Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TRX Enhances Its Encryption

Sometimes the problem isn't deciding whether to do encryption, but how to do it across a variety of systems and environments. For one travel industry service supplier, that question has recently been answered.

TRX, based in Atlanta, supplies services, such as online booking, reservation processing, and data intelligence, to travel agencies, corporations, travel suppliers, government agencies, and credit card organizations. Each year, the firm, which has 1,000 employees in eight locations, processes 150 million transactions for its customers.

As new regulations, such as Payment Card Industry Data Security Standards (PCI DSS), were being enacted, the travel industry service supplier decided to take a close look at its security practices. We had confidential data sitting in some of our databases that needed to be encrypted,” said Chris Mauer, director of security and controls at TRX.

While the problem was clear, the potential solution was not. Because the service supplier had grown via acquisitions throughout its history, TRX found itself in a highly heterogeneous environment. The company supports multiple operating systems (Microsoft’s Windows, Linux), database management systems (Oracle, SQL Server, IBM’s DB2), and programming languages (Java, Microsoft’s Visual Studio).

Because the systems had evolved in a haphazard manner, the company’s encryption mechanisms were inefficient. The corporation stored data that was not encrypted, used different encryption products, stored keys in different locations (some in the applications and others by the users), and had a hodgepodge of key management systems.

  • 1