Data encryption is a crucial part of cybersecurity. The standard data states (at rest, in transit, and use) all present unique and challenging vulnerabilities that can expose that data to unauthorized parties. No vulnerability is more apparent than having that data stolen and viewed by people who shouldn’t be looking. 

That’s where in-transit encryption comes into play. With in-transit encryption, you can meet your compliance requirements and ensure that your data, and the data of your patients and customers, remain confidential.

Read More

It’s crucial that any company handling consumer cardholder information, including card numbers, protect that information from any and every unauthorized user. The PCI Security Standards Council has determined that to promote security and usability, it’s not enough to secure a system perimeter and encrypt data. Instead, companies have to approach data obfuscation through a series of requirements that protect it from theft while allowing the company to utilize it for regular commercial purposes. 

Here, we’ll discuss Primary Account Numbers (PAN) and how you must protect them under PCI DSS.

Read More

Part of managing system compliance is ensuring that each system meets a minimum standard. Beyond this relatively straightforward component of the process, almost every compliance process includes other ongoing tasks, including risk assessment and configuration management. 

What is configuration management, exactly? These compliance frameworks will often refer to it, but implementing a management policy is entirely different. 

Read More