PCI compliance (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Compliance


catzodellamarina -> PCI compliance (24.Nov.2010 10:45:00 AM)

We are about to begin a PCI compliance project. Part of the process will require encryption of "data at rest" on our SAN. Since I have my Exchange DB's on the SAN, it appears that they are within this scope. Is adding PCI encryption to my Exchange disks is necessary? Is there a risk in adding encryption? Is an Exchange .EDB data at rest already classified as encrypted?

Anything is possible but I can't see it being all that simple to steal, mount, and get all the emails out of my .EDB's. Can someone shed some light on this?

pjhutch -> RE: PCI compliance (1.Jan.2011 12:53:52 PM)

I would say the data is encoded rather than encrypted.

See these articles:

Page: [1]