This solution applies to all Barracuda Networks Message Archiver products, all firmware versions.
PCI compliant products need to meet different requirements depending on whether they transport sensitive data or store sensitive data. This distinction is best characterized as
?data in motion? versus ?data at rest.?
To address encryption of ?data in motion? across the Internet (i.e., an open, public network), customers are advised to use the SMTP/TLS capabilities of the Barracuda Spam & Virus Firewall. SMTP/TLS performs site-to-site encryption on both sides of the SMTP transaction. Customers can even configure the Barracuda Spam & Virus Firewall to REQUIRE SMTP/TLS when receiving email for specific domains.
As for ?data at rest,? the best approach here is to ensure that the credit card numbers do not get stored in corporate email communications at all. The problem here is that email data can be stored in multiple ways, including in the email system itself, in backups, in message archives, and even in user archives (e.g., PST files). As such, in order to achieve tight control over all sources, the proper solution is to prevent emails containing credit card numbers from ever being sent in the first place.
Barracuda Networks offers solutions for protecting both internal email and outbound email:
- The Barracuda Spam & Virus Firewall-Outbound helps by ensuring that emails violating policies do not get out to the Internet. There is a built-in policy for credit card numbers today, and the Barracuda Spam & Virus Firewall-Outbound can block or sideline messages that violate policy.
- The Barracuda Message Archiver helps keep your organization in compliance internally by alerting on policy violations. As with the Barracuda Spam & Virus Firewall, the Message Archiver also includes a built-in policy for credit card numbers. While the Barracuda Message Archiver does not BLOCK emails (it is not in the data path of internal emails sent inside the company), it does help a compliance officer enforce policy.
Of course, for any organization interested in compliance, they should not be focused solely on email communications. Protecting instant messaging traffic and web site traffic are important as well. Barracuda Networks? IM Firewall and Web Application Firewall provide excellent content filtering capabilities, and are ideal components in a comprehensive compliance solution.
Link to this page: