Columbia Sportswear Company
As a forward thinking company, Columbia wanted to ensure the highest level of service and security for their customers in all their retail store locations. They desired a payment solution that was proven, reliable and scalable. “We were looking for a solution that would minimize or eliminate the need to store payment data with the scalability to support future growth,” said Susan Leafe, Retail Application Manager, Columbia Sportswear Company. Additionally, they were exploring ways to reduce their PCI scope. To accomplish this, they needed a fully outsourced solution utilizing customer-facing terminals to capture the data and encryption and tokenization technologies to secure it. They desired a solution that would easily integrate to their existing point of sale system and offer choices for payment processing.
“The solution is easy to implement and manage over time, and has allowed us to completely remove all credit card data from our environment.”
Heartland Payment Systems
Heartland Payment Systems has raised the industry bar on how to respond to data breaches and how to shore up systems so that air gaps at continued risk by advanced persistent threats cease to exist. Steve Elefant was responsible for implementing end-to-end encryption inside Heartland’s IT systems and was the first to bring this innovation to Heartland’s POS solutions; now in use at over 20,000 merchants. Powered by HPE SecureData and HPE Format-Preserving Encryption, credit card numbers inside Heartland’s systems are encrypted so that all business processes can continue unimpeded, but should that credit card number ever be breached it is useless to attackers. Heartland’ E3 system is the most advanced system in the market for ensuring that merchants can use the payment system with full confidence and remain outside PCI audit scope.
“Heartland is developing a complete end-to-end encryption solution designed to protect cardholder data at all stages of a transaction; from card swipe through delivery to the card brands. Together with HPE Security - Data Security, we are developing a comprehensive solution that currently does not exist.”
The Auto Club Group
The Auto Club Group (ACG) is a membership organization providing travel, roadside assistance and insurance to over 1.6 million motorists. ACG had six critical projects wherein protecting data across multiple systems including IBM mainframe, Open Systems and Windows platforms was of paramount importance. These projects included securing email communications between ACG and its telemarketing partners, securing file transfers between itself and American Express as well as securing data inside their
“Overall we have been very satisfied and very pleased with the implementations within ACG. Our implementation time was phenomenal. We were able to synchronize all our applications within a 12-13 month period. This was particularly beneficial to enable us to self-assess and become PCI compliant.”
CUNA Mutual Group
Scott Sysol and CUNA Mutual Group are great beacons of leadership in the information security industry, highlighting their strong policies and procedures that led to Scott being named CSO of the Year by SC Magazine in 2011. Further, their use of innovation illustrates the kind of best practices, passion and creativity that the IT security industry can take in protecting valuable data assets and interests. With the final objective being protection of sensitive information, the solutions at CUNA Mutual include HPE SecureFile and HPE SecureMail, which in turn build upon HPE Security – Data Security innovations such as HPE Identity-Based Encryption and HPE Format-Preserving Encryption. For CUNA this represents a set of technologies and policies that collectively allow flexibility and enable end-to-end data protection with PCI compliance. These are infrastructure-level solutions that work.
“One essential component of CUNA Mutual’s end-to-end data protection initiative is its innovative use of HPE SecureData, which unites end-to-end encryption, tokenization and masking. We’ve never looked at security as a standalone function,” Sysol noted. “It needs to be woven into every aspect of infrastructure and processes.”
HPE SecureMail protects email communication between Wells Fargo team members, customers, vendors and extended business partners. Wells Fargo’s deployment of HPE SecureMail has quickly grown to be one of the largest use cases of secure email in the world. HPE SecureMail, powered by HPE Identity-Based Encryption (IBE), is the only solution that scales to this level, across very large, complex extended business networks.
“We see secure communications as a mission critical part of our overall business strategy and a valued service to enable our customers to interact with the bank. With HPE SecureMail, our team members, customers, and business partners can interact online in a secure simple manner.”
Envision Pharmaceutical Services
Envision Pharmaceutical Services (EnvisionRxOptions) is a national, full-service pharmacy benefit management (PBM) company. Beyond complying with HIPAA regulations and PCI DSS, Envision understands that other information, including internal communications, is also sensitive and should be protected. “We needed to find a way to secure data, including internal data contained in internal emails between users on company issued equipment as well as on mobile devices, and do it in a way that would make the management of the encryption keys both secure and simple,” explains Tom Hardin, the company’s information security manager. After evaluating a number of options to address this business requirement, Envision Pharmaceutical Services chose to implement HPE SecureMail.
“When it comes to email encryption, HPE SecureMail works, is simple to use and eliminates alls to our service desk because of keys being mismatched. We're very happy with the solution.”
Not All Encryption Techniques Are the Same
In a new world of advanced threats, and with data moving across systems far beyond the data store or database, new methods of protection are required for compliance and risk reduction.