SlideShare ist ein Scribd-Unternehmen logo
1 von 34
Downloaden Sie, um offline zu lesen
Don't Get Caught in a PCI Pickle: Meet Compliance and
Protect Payment Card Data with DataStax and Gazzang

Pavan Venkatesh, Sr. Product Manager (DataStax)
Sam Heywood, VP of Product & Marketing (Gazzang)
DataStax: An Overview
• Founded in April 2010
• We drive Apache Cassandra™,
the popular open-source NoSQL database
• We provide DataStax Enterprise for enterprise NoSQL
implementations
• 400 customers
• 200+ employees
• Home to Apache Cassandra Chair & most committers
• Headquartered in San Francisco Bay area

• Funded by prominent venture firms

2
Gazzang: An Overview
• Focus on securing sensitive data in
cloud and big data environments
• We help customers meet
compliance requirements like
HIPAA, PCI, FIPS and FERPA
• Satisfy internal security mandates
• Protect valuable client information
• Headquartered in Austin, Texas
Today’s speakers
Pavan Venkatesh, Senior Product Manager at DataStax
Pavan oversees DataStax Enterprise and OpsCenter
products. He has more than seven years of broad database
and NoSQL experience. He also has a Master’s degree in
Computer Science from Syracuse University.

Sam Heywood, VP of Products and Marketing at Gazzang
Sam drives Gazzang's global product innovation and delivery,
corporate marketing and demand generation. A seasoned
product and marketing executive with leadership experience
at several notable technology startups, Sam is well versed in
systems management, online CRM platforms, consumer
ecommerce and security technologies.

4
Why DataStax?
DataStax supports both the open source community and
modern business enterprises.
Open Source/Community

Enterprise Software

• Apache Cassandra (employ
Cassandra chair and 90+% of
the committers)
• DataStax Community Edition
• DataStax OpsCenter
• DataStax DevCenter
• DataStax Drivers/Connectors
• Online Documentation
• Online Training
• Mailing lists and forums

• DataStax Enterprise Edition
• Certified Cassandra
• Built-in Analytics
• Built-in Enterprise Search
• Enterprise Security
• DataStax OpsCenter
• Expert Support
• Consultative Help
• Professional Training

5
What is Apache Cassandra?
• Masterless architecture with read/write anywhere design.
• Continuous availability with no single point of failure.
• Gold standard in multi-datacenter and cloud availability zone
support.
• Flexible data model perfect for time series and other data.
• Linear scale performance with online capacity expansion.
• Security with authentication and authorization.
• Operationally simple.
• CQL – SQL-like language.

100,000
txns/sec

200,000
txns/sec

6

400,000
txns/sec
Analyze your hot data
• HDFS storage replaced with Cassandra
(Cassandra File System – CFS)
• No single points of failure as in Apache
Hadoop distribution
• MapReduce, Hive, Pig, Sqoop, and
Mahout support
• Hadoop task tracker started on all nodes
• Able to create multiple CFSs across
multiple data centers to segregate Hadoop
data and tasks
• Can create multiple job trackers – one for
each data center

7
Search your hot data

• Built on Cassandra

• Automatic sharing via Cassandra
replication

• Very fast performance

• Search indexes can span multiple data
centers (regular Solr cannot)

• Provides data durability (overcomes Solr’s
lack of write-ahead log - if community Solr
node goes down, data can be lost)

• Online scalability via adding new nodes
• Built-in failover; continuously available

• Overcomes Solr write bottleneck –
can read/write to any Solr node

• CQL extended to support Solr/search
queries

8
Cassandra/DataStax Users: A Sample

9
Why securing data is important
‘Twas the season to be hacked...
The average cost of cybercrime hacking, phishing, Internet
fraud, corporate security breach to U.S. organizations is nearly $12
million per year.
Attacks get more sophisticated
and traditional protections such as
firewalls and antivirus are no
longer sufficient.
What is PCI-DSS?
• The Payment Card Industry (PCI) Data Security
Standard (DSS) was developed ten years ago to
enhance cardholder data security.
• The PCI-DSS is administered and managed by the PCI
SSC (www.pcisecuritystandards.org), an independent
body that was created by the major payment card
brands (Visa, MasterCard, American Express, Discover
and JCB).

• This council was formed to prevent such identity thefts
as described previously.

11
PCI - Who & Why?
• Entities (merchants) involved in
payment card processing (debit,
credit, pre-paid etc.) have to comply
with PCI-DSS standards to help avoid
any data breach.
• Compliance with PCI-DSS means
that the payment card information
(data) is very secure and customers
can
trust with their
sensitive information.

12
PCI & Database
Entities (Merchants) expect the underlying database to
be in compliance with PCI-DSS as this sensitive data will
eventually be stored in the data store.

13
Storage and access to digital,
not physical data
1. Install and maintain a firewall
2. Do not use vendor-supplied defaults for passwords; develop configuration standards
3. Protect stored data
4. Encrypt transmission of cardholder data across public networks
5. Use and regularly update antivirus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business and need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Test systems regularly to ensure security is maintained over time and through changes
12. Maintain an information security policy

14
15
PCI GUIDELINE #2
Do not use vendor supplied defaults
2.1 Always change vendorsupplied defaults and remove
or disable unnecessary
default accounts before
installing a system on the
network.
2.2 Ensure that security policies
and operational procedures for
managing vendor defaults and
other security parameters are
documented, in use, and known
to all affected parties.

DataStax Enterprise
recommends you
change the default
password

16
PCI GUIDELINE #3
Protect stored cardholder data
3.1 Keep cardholder data storage to a
minimum by implementing data
retention and disposal
policies, procedures and processes

3.2 Do not store sensitive
authentication data after
authorization (even if
encrypted)

3.3 Mask primary account
number (PAN) when displayed
(the first six and last four digits
are the maximum number of
digits to be displayed)

3.5 Protect any keys used to secure
cardholder data against disclosure
and misuse

3.4 Render PAN unreadable
anywhere it is stored (including on
portable digital media, backup
media, and in logs) by using any of
the following approaches: One-way
hashes based on strong
cryptography (hash must be of the
entire PAN); Truncation ……..

3.6 Fully document and implement
all key-management processes and
procedures for cryptographic keys
used for encryption of cardholder
data
17
WHAT’S NEW

In PCI Guideline 3.0?
• Subcontrol 3.5.1 covers restricting access to keys to the minimum
possible number of people
• Subcontrol 3.5.3 requires that keys are stored in as few places as
possible
• Subcontrols under 3.6 mandate that best practices are followed
when replacing keys when they reach the end of their life or are
compromised, and that those entrusted with managing keys
understand and accept their responsibilities.

18
- Verizon 2014 PCI Compliance Report: An
inside look at the business need for protecting
payment card information.
19
HOW WE DO IT
Transparent data encryption and key
management
• Protects sensitive data at rest from theft
• No changes needed at application level
• Keys are encrypted and secured in a software-based
vault and wrapped with several policy layers that
prevent unauthorized access

20
IN PRACTICE

• Encrypt PAN numbers and
customer PII for a mobile egifting platform
• Protect credit card data and
PHI for global health insurance
company
PCI GUIDELINE #4
Encrypt transmission of cardholder data
across public networks
4.1 Use strong cryptography and
security protocols (for
example, SSL/TLS, IPSEC. SSH, etc.) to
safeguard sensitive cardholder data
during transmission over open, public
networks, including the following:
• Only trusted keys and certificates are
accepted
• The protocol in use only supports
secure versions or configurations
• The encryption strength is
appropriate for the encryption
methodology in use
4.2 Never send unprotected PANs
by end-user messaging technologies
such as email, instant messaging or
chat

22
HOW WE DO IT
Client-to-Node and Node-to-Node Encryption
• DSE protects data in flight from client machines to a database cluster
 Ensures data cannot be captured/stolen in route to a server
 Establishes a secure channel between the client and the coordinating
node
• DSE protects data transferred between nodes in a cluster using SSL
• SSL keys are secured and managed to ensure only trusted processes
can transmit data over the network

23
PCI GUIDELINE #7
Restrict access to data by business and need-to-know

7.1 Limit access to system components
and cardholder data to only those
individuals whose job requires such
access

7.2 Establish an access control
system for system components with
multiple users that restricts access
based on a user’s need to know, and
is set to “deny all” unless specifically
allowed

24
HOW WE DO IT
Internal Authentication
• DataStax offers internal authentication using login accounts and
passwords for Cassandra and Kerberos authentication for
Cassandra, Hadoop and Solr
• Provides granular based control over who can
add/change/delete/read data
• Grants or revokes permissions to access Cassandra data

25
HOW WE DO IT
Access Controls
• Gazzang offers process-based access controls determine which
processes can access encrypted cardholder data
 Only authorized database accounts with assigned database rights

connecting from applications on approved network clients can access
cardholder data stored on a server.
 OS users that do not have a business need to read the data can be
prevented from accessing it

• Key release policies provide additional means of preventing unauthorized
access

26
PCI GUIDELINE #8
Assign unique IDs for access
8.1 Provide each user with an ID
that is unique and cannot be
shared with anyone
8.2 Identify and authenticate
access to system components
HOW WE DO IT
Single Sign-On and Super Users
• DSE offers external authentication through
Kerberos to provide single sign on capability.
• DSE also allows super user creation and can
authorize other users.

28
PCI GUIDELINE #10
Track and monitor all access to network resources and cardholder data

10.3 Record audit trail
entries for all system
components for each event
HOW WE DO IT
Data Auditing Control
• DSE supports data auditing and is being implemented as a log4j-based
integration
• Granular control to audit only what’s needed

30
PCI Summary
• The PCI-DSS is a set of comprehensive requirements for securing

payment data.
• Complying with PCI ensures the payment card information (sensitive
data) is very secure, and customers can trust the complying organization
with their sensitive payment card information.
• This process can avoid any data breach or hack.
• Ensures best practices for the entire infrastructure through access control
policies, reporting and monitoring.

31
DataStax in conjunction with Gazzang provides
comprehensive features for securing sensitive
information stored in the Cassandra database
and helps organizations comply with PCI-DSS
requirements.

32
Next steps
• Links to webinar recording and white paper coming to your
inbox soon
• Learn more about DataStax Enterprise
(DSE):http://www.datastax.com/what-we-offer/productsservices/datastax-enterprise/advantages - navtop

• DSE Security:
http://www.datastax.com/documentation/datastax_enterprise/3.2/datastax_
enterprise/sec/secDSE.html

• Request a demo of Gazzang+DataStax
Enterprise: http://www.gazzang.com/products/zncrypt/datastaxenterprise
33
Thank you – Questions?

We power the big data apps
that transform business.

Weitere ähnliche Inhalte

Was ist angesagt?

Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd Known
Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd KnownCassandra Community Webinar: MySQL to Cassandra - What I Wish I'd Known
Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd KnownDataStax
 
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...DataStax
 
How jKool Analyzes Streaming Data in Real Time with DataStax
How jKool Analyzes Streaming Data in Real Time with DataStaxHow jKool Analyzes Streaming Data in Real Time with DataStax
How jKool Analyzes Streaming Data in Real Time with DataStaxDataStax
 
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsCassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsDataStax
 
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...DataStax
 
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...DataStax
 
Reporting from the Trenches: Intuit & Cassandra
Reporting from the Trenches: Intuit & CassandraReporting from the Trenches: Intuit & Cassandra
Reporting from the Trenches: Intuit & CassandraDataStax
 
C*ollege Credit: Is My App a Good Fit for Cassandra?
C*ollege Credit: Is My App a Good Fit for Cassandra?C*ollege Credit: Is My App a Good Fit for Cassandra?
C*ollege Credit: Is My App a Good Fit for Cassandra?DataStax
 
Real-time personal trainer on the SMACK stack
Real-time personal trainer on the SMACK stackReal-time personal trainer on the SMACK stack
Real-time personal trainer on the SMACK stackAnirvan Chakraborty
 
DataStax C*ollege Credit: What and Why NoSQL?
DataStax C*ollege Credit: What and Why NoSQL?DataStax C*ollege Credit: What and Why NoSQL?
DataStax C*ollege Credit: What and Why NoSQL?DataStax
 
Migration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchMigration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchDataStax Academy
 
Building a Digital Bank
Building a Digital BankBuilding a Digital Bank
Building a Digital BankDataStax
 
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...DataStax
 
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...DataStax
 
Announcing Spark Driver for Cassandra
Announcing Spark Driver for CassandraAnnouncing Spark Driver for Cassandra
Announcing Spark Driver for CassandraDataStax
 
Introduction to DataStax Enterprise Graph Database
Introduction to DataStax Enterprise Graph DatabaseIntroduction to DataStax Enterprise Graph Database
Introduction to DataStax Enterprise Graph DatabaseDataStax Academy
 
Data Pipelines with Spark & DataStax Enterprise
Data Pipelines with Spark & DataStax EnterpriseData Pipelines with Spark & DataStax Enterprise
Data Pipelines with Spark & DataStax EnterpriseDataStax
 
From PoCs to Production
From PoCs to ProductionFrom PoCs to Production
From PoCs to ProductionDataStax
 
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...DataStax
 
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar  |  How to Understand Apache Cassandra™ Performance Through Read/Writ...Webinar  |  How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...DataStax
 

Was ist angesagt? (20)

Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd Known
Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd KnownCassandra Community Webinar: MySQL to Cassandra - What I Wish I'd Known
Cassandra Community Webinar: MySQL to Cassandra - What I Wish I'd Known
 
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
 
How jKool Analyzes Streaming Data in Real Time with DataStax
How jKool Analyzes Streaming Data in Real Time with DataStaxHow jKool Analyzes Streaming Data in Real Time with DataStax
How jKool Analyzes Streaming Data in Real Time with DataStax
 
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsCassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
 
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...
Webinar - Macy’s: Why Your Database Decision Directly Impacts Customer Experi...
 
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...
Making Every Drop Count: How i20 Addresses the Water Crisis with the IoT and ...
 
Reporting from the Trenches: Intuit & Cassandra
Reporting from the Trenches: Intuit & CassandraReporting from the Trenches: Intuit & Cassandra
Reporting from the Trenches: Intuit & Cassandra
 
C*ollege Credit: Is My App a Good Fit for Cassandra?
C*ollege Credit: Is My App a Good Fit for Cassandra?C*ollege Credit: Is My App a Good Fit for Cassandra?
C*ollege Credit: Is My App a Good Fit for Cassandra?
 
Real-time personal trainer on the SMACK stack
Real-time personal trainer on the SMACK stackReal-time personal trainer on the SMACK stack
Real-time personal trainer on the SMACK stack
 
DataStax C*ollege Credit: What and Why NoSQL?
DataStax C*ollege Credit: What and Why NoSQL?DataStax C*ollege Credit: What and Why NoSQL?
DataStax C*ollege Credit: What and Why NoSQL?
 
Migration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchMigration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a Hitch
 
Building a Digital Bank
Building a Digital BankBuilding a Digital Bank
Building a Digital Bank
 
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...
Webinar: ROI on Big Data - RDBMS, NoSQL or Both? A Simple Guide for Knowing H...
 
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...
Webinar: Buckle Up: The Future of the Distributed Database is Here - DataStax...
 
Announcing Spark Driver for Cassandra
Announcing Spark Driver for CassandraAnnouncing Spark Driver for Cassandra
Announcing Spark Driver for Cassandra
 
Introduction to DataStax Enterprise Graph Database
Introduction to DataStax Enterprise Graph DatabaseIntroduction to DataStax Enterprise Graph Database
Introduction to DataStax Enterprise Graph Database
 
Data Pipelines with Spark & DataStax Enterprise
Data Pipelines with Spark & DataStax EnterpriseData Pipelines with Spark & DataStax Enterprise
Data Pipelines with Spark & DataStax Enterprise
 
From PoCs to Production
From PoCs to ProductionFrom PoCs to Production
From PoCs to Production
 
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...
Webinar | How Clear Capital Delivers Always-on Appraisals on 122 Million Prop...
 
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar  |  How to Understand Apache Cassandra™ Performance Through Read/Writ...Webinar  |  How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
 

Andere mochten auch

Webinar | Building Apps with the Cassandra Python Driver
Webinar | Building Apps with the Cassandra Python DriverWebinar | Building Apps with the Cassandra Python Driver
Webinar | Building Apps with the Cassandra Python DriverDataStax Academy
 
Cassandra Community Webinar: Back to Basics with CQL3
Cassandra Community Webinar: Back to Basics with CQL3Cassandra Community Webinar: Back to Basics with CQL3
Cassandra Community Webinar: Back to Basics with CQL3DataStax
 
Webinar: Eventual Consistency != Hopeful Consistency
Webinar: Eventual Consistency != Hopeful ConsistencyWebinar: Eventual Consistency != Hopeful Consistency
Webinar: Eventual Consistency != Hopeful ConsistencyDataStax
 
Cassandra Community Webinar | In Case of Emergency Break Glass
Cassandra Community Webinar | In Case of Emergency Break GlassCassandra Community Webinar | In Case of Emergency Break Glass
Cassandra Community Webinar | In Case of Emergency Break GlassDataStax
 
Webinar: Getting Started with Apache Cassandra
Webinar: Getting Started with Apache CassandraWebinar: Getting Started with Apache Cassandra
Webinar: Getting Started with Apache CassandraDataStax
 
Webinar: 2 Billion Data Points Each Day
Webinar: 2 Billion Data Points Each DayWebinar: 2 Billion Data Points Each Day
Webinar: 2 Billion Data Points Each DayDataStax
 
Cassandra TK 2014 - Large Nodes
Cassandra TK 2014 - Large NodesCassandra TK 2014 - Large Nodes
Cassandra TK 2014 - Large Nodesaaronmorton
 
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStax
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStaxWebinar | From Zero to 1 Million with Google Cloud Platform and DataStax
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStaxDataStax
 
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...DataStax
 
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...DataStax
 
Webinar: DataStax Training - Everything you need to become a Cassandra Rockstar
Webinar: DataStax Training - Everything you need to become a Cassandra RockstarWebinar: DataStax Training - Everything you need to become a Cassandra Rockstar
Webinar: DataStax Training - Everything you need to become a Cassandra RockstarDataStax
 
Webinar: Building Blocks for the Future of Television
Webinar: Building Blocks for the Future of TelevisionWebinar: Building Blocks for the Future of Television
Webinar: Building Blocks for the Future of TelevisionDataStax
 
Webinar: Diagnosing Apache Cassandra Problems in Production
Webinar: Diagnosing Apache Cassandra Problems in ProductionWebinar: Diagnosing Apache Cassandra Problems in Production
Webinar: Diagnosing Apache Cassandra Problems in ProductionDataStax Academy
 
How To Tell if Your Business Needs NoSQL
How To Tell if Your Business Needs NoSQLHow To Tell if Your Business Needs NoSQL
How To Tell if Your Business Needs NoSQLDataStax
 
Cassandra Community Webinar | Become a Super Modeler
Cassandra Community Webinar | Become a Super ModelerCassandra Community Webinar | Become a Super Modeler
Cassandra Community Webinar | Become a Super ModelerDataStax
 
Cassandra Community Webinar: Apache Cassandra Internals
Cassandra Community Webinar: Apache Cassandra InternalsCassandra Community Webinar: Apache Cassandra Internals
Cassandra Community Webinar: Apache Cassandra InternalsDataStax
 
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...DataStax
 
Community Webinar: 15 Commandments of Cassandra DBAs
Community Webinar: 15 Commandments of Cassandra DBAsCommunity Webinar: 15 Commandments of Cassandra DBAs
Community Webinar: 15 Commandments of Cassandra DBAsDataStax
 
Cassandra Community Webinar | The World's Next Top Data Model
Cassandra Community Webinar | The World's Next Top Data ModelCassandra Community Webinar | The World's Next Top Data Model
Cassandra Community Webinar | The World's Next Top Data ModelDataStax
 

Andere mochten auch (19)

Webinar | Building Apps with the Cassandra Python Driver
Webinar | Building Apps with the Cassandra Python DriverWebinar | Building Apps with the Cassandra Python Driver
Webinar | Building Apps with the Cassandra Python Driver
 
Cassandra Community Webinar: Back to Basics with CQL3
Cassandra Community Webinar: Back to Basics with CQL3Cassandra Community Webinar: Back to Basics with CQL3
Cassandra Community Webinar: Back to Basics with CQL3
 
Webinar: Eventual Consistency != Hopeful Consistency
Webinar: Eventual Consistency != Hopeful ConsistencyWebinar: Eventual Consistency != Hopeful Consistency
Webinar: Eventual Consistency != Hopeful Consistency
 
Cassandra Community Webinar | In Case of Emergency Break Glass
Cassandra Community Webinar | In Case of Emergency Break GlassCassandra Community Webinar | In Case of Emergency Break Glass
Cassandra Community Webinar | In Case of Emergency Break Glass
 
Webinar: Getting Started with Apache Cassandra
Webinar: Getting Started with Apache CassandraWebinar: Getting Started with Apache Cassandra
Webinar: Getting Started with Apache Cassandra
 
Webinar: 2 Billion Data Points Each Day
Webinar: 2 Billion Data Points Each DayWebinar: 2 Billion Data Points Each Day
Webinar: 2 Billion Data Points Each Day
 
Cassandra TK 2014 - Large Nodes
Cassandra TK 2014 - Large NodesCassandra TK 2014 - Large Nodes
Cassandra TK 2014 - Large Nodes
 
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStax
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStaxWebinar | From Zero to 1 Million with Google Cloud Platform and DataStax
Webinar | From Zero to 1 Million with Google Cloud Platform and DataStax
 
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...
Cassandra Community Webinar | Practice Makes Perfect: Extreme Cassandra Optim...
 
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...
Cassandra Community Webinar | Make Life Easier - An Introduction to Cassandra...
 
Webinar: DataStax Training - Everything you need to become a Cassandra Rockstar
Webinar: DataStax Training - Everything you need to become a Cassandra RockstarWebinar: DataStax Training - Everything you need to become a Cassandra Rockstar
Webinar: DataStax Training - Everything you need to become a Cassandra Rockstar
 
Webinar: Building Blocks for the Future of Television
Webinar: Building Blocks for the Future of TelevisionWebinar: Building Blocks for the Future of Television
Webinar: Building Blocks for the Future of Television
 
Webinar: Diagnosing Apache Cassandra Problems in Production
Webinar: Diagnosing Apache Cassandra Problems in ProductionWebinar: Diagnosing Apache Cassandra Problems in Production
Webinar: Diagnosing Apache Cassandra Problems in Production
 
How To Tell if Your Business Needs NoSQL
How To Tell if Your Business Needs NoSQLHow To Tell if Your Business Needs NoSQL
How To Tell if Your Business Needs NoSQL
 
Cassandra Community Webinar | Become a Super Modeler
Cassandra Community Webinar | Become a Super ModelerCassandra Community Webinar | Become a Super Modeler
Cassandra Community Webinar | Become a Super Modeler
 
Cassandra Community Webinar: Apache Cassandra Internals
Cassandra Community Webinar: Apache Cassandra InternalsCassandra Community Webinar: Apache Cassandra Internals
Cassandra Community Webinar: Apache Cassandra Internals
 
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...
Webinar | Real-time Analytics for Healthcare: How Amara Turned Big Data into ...
 
Community Webinar: 15 Commandments of Cassandra DBAs
Community Webinar: 15 Commandments of Cassandra DBAsCommunity Webinar: 15 Commandments of Cassandra DBAs
Community Webinar: 15 Commandments of Cassandra DBAs
 
Cassandra Community Webinar | The World's Next Top Data Model
Cassandra Community Webinar | The World's Next Top Data ModelCassandra Community Webinar | The World's Next Top Data Model
Cassandra Community Webinar | The World's Next Top Data Model
 

Ähnlich wie Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Data with DataStax and Gazzang

EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci CompliaceDenish Patel
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceDavid Walker
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...DataWorks Summit
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSSControlCase
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant?  OpenStack SecurityWill Your Cloud Be Compliant?  OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam HeywoodC* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam HeywoodDataStax Academy
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Risk Crew
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSSControlCase
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
Get Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber SolutionGet Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber SolutionCloudera, Inc.
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsUlf Mattsson
 

Ähnlich wie Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Data with DataStax and Gazzang (20)

Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci Compliace
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSS
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant?  OpenStack SecurityWill Your Cloud Be Compliant?  OpenStack Security
Will Your Cloud Be Compliant? OpenStack Security
 
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam HeywoodC* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Get Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber SolutionGet Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber Solution
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
 

Mehr von DataStax

Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?DataStax
 
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...DataStax
 
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsRunning DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsDataStax
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphDataStax
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyDataStax
 
Webinar | Better Together: Apache Cassandra and Apache Kafka
Webinar  |  Better Together: Apache Cassandra and Apache KafkaWebinar  |  Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache KafkaDataStax
 
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseTop 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseDataStax
 
Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0DataStax
 
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...DataStax
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar  |  Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar  |  Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesDataStax
 
Designing a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDesigning a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDataStax
 
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudHow to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudDataStax
 
How to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceHow to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceDataStax
 
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...DataStax
 
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...DataStax
 
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...DataStax
 
Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)DataStax
 
An Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsAn Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsDataStax
 
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingBecoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingDataStax
 
Innovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionInnovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionDataStax
 

Mehr von DataStax (20)

Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?
 
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
 
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsRunning DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise Graph
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
 
Webinar | Better Together: Apache Cassandra and Apache Kafka
Webinar  |  Better Together: Apache Cassandra and Apache KafkaWebinar  |  Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache Kafka
 
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseTop 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
 
Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0
 
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar  |  Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar  |  Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
 
Designing a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDesigning a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for Dummies
 
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudHow to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
 
How to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceHow to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerce
 
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
 
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
 
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
 
Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)
 
An Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsAn Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking Applications
 
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingBecoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
 
Innovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionInnovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud Detection
 

Kürzlich hochgeladen

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Kürzlich hochgeladen (20)

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Data with DataStax and Gazzang

  • 1. Don't Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Data with DataStax and Gazzang Pavan Venkatesh, Sr. Product Manager (DataStax) Sam Heywood, VP of Product & Marketing (Gazzang)
  • 2. DataStax: An Overview • Founded in April 2010 • We drive Apache Cassandra™, the popular open-source NoSQL database • We provide DataStax Enterprise for enterprise NoSQL implementations • 400 customers • 200+ employees • Home to Apache Cassandra Chair & most committers • Headquartered in San Francisco Bay area • Funded by prominent venture firms 2
  • 3. Gazzang: An Overview • Focus on securing sensitive data in cloud and big data environments • We help customers meet compliance requirements like HIPAA, PCI, FIPS and FERPA • Satisfy internal security mandates • Protect valuable client information • Headquartered in Austin, Texas
  • 4. Today’s speakers Pavan Venkatesh, Senior Product Manager at DataStax Pavan oversees DataStax Enterprise and OpsCenter products. He has more than seven years of broad database and NoSQL experience. He also has a Master’s degree in Computer Science from Syracuse University. Sam Heywood, VP of Products and Marketing at Gazzang Sam drives Gazzang's global product innovation and delivery, corporate marketing and demand generation. A seasoned product and marketing executive with leadership experience at several notable technology startups, Sam is well versed in systems management, online CRM platforms, consumer ecommerce and security technologies. 4
  • 5. Why DataStax? DataStax supports both the open source community and modern business enterprises. Open Source/Community Enterprise Software • Apache Cassandra (employ Cassandra chair and 90+% of the committers) • DataStax Community Edition • DataStax OpsCenter • DataStax DevCenter • DataStax Drivers/Connectors • Online Documentation • Online Training • Mailing lists and forums • DataStax Enterprise Edition • Certified Cassandra • Built-in Analytics • Built-in Enterprise Search • Enterprise Security • DataStax OpsCenter • Expert Support • Consultative Help • Professional Training 5
  • 6. What is Apache Cassandra? • Masterless architecture with read/write anywhere design. • Continuous availability with no single point of failure. • Gold standard in multi-datacenter and cloud availability zone support. • Flexible data model perfect for time series and other data. • Linear scale performance with online capacity expansion. • Security with authentication and authorization. • Operationally simple. • CQL – SQL-like language. 100,000 txns/sec 200,000 txns/sec 6 400,000 txns/sec
  • 7. Analyze your hot data • HDFS storage replaced with Cassandra (Cassandra File System – CFS) • No single points of failure as in Apache Hadoop distribution • MapReduce, Hive, Pig, Sqoop, and Mahout support • Hadoop task tracker started on all nodes • Able to create multiple CFSs across multiple data centers to segregate Hadoop data and tasks • Can create multiple job trackers – one for each data center 7
  • 8. Search your hot data • Built on Cassandra • Automatic sharing via Cassandra replication • Very fast performance • Search indexes can span multiple data centers (regular Solr cannot) • Provides data durability (overcomes Solr’s lack of write-ahead log - if community Solr node goes down, data can be lost) • Online scalability via adding new nodes • Built-in failover; continuously available • Overcomes Solr write bottleneck – can read/write to any Solr node • CQL extended to support Solr/search queries 8
  • 10. Why securing data is important ‘Twas the season to be hacked... The average cost of cybercrime hacking, phishing, Internet fraud, corporate security breach to U.S. organizations is nearly $12 million per year. Attacks get more sophisticated and traditional protections such as firewalls and antivirus are no longer sufficient.
  • 11. What is PCI-DSS? • The Payment Card Industry (PCI) Data Security Standard (DSS) was developed ten years ago to enhance cardholder data security. • The PCI-DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). • This council was formed to prevent such identity thefts as described previously. 11
  • 12. PCI - Who & Why? • Entities (merchants) involved in payment card processing (debit, credit, pre-paid etc.) have to comply with PCI-DSS standards to help avoid any data breach. • Compliance with PCI-DSS means that the payment card information (data) is very secure and customers can trust with their sensitive information. 12
  • 13. PCI & Database Entities (Merchants) expect the underlying database to be in compliance with PCI-DSS as this sensitive data will eventually be stored in the data store. 13
  • 14. Storage and access to digital, not physical data 1. Install and maintain a firewall 2. Do not use vendor-supplied defaults for passwords; develop configuration standards 3. Protect stored data 4. Encrypt transmission of cardholder data across public networks 5. Use and regularly update antivirus software 6. Develop and maintain secure systems and applications 7. Restrict access to data by business and need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Test systems regularly to ensure security is maintained over time and through changes 12. Maintain an information security policy 14
  • 15. 15
  • 16. PCI GUIDELINE #2 Do not use vendor supplied defaults 2.1 Always change vendorsupplied defaults and remove or disable unnecessary default accounts before installing a system on the network. 2.2 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties. DataStax Enterprise recommends you change the default password 16
  • 17. PCI GUIDELINE #3 Protect stored cardholder data 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes 3.2 Do not store sensitive authentication data after authorization (even if encrypted) 3.3 Mask primary account number (PAN) when displayed (the first six and last four digits are the maximum number of digits to be displayed) 3.5 Protect any keys used to secure cardholder data against disclosure and misuse 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches: One-way hashes based on strong cryptography (hash must be of the entire PAN); Truncation …….. 3.6 Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of cardholder data 17
  • 18. WHAT’S NEW In PCI Guideline 3.0? • Subcontrol 3.5.1 covers restricting access to keys to the minimum possible number of people • Subcontrol 3.5.3 requires that keys are stored in as few places as possible • Subcontrols under 3.6 mandate that best practices are followed when replacing keys when they reach the end of their life or are compromised, and that those entrusted with managing keys understand and accept their responsibilities. 18
  • 19. - Verizon 2014 PCI Compliance Report: An inside look at the business need for protecting payment card information. 19
  • 20. HOW WE DO IT Transparent data encryption and key management • Protects sensitive data at rest from theft • No changes needed at application level • Keys are encrypted and secured in a software-based vault and wrapped with several policy layers that prevent unauthorized access 20
  • 21. IN PRACTICE • Encrypt PAN numbers and customer PII for a mobile egifting platform • Protect credit card data and PHI for global health insurance company
  • 22. PCI GUIDELINE #4 Encrypt transmission of cardholder data across public networks 4.1 Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC. SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks, including the following: • Only trusted keys and certificates are accepted • The protocol in use only supports secure versions or configurations • The encryption strength is appropriate for the encryption methodology in use 4.2 Never send unprotected PANs by end-user messaging technologies such as email, instant messaging or chat 22
  • 23. HOW WE DO IT Client-to-Node and Node-to-Node Encryption • DSE protects data in flight from client machines to a database cluster  Ensures data cannot be captured/stolen in route to a server  Establishes a secure channel between the client and the coordinating node • DSE protects data transferred between nodes in a cluster using SSL • SSL keys are secured and managed to ensure only trusted processes can transmit data over the network 23
  • 24. PCI GUIDELINE #7 Restrict access to data by business and need-to-know 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access 7.2 Establish an access control system for system components with multiple users that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed 24
  • 25. HOW WE DO IT Internal Authentication • DataStax offers internal authentication using login accounts and passwords for Cassandra and Kerberos authentication for Cassandra, Hadoop and Solr • Provides granular based control over who can add/change/delete/read data • Grants or revokes permissions to access Cassandra data 25
  • 26. HOW WE DO IT Access Controls • Gazzang offers process-based access controls determine which processes can access encrypted cardholder data  Only authorized database accounts with assigned database rights connecting from applications on approved network clients can access cardholder data stored on a server.  OS users that do not have a business need to read the data can be prevented from accessing it • Key release policies provide additional means of preventing unauthorized access 26
  • 27. PCI GUIDELINE #8 Assign unique IDs for access 8.1 Provide each user with an ID that is unique and cannot be shared with anyone 8.2 Identify and authenticate access to system components
  • 28. HOW WE DO IT Single Sign-On and Super Users • DSE offers external authentication through Kerberos to provide single sign on capability. • DSE also allows super user creation and can authorize other users. 28
  • 29. PCI GUIDELINE #10 Track and monitor all access to network resources and cardholder data 10.3 Record audit trail entries for all system components for each event
  • 30. HOW WE DO IT Data Auditing Control • DSE supports data auditing and is being implemented as a log4j-based integration • Granular control to audit only what’s needed 30
  • 31. PCI Summary • The PCI-DSS is a set of comprehensive requirements for securing payment data. • Complying with PCI ensures the payment card information (sensitive data) is very secure, and customers can trust the complying organization with their sensitive payment card information. • This process can avoid any data breach or hack. • Ensures best practices for the entire infrastructure through access control policies, reporting and monitoring. 31
  • 32. DataStax in conjunction with Gazzang provides comprehensive features for securing sensitive information stored in the Cassandra database and helps organizations comply with PCI-DSS requirements. 32
  • 33. Next steps • Links to webinar recording and white paper coming to your inbox soon • Learn more about DataStax Enterprise (DSE):http://www.datastax.com/what-we-offer/productsservices/datastax-enterprise/advantages - navtop • DSE Security: http://www.datastax.com/documentation/datastax_enterprise/3.2/datastax_ enterprise/sec/secDSE.html • Request a demo of Gazzang+DataStax Enterprise: http://www.gazzang.com/products/zncrypt/datastaxenterprise 33
  • 34. Thank you – Questions? We power the big data apps that transform business.

Hinweis der Redaktion

  1. As mentioned previously,PCI-DSS comprises 12 categories of regulations. Those in bold below deal directly with storage and access to digital, not physical data. PCI-DSS requires organizations to dispose of sensitive authentication data immediatelyfollowing a transaction. Because this data is never stored, this section will focus on PCI Requirements 2, 3, 4 and 7 which deal with cardholder data as it is transferred over the networkand retained in a database.
  2. Guideline #3 is one of the most critical guidelines out there. (true/false?) Here you see the variety of sub-guidelines related to Guideline #3 that deal with data obfuscation, network encryption and data access.
  3. Many of the changes introduced to Requirement 3 in DSS 3.0 involve improving the management of encryption keys.
  4. DSE and Gazzang offer transparent data encryptionthat secures cardholder data against disclosure and misuse.GazzangzNcrypt™ brings transparent data encryption to DataStax Enterprise, enabling customers to secure sensitive cardholder data including names, PANs, expiration dates and other associated personally identifiable information.
  5. Cashstar develops customer rewards programs for some of the largest retail brands in the world including Best Buy, Starbucks and GAP. Their e-gifting platform enables people to send personalized gift cards to anyone in the world. Each gift card comes with a unique Primary Account Number (PAN) that is stored in a database and encrypted by Gazzang in a manner that complies with PCI sections 3 and 7.That means that in addition to strong AES-256 data encryption, Cashstar manages the keys separate from the encrypted data and sets data retrieval access policies based on business need to know. 
  6. Section 7 of PCI-DSS requires that a company restrict access to cardholder data based on a user’s “need to know.” For data stored in DataStax Enterprise, this means only the authorized database accountswith assigned database rights connecting from applications on approved network clients should be able access cardholder data stored on a server. Operating system users, databaseand cloud administrators and other unauthorized parties should never have access to secure cardholder data.