IBM DataPower Gateway (IDG, DataPower) provides services enabling applications and systems to meet regulatory compliance requirements for PCI DSS. DataPower is a gateway that provides security, control, integration, and optimized access to a full range of mobile, web, application programming interface (API), service-oriented architecture (SOA), B2B and cloud workloads.
DataPower provides configurable services that help enable PCI DSS compliance across many industries, including Financial Services, Insurance, Healthcare, Government, and Retail.
Ultimately, the customer is responsible for compliance, and must ensure that applications and data meet specific compliance specifications. DataPower helps ensure security, accessibility, and usability to achieve that compliance. DataPower can control access to cardholder data, and is designed to ensure security, resiliency, and efficiency.
DataPower security and compliance is applicable to all available DataPower form factors (Physical, Virtual, Linux, Docker, and RedHat OpenShift). DataPower provides high performance and hardened security using Authentication, Authorization, and Auditing to provide robust security enforcement.
It also provides secure token translations to easily integrate between multiple security protocols, message protection with digital signature and encryption capabilities, transport protection with TLS/SSL processing, and many more industry leading capabilities.
But how is this accomplished? To address this topic, we have published a white paper titled, “PCI DSS Compliance for DataPower”. The goal of this paper is to focus on a set of security principles to drive the highest possible level of workload protection. Covered topics include:
- Build and Maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks