Share this page:

Automating regulatory compliance assurance, audit control, and asset protection in private clouds

FSISAC_logo.png

Financial services institutions are among the most heavily regulated in the world. Laws and regulations covering this sector govern many aspects of business operations. The Sarbanes-Oxley Act (SOX) requires strict controls for IT systems used to process financial information for auditors and public reports. The Gramm-Leach-Bliley Act (GLBA) requires protection of sensitive consumer financial and account data. The PCI Data Security Standard requires protection of consumer cardholder data. The Health Insurance Portability and Accountability Act (HIPAA) requires protection of personally identifiable health data. And there are many others. Financial institutions have implemented many IT security controls to address these requirements, but there’s a new requirement that traditional IT controls are unable to address with certainty: protecting sensitive data in the cloud.

“If I had Catbird last year, it would have saved us $2M in audit costs.” 
CISO at Top 10 Financial Institution


Challenges of Compliance for Virtual Environments

Most financial institutions are rapidly adopting virtualization technology for hardware consolidation, reducing costs and speeding deployment of applications. The use of virtualization to create private clouds, however, also poses challenges for security and compliance. Traditional physical security components that are usually deployed at the network edge are difficult if not impossible to effectively monitor and control virtual components. This complicates virtual data protection, makes continuous monitoring difficult, and prevents the ability to deterministically enforce policies in the cloud for compliance. For these reasons, it is vital for financial institutions using virtual technology to adopt a tool like Catbird to protect cardholder data within that environment.

Read our Solution Brief for Financial Services.

Benefits of Catbird for Compliance

Catbird is a unique solution engineered to automate seamless, comprehensive security and compliance for organizations with sensitive data in virtual environments. Catbird provides three major benefits:

  • Segments Environments with Sensitive Data Catbird enables easy segmentation of sensitive data in a virtual environment with its logical zoning containers called Catbird TrustZones®. By dragging and dropping virtual assets into TrustZones, the assets automatically inherit security policies set for the containers (similar to how Microsoft Active Directory assigns policies to its objects). 
  • Automatically Maps & Manages All Virtual Assets With TrustZones, Catbird provides precise visibility and management of all virtual networks, network devices and system components. This includes a perfect inventory of all assets as they are turned on or off in the dynamic virtual environment – including mapping capability that diagrams all sensitive data flows across systems and networks.
  • Automatically Enforces & Documents Compliance Policies Security policies are automatically assigned by Catbird to all virtual assets placed in TrustZones, which enables the solution to automatically and deterministically enforce those policies to protect cardholder data wherever it may be processed, stored or transmitted in the virtual environment. For example, Catbird automatically executes virtual firewall policies such as blocking, alerting and quarantining according to respective regulatory framework. Catbird uses the same control frameworks as auditors, so its virtual network diagrams, Net Flow maps and operational reports instantly provide “audit-ready” documentation whenever you need it.

PCI Radar GraphHow Catbird Helps Businesses Meet Audit Requirements

Catbird automatically maps its security and enforcement policies to frameworks relevant to financial institutions, including:

  • Control Objectives for Information Related Technology (COBIT) used for Sarbanes-Oxley Act (SOX) and Gramm-Leach-Bliley Act (GLBA) compliance.
  • Payment Card Industry (PCI) Data Security Standard (DSS) v.3.0 used for PCI compliance.
  • The U.S. Dept. of Health and Human Services Privacy and Security Framework used for Health Insurance Portability and Accountability Act (HIPAA) compliance.

These policies are automatically assigned by Catbird to all virtual assets placed in TrustZones, which enables the solution to automatically and deterministically enforce those policies and protect sensitive data wherever it may be processed, stored or transmitted in the virtual environment.

Catbird uses the same control frameworks as auditors, so its virtual network diagrams, Net Flow maps and operational reports instantly provide “audit ready” documentation whenever you need it. 

Learn More About Catbird and Compliance Requirements

From ISACA (formerly Information Systems Audit and Control Association)

COBIT 5 - Overview


From the PCI Security Standards Council

PCI Data Security Standard v3.0

PCI Council website

 

From the U.S. Dept. of Health and Human Services
Privacy and Security Framework - Overview

 

From Catbird

Financial Services Case Study

Regional Bank Case Study

PCI Compliance with Catbird

HIPAA Compliance with Catbird

Solution Brief for Financial Services

 

Contact us for more information.

Take a test drive of Catbird vSecurity.