This year’s ITWeb Security Summit, scheduled to take place on 3 and 4 June in Johannesburg, will see CASA Software, which positions itself as a leader in digital transformation in SA and South African distributor of Nexsan, which positions itself as a global leader in the secure storage, protection and management of data, posing a question to South African businesses: are you PCI DSS compliant?
“The next question is – do you need to be PCI DSS compliant?” asks Byron Horn-Botha, senior sales specialist, CASA Software. “The answer to this is, yes. PCI DSS applies to every business that accepts, transmits or stores cardholder data, regardless of the size or number of transactions executed. In a nutshell, so long as you own or run a business that accepts, transmits or stores cardholder data, you must comply with the PCI DSS standards,” he adds.
Judy Kaldenberg, Nexsan SVP, Sales & Marketing, explains PCI DSS v3.2 is a globally recognised set of security standards designed to protect cardholder data and applies to any company storing, processing or transmitting credit card information. “PCI DSS v3.2 sets stringent guidelines for protecting stored cardholder data and ensuring that only authorised personnel can access it,” she says.
Kaldenberg highlights the key components of PCI DSS as:
- Protecting stored cardholder data.
- Encrypting data transmission over public networks.
- Implementing strong access control measures.
- Regularly monitoring and testing networks.
“Nexsan’s Assureon provides an ideal solution, offering robust encryption, secure data retention policies and protection against unauthorised access and deletion, helping businesses to remain compliant with PCI DSS,” she says.
Horn-Botha adds: “For storage administrators and IT architects, ensuring compliance with PCI DSS v3.2 can be challenging. The solution must be able to store data securely, manage encryption keys and enforce consistent data retention policies. This is where Assureon steps in as a secure and efficient storage solution.”
Assureon provides administrators with the ability to securely delete data on demand, which is crucial for complying with PCI DSS’s requirements to remove unnecessary cardholder data promptly. “It is a comprehensive solution that meets PCI DSS standards by providing encryption, secure retention and deletion policies, and detailed audit logs. These retention and deletion policies are automated to help ensure businesses maintain compliance without manual intervention,” notes Horn-Botha.
Assureon supports PCI DSS v3.2 compliance through:
- Encryption of stored cardholder data. One of the core requirements of PCI DSS is that cardholder data must be encrypted both at rest and in transit. Assureon ensures all data is protected using AES-256 encryption, one of the most secure encryption standards available. Each file stored in Assureon has its own AES-256 encryption key, ensuring maximum security even if a specific key is compromised. Additionally, Assureon uses RSA-2048 encryption to protect the encryption keys themselves, further ensuring that stored data is secure. This layered encryption model guarantees compliance with PCI DSS requirements for stored data security.
- Automated data retention and deletion policies. PCI DSS v3.2 requires organisations to limit the retention of cardholder data to only what is necessary for business or legal reasons. Assureon allows businesses to set automated retention policies, ensuring that data is stored only for the necessary timeframe. Once the retention period expires, Assureon automatically deletes the data and destroys all associated encryption keys, making the data completely inaccessible.
- Role-based access and audit trails. PCI DSS requires stringent controls over who can access cardholder data. Assureon supports role-based access control (RBAC) by integrating with Active Directory or custom credential systems. This means that only authorised users can access encrypted data, helping organisations comply with PCI DSS’s access control requirements. Moreover, Assureon generates detailed audit logs for every file access or modification. These logs provide visibility into who accessed specific data, what changes were made and when the actions occurred, allowing organisations to meet the reporting and monitoring standards set by PCI DSS. You can explore more about how Assureon supports audit and compliance.
- Secure data transmission. PCI DSS mandates that data transmitted over public networks be encrypted. Assureon uses TLS 1.2 for secure communication between clients and servers, ensuring that cardholder data is encrypted while being transferred. This protects sensitive information during transmission, further enhancing security and helping organisations comply with PCI DSS’s data transmission requirements.
- Protection against unauthorised deletion. Assureon’s policy engine ensures that no data can be deleted or altered until the retention period has been satisfied. Even system administrators are unable to delete or alter data before the retention policy allows it, ensuring that cardholder data is preserved securely until it is no longer needed.
For added security, Assureon allows administrators to review files flagged for deletion before final approval. This helps businesses to maintain control over their data while meeting PCI DSS requirements.
Horn-Botha summarises the benefits of Assureon for PCI DSS compliance as follows:
- End-to-end encryption: Protects stored cardholder data with AES-256 encryption.
- Automated retention and deletion: Ensures compliance with PCI DSS’s data retention policies.
- Comprehensive audit trails: Provides visibility into who accessed cardholder data and when.
- Secure data transmission: Uses TLS 1.2 to protect cardholder data during transmission.
- Strict access control: Enforces role-based access to limit who can view or modify data.
“By integrating Assureon into your organisation’s storage infrastructure, you can ensure that sensitive cardholder data is protected, and that your organisation remains compliant,” concludes Horn-Botha.
For information and to register for the 2025 Security Summit, visit: https://www.itweb.co.za/event/itweb-security-summit-2025/.
About CASA Software
CASA Software is a digital transformation organisation comprising a highly skilled team of technology professionals. The company has over three decades' experience in the South African and sub-Saharan ICT industry.
CASA Software helps customers to transform and optimise ICT operations from mobile to mainframe, including hybrid and multicloud, to accelerate innovation while maximising customer value.
CASA Software partners with software industry technology leaders to enable its customers to realise the value of AI-driven operations and streamlined automation. Its solutions are designed to assist customers to securely embrace the challenges of digital transformation and the next AI-driven era of computing.
CASA Software's customers include leaders in finance, telecommunications, retail and the public sector.
Visit CASA Software online here.
Contact: support@caafrica.co.za
About Nexsan
Nexsan is a global leader in enabling customers to securely store, protect and manage data. Established in 1999, Nexsan has earned a reputation for delivering the most highly reliable, secure and cost-effective storage while always remaining agile to continuously deliver purpose-built storage and data management solutions that meet complex and ever-changing IT, business and budgetary requirements. Nexsan’s patented technology is ideal for a variety of use cases, including backup and recovery, content delivery and streaming, scientific lab data, virtualisation, evidentiary data, digital video surveillance, regulatory compliance and healthcare records. For further information, please visit www.nexsan.com.
Share