Your company competes against many other ISVs selling niche retail management software and payment applications. You need a strong partner to guarantee you are providing the best encryption and key management to your customers.
At Townsend Security, we offer industry standard AES encryption and certified key management and we believe that good encryption and key management is the cornerstone of good security. Here are three ways we believe a good partner should help ease the burden of data security:
I know... you are thinking “Key management is both costly and difficult” - while that reputation was accurate ten years ago, today certified encryption key management using best practices can be achieved quickly, easily, and at an affordable price. We help you by offering encryption key management that is quick and easy to deploy, has a cost effective licensing model, and we will even OEM or “white label” for you because we don’t believe issues around branding should get in the way of good data security.
We believe that data security should be constantly evolving to meet the challenges of new security threats. Retail ISVs and payment application software companies need to know that although their solution may have earned a PA-DSS certification, these standards, like all PCI standards, are not set in stone. Just because a solution has been certified once, outdated encryption and key management practices might not suffice during the next certification process. Since encryption and key management are necessary components of payment application systems, providing customers with third party OEM NIST-certified AES encryption and FIPS 140-2 compliant key management would give an ISV some critical advantages.
Townsend Security not only supplies NIST and FIPS 140-2 certified encryption and key management, we'll help you achieve your own FIPS certification under our OEM program. In order to confidently protect your customers, NIST and FIPS certifications ensure that encryption key management has been tested against government standards and will protect compromised data in the event of a breach.
While many payment applications have a PA-DSS certification, in order to protect your customers from a data breach, you must not only meet these certifications, but also build a security solution that will truly protect data at rest and data in transit using industry best practices. Data security must be a critical element in your risk management plan and conveyed well to your customers.
With our NIST and FIPS certified encryption and key management solutions, retail ISVs can offer easy and affordable industry standard data security. Townsend security has redefined what it means to partner with a security company. Our dedicated team provides our partners with extensive training, back end support, marketing materials, and a cost effective licensing model. So when (not if) your customer experiences a data breach, and you have implemented adequate security that renders the compromised data unreadable, you will not only be your customer’s hero, but your own company’s hero as well.
In this complimentary podcast, security expert Patrick Townsend discusses “How Retail ISVs Can Improve Their Payment Applications” with Paul Taylor from Security Insider.
As always, we welcome your comments and questions!