Tab Bank Comfortably Trucks Past PCI DSS Compliance with Thales eSecurity
Founded in 1998, TAB Bank was originally started by parent company, Flying J, Inc. – now FJ Management, Inc. – to serve the financial needs of the $300B US and Canadian trucking industry. It quickly built one of the largest portfolios of trucking relationships and became the leader in transportation-related financing, currently with over $670M in assets and $20M net revenue. TAB Bank has subsequently expanded into other commercial industries by providing a wide range of working capital facilities, equipment financing and deposit products.
TAB Bank desired Payment Card Industry Data Security Standard (PCI DSS) compliance because this certification is an important component for banks. Daryl Belfry, Director of IT for TAB Bank, stated, “PCI DSS requires that all stored cardholder data is encrypted, irrespective of the file type or location. We understood why this is so important but were concerned that it could negatively impact the performance of our whole infrastructure.”
He continued, “We knew that the encryption solution we ultimately selected had to allow us to manage access policies via a simple and intuitive front end. We needed to precisely control how users could access data – such as selectively limiting the copying of files to a removable USB device or local hard drive – as well as being able to implement explicit system policies like encrypting specific archived data.”
Belfry and his staff investigated a number of encryption solutions. “We felt that the user interface and policy management capabilities of the Vormetric solution were a lot better than the competition,” noted Belfry. “We liked the simplicity of the Thales approach and the manageability from an administrator perspective; System Administrators can be configured to allow execution of certain functions, while a Security Officer can be granted a superset of administration access.
John Hillas, TAB Bank’s Senior Systems Administrator, commented, “The majority of our environment is virtualized using VMware with a virtual desktop infrastructure (VDI) but we also have some separate SQL Server and AIX-based database servers. Thales’ coverage of a wide variety of operating systems and infrastructure configurations allowed us to protect our complete environment, making it very attractive to us.” “A demonstration of the Vormetric solution proved that it had minimal impact on infrastructure performance, and we were so impressed we decided a proof of concept would not be necessary.”
Thales eSecurity provides a proven data security solution to enable rapid compliance with multiple aspects of PCI DSS. The Vormetric Data Security Platform delivers industry-leading data encryption and key management capabilities without the need to modify existing infrastructure components. High performance encryption methods ensure negligible impact on transaction throughput and a sophis-ticated Web-based management console minimizes incremental operational overhead.
Vormetric Data Security Manager appliances were installed in the bank’s primary data center in Ogden, Utah and at a disaster recovery facility in Salt Lake City, Utah. “We had a Thales consultant booked for three days onsite,” recalled Hillas, “but after the first day we had already achieved everything we needed! The whole implementation process was far more intuitive than we had anticipated.”
The decision was made to keep all data, including backups, encrypted by the Vormetric solution even though the tape archival system provided its own encryption mechanism. Hillas reflected, “We explicitly configured which programs are permitted to decrypt data, so in order to facilitate controlled access to tape-based archive files we needed to know what executable code our backup system software was utilizing.” Log files generated from the Vormetric “learn” mode enabled the capture and identification of the specific application modules that would be granted permission to perform the decryption.
“We love the learn mode capability,” enthused Belfry. “It logs user interactions so administrators see how data is being accessed and can then configure our data access policies to take these patterns into consideration.” Hillas added, “It’s so easy to implement the right policies from the outset.”
“The Vormetric solution provides us with all the encryption capabilities we needed to attain PCI DSS compliance,” summarized Belfry. “Since going live we’ve experienced no impact on systems’ performance. The Vormetric appliances work as described and more, and we are delighted with the solution.”