Retail PCI Compliance Software Solution: Frequently Asked Questions About Training and Implementation Red Iron
   
   
 
pci compliance

Training and implementation

How long will 2Encrypt take to implement?

Generally two to three months—a fraction of the time it would take to upgrade legacy software. Learn more about implementation.

Is 2Encrypt configurable?

Yes. 2Encrypt is configured to enlist the applications, resources (files, registry keys, database columns, network ports), and key specifications that will be used to protect the data on each windows machine that is manipulating sensitive data. If different machines have different encryption needs within an organization, 2Encrypt can be configured to meet those needs.

Will retail end-users require any training on Red Iron’s products?

No. 2Encrypt functions transparently and seamlessly. Retail end-users aren’t required to interface with it.

Will encryption slow down our POS systems for retail end-users?

Absolutely not. Your retail end-users will not notice any difference in the way your POS system operates. Although the data is being encrypted, which consumes some processing power, we have deliberately designed 2Encrypt to minimize the performance impact especially where it relates to file I/O performance.

2Encrypt takes a segmented approach to file encryption—encrypting the file in independent blocks that can be decrypted individually. This allows it to perform optimally when a large file is being opened, appended to and closed, as well as when the file contents are accessed randomly. The result: only the actual encryption is added to the overhead and that is very quick for symmetric ciphers (we use symmetric ciphers on the contents of the resources we encrypt).

What if data from my stores is shared with a non-Windows platform such as Unix?

The data can be sent to the non-Windows machine in a secure way, but the specifics will be different depending on the actual infrastructure used by the retailer. Red Iron provides expertise in this area, consulting with retailers about how to maintain a secure chain of custody for this data throughout the organization.

Do I need to have 2Encrypt running on every device where sensitive data is stored?

Yes, 2Encrypt is designed to be a system service in windows. It must be present on each machine that needs to use the encryption services. This fact is also necessitated by the fact that 2Encrypt has been designed to be used when there is no network connectivity, maximizing its uptime.

2Encrypt provides an application-based approach to encryption using industry standard algorithms that ensure only authorized applications are able to read encrypted data.

  

Next Steps
 
PCI Compliance Case Study

Case Study
White Paper: Becoming PCI Compliant

White Paper
Request a Contact about PCI Compliance

Request a Contact
CISP News and Updates

News and Updates