NetApp, Decru Serve PCI Combo

Network Appliance Inc. (Nasdaq: NTAP) and Decru Inc. today announced CardVault, an integrated security product to help merchants meet mandatory Payment Card Industry (PCI) security standards (see Decru, NetApp Sell PCI Security).

The news reflects big changes in storage security. It is no longer only the largest financial institutions and companies with government compliance regulations hanging over their heads. PCI standards come from the private sector rather than the government, and this particular implementation involves midsized and smaller companies.

Credit card companies MasterCard and Visa developed the PCI standards, which outline best practices for merchants to use in protecting stored credit card data.

The standards are now in effect. Companies failing to comply face fines to $500,000 and can be bounced from the card acceptance program. Online merchants with more than 600,000 credit card transactions per year already must be in compliance now. A deadline of June 30, 2005 has been set for companies termed Level 2 and Level 3 merchants, which includes anybody that clears at least 20,000 transactions per year. The standard will eventually apply to even smaller companies.

Decru isnt alone among security appliance vendors looking to cash in on the new standards. Other vendors, including NeoScale Systems Inc., Kasten Chase Applied Research Ltd., and Vormetric Inc., have features that allow companies to meet PCI standards. These include AES-256 encryption, the ability to encrypt transmission of card holder data across networks, and automatic key deletion that destroys cardholder data when it is no longer needed.Decru, however, is the first to integrate its appliance and software with a major storage vendor.

CardVault consists of Decru’s DataFort appliance and Client Security Module software, which provides the encryption, access controls, and authentication necessary to comply with the PCI standards. The software runs on servers and desktops packaged with any NetApp storage systems. Decru Marketing VP Kevin Brown says Decru supports NetApp’s Fibre Channel and IP SANs, as well as NAS installations.

The product comes at a time when storage security is clearly expanding beyond the realm of large companies. According to Canadian research firm Info-Tech Research Group, 72 percent of small and midsized banks plan to increase security software spending this year, and 59 percent plan to increase security hardware spending.

It’s not surprising that banks are highly security-aware, considering Bank of Americaand Citigroup among the embarrassed victims of recent lost-tape incidents (see NeoScale Secures $12M, Diskers Enjoying Tape Woes, and Choice Bits).

Not surprisingly, Decru’s Brown seems eager to note how security has made it off the wish list for many smaller organizations. “We’re hearing from companies we called two years ago, and they thought it would be a good idea someday,” Brown says. “I think people are getting real serious about it.”— Dave Raffo, Senior Editor, Byte and Switch