I went to my first ever kickboxing class the other night, and it kicked my butt, LITERALLY.  I thought that because I work out on a daily basis and recently ran a 10K, that a 1-hour kickboxing class would be a nice cardio day for me.  Boy was I wrong.
I can imagine that PCI audits can be like this for others, maybe even you.  You think you have nothing to worry about (after all, you have been investing heavily for this day) and then WHAM, your auditor/kickboxing instructor knocks you down flat!

We hear this from companies as they go through their audits: “We thought we were doing everything correct.  All our cardholder data was encrypted!”

What these companies fail to realize, and what the auditor will quickly point out, is that proper encryption requires encryption key management!

“But wait, we are a level two merchant and you want us to do what?  Manage our encryption keys?  Since when do you have to manage your encryption keys separate from your appliance?  Doesn’t IBM offer a key store on your IBM i (AS/400, iSeries)?"  I was shocked the exact same way when my instructor said, “We’re going to do 2 punches, 1 hook, and a roundhouse kick to the bag, and you need to repeat this for the next 2 minutes!”  Are you kidding me?

Townsend Security works with you to meet PCI audit requirements.  We assist organizations both large and small obtain compliance in sections 3 & 4 with our AES encryption and encryption key management solutions.  We also address issues of section 10 by providing customers our Alliance LogAgent, the system logging solution for the IBM i.

Passing an audit, like kickboxing, is a lot of work and not something you can just wake up and do well.  They both take an investment of time and resources - and at the end of the day, you will be stronger and able to defend yourself.

If it weren’t for the great support and expertise of my teachers, I would not have survived my first class.  Cheers to them and cheers to Townsend Security helping companies of all sizes meet their PCI audits.

For more information on passing your PCI audit, download our white paper “Meeting the Challenges of PCI Compliance” and learn what will your auditor look for, how you can ensure your PII is secure, and why auditors are looking specifically at encryption key management.