1.800.219.7290 / Careers / About Us / Contact Us / Partner Login / Shop Online



Summary


Company Background
Our client, a national retailer, experienced a breach in security involving credit and debit card information. Affecting thousands of transactions, the breach raised questions about the company’s ability to protect confidential customer information.

After assessing the problem, the Federal Trade Commission (FTC) determined that the retailer’s security measures were not adequate. The FTC advised the company to implement a security solution that complied with the Payment Card Industry Data Security Standard (PCI DSS).

Each day, stores in the retail chain send purchase transactions from the last 24 hours to a DB2 database on the z/OS mainframe located at the retailer’s headquarters. The transaction data for each 24-hour period is put into batch files and encrypted. It remains in storage for a number of days until all transactions are closed. Once closed, the batch files are sent to an AIX® Server, where the information is decrypted and stripped of all sensitive customer data. The sensitive data is then deleted and the remaining non-sensitive data is moved to an Oracle data warehouse for storage.

Challenges and Requirements
To evaluate its needs and advise the company on its purchase, the retailer engaged a consulting firm. The supply chain consultant assigned to the project reported, “After assessing the operation, I told the client that this was a slam dunk—SecureZIP was far and away the product that fit their need. It was going to deliver the security they needed, true enough, but as a solution, its advantages extended beyond security. SecureZIP’s other features would vastly improve the client’s processing efficiency at a lower cost. At that point, the retailer hadn’t expected a security solution to accelerate productivity. But I knew that SecureZIP was going to boost processing efficiencies in a number of ways.”

Competitive Landscape
Despite this strong recommendation, the retailer wanted to compare SecureZIP to McAfee® E-Business Server using OpenPGP encryption. The comparison brought to light some major drawbacks of the PGP-based solution, confirming the consultant’s assessment.

  • PGP fails to work across platforms, a major disadvantage given the various systems within the retailer’s processing environment.
  • In processing files, a mainframe must be able to recognize file attributes, such as file size and block allocation, as well as provide EBCDIC/ASCII conversion. Although PGP encrypts files, it does not provide file management capabilities.
  • While PGP compresses data, its compression format is not based on the .ZIP file format, the de-facto industry standard and one of the most widely used file formats in the world. In addition, PGP only achieves up to 50% compression, compared to PKZIP, which compresses files up to 95%.
These findings were the reasons that prompted the supply chain consultant to term SecureZIP the “slam dunk” solution. “SecureZIP is an elegant solution for a z/OS environment because it encrypts, compresses, and manages many kinds of files—all in a single application and across many platforms. McAfee’s PGP product cannot compete with the overall value and ease of PKWARE’s application.”

The Solution - SecureZIP
In protecting sensitive data, SecureZIP supports X.509 digital certificates, as well as passphrases. SecureZIP's performance and reputation for helping organizations comply with PCI DSS assures potential users that their data will be protected in transit and in storage. In addition to securing data, SecureZIP effortlessly streamlined operations and increased the retailer’s productivity by:

  • Working seamlessly across platforms, including mainframes and midrange systems, servers, and desktops. In this case, SecureZIP easily transferred data from the z/OS mainframe to an IBM® AIX Server.
  • Compressing, encrypting, and providing file management in a single process, improving efficiency.
  • Simplifying operational procedures. SecureZIP supports both digital certificate and passphrase implementations, while providing scalability to fit the organization’s infrastructure and easily incorporating itself into current operational routines.
  • Dramatically accelerating processing time. Before purchasing SecureZIP, the retailer did not use a compression product. With SecureZIP, the company was able to reduce communication time between its mainframe and servers by 75%.



Related Stories