Is anybody out there subject to PCI Compliance (securing credit card data) and using NetBackup 6.5.2 KMS?
I'm interested in how your security departments have viewed the NetBackup KMS solution in view of the PCI requirements to securely manage keys?, if you've been through a PCI audit even better. I'm not sure what requirements SOX etc. impose, but any experience here also welcome.
The most NetBackup product support have been able to give me is that encryption is a requirement (but then I already knew that) they don't grasp the concept of having to manage keys.
If the NetBackup KMS is the equivalent of locking your front door & leaving the key under the mat, then our PCI auditors will string me up, encrypting tapes is only a secure method if the keys aren't easily available.
I know this stuff gets commercially sensitive, I don't need company names etc. Just your experiences.
Many Thanks
