Hyphen Technology meets compliance needs under tight deadline
IBM and IBM Premier Business Partner, iEnterprise Solutions, deliver compliance solution.
Hyphen Technology was under a tight deadline to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) for information security. Founded in 1996 and based in Johannesburg, South Africa, Hyphen provides the country's banks with solutions for financial transactions management, including payment, collection, cash-flow management and bank reconciliation solutions.
Meeting industry safety standards
"One of the requirements of the PCI standard is that any credit card information stored on your systems must be encrypted," says Pieter Henrico, head of IT operations for Hyphen. Henrico therefore needed to find a solution that would help the company identify the location of all its credit card data.
Precisely targeting this data and encrypting only sensitive information was absolutely essential to minimise the impact on system performance. "The more encryption you do, the more it impacts system performance," says Henrico. "For example, if you encrypt the entire database, your CPU won't be able to cope with the load."
When encrypting sensitive data, it's important to encrypt only that which you need to, because over-encrypting can have a negative impact on system performance. "By understanding exactly where sensitive data is, we ensure that there's no noticeable impact to our applications while we're meeting compliance regulations," says Henrico.
Quickly identifying sensitive data
Hyphen worked with IBM Premier Business Partner, iEnterprise Solutions (iEnter), to implement iEnterprise Solutions XRAY software, which is a data-pattern search tool developed for the IBM Power Systems platform. Using the XRAY software, Henrico's team scanned the company's databases for specific data patterns, such as credit card numbers, social security numbers or account validation routines. The XRAY application includes an Eclipse environment-based plug-in that integrates with Hyphen's new IBM Rational Developer for Power Systems Software offering to produce PDF reports of its findings.
Simplifying future compliance needs
Hyphen used the solution to scan more than 1.7 billion records, identify any fields that contained sensitive information and then encrypt that data. By engaging iEnter to implement the XRAY and Rational software, Hyphen gained the ability to automatically scan for all unknown data patterns across its Power Systems platform, which will help the company address any future compliance requirements that might arise.
"Going forward, it will be a scanning tool of choice for Hyphen's IBM i environment because it is simple to maintain, simple to deploy and there will always be new pieces of legislation coming along that we'll need to address," says Henrico. In fact, in South Africa, a new piece of legislation called the Protection of Personal Information is already in the works. With the new solution, Hyphen will be positioned to quickly demonstrate compliance with the new regulation.
For more information
To learn more about IBM Rational solutions, please contact your IBM marketing representative or IBM Business Partner, or visit the following Web site:
To learn more about IBM Premier Business Partner, iEnterprise Solutions, please visit: www.ienter.co.za.