications while minimizing <strong>the</strong> performance impact on those applications presents an array <strong>of</strong> challenges. © 2008 Paymetric, Inc. All rights reserved. 13.
<strong>Minimize</strong> <strong>the</strong> <strong>Impact</strong> <strong>of</strong> <strong>PCI</strong> <strong>Section</strong> 3 on SAP Applications • Maintaining s<strong>of</strong>tware upgrades and updates. The overhead <strong>of</strong> maintaining and enhancing a security product <strong>of</strong> this complexity can ultimately represent a major resource investment and a distraction from an organization’s core focus and expertise. These challenges are significant and can severely undermine <strong>the</strong> value <strong>of</strong> an encryption management server. For security administrators looking to gain <strong>the</strong> benefits <strong>of</strong> centralization and tokenization, without having to develop and support <strong>the</strong>ir own encryption management server, Paymetric <strong>of</strong>fers an <strong>of</strong>f-<strong>the</strong>-shelf solution called XiSecure. An Introduction to XiSecure Paymetric’s XiSecure is a breakthrough encryption management solution for centralizing and tokenizing credit card data across an enterprise. XiSecure works exactly as described in this document: it removes credit card numbers from distributed business applications, replaces <strong>the</strong>m with tokens, and stores <strong>the</strong> numbers in a centralized, highly secure server. XiSecure <strong>of</strong>fers all <strong>the</strong> benefits discussed in this whitepaper— with <strong>the</strong> additional value <strong>of</strong> rapid time to implementation and ongoing maintenance and support. A complete solution that features integrated hardware, s<strong>of</strong>tware, operating system, and database, XiSecure <strong>of</strong>fers all <strong>the</strong> following critical capabilities: • SAP R/3 and SAP ERP interfaces • Token management s<strong>of</strong>tware • Third party encryption and key management interfaces • Logging and secure access features • Web Services interfaces • Encryption and key management s<strong>of</strong>tware • High availability features In short, XiSecure <strong>of</strong>fers all <strong>the</strong> benefits discussed in this whitepaper—with <strong>the</strong> additional value <strong>of</strong> rapid time to implementation and on-going maintenance and support. © 2008 Paymetric, Inc. All rights reserved. 14.
Page 1 and 2: Innovative Payment Card Solutions <
Page 3 and 4: Minimize t
Page 7 and 8: #### Minimize <str
Page 11: Minimize t
Page 15: About Paymetric Paymetric, Inc. pro

Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?