New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

B&H Photo Selects SafeNet for PCI Compliance to Protect Online Shoppers Data

For more than 30 years New York-based B&H Photo has been a world leader in the photo video and digital imaging retail industry grossing more than $100 million in annual sales revenue. Consumer Report ranked B&H as the #1 online store to buy electronics - surpassing and

Challenges: B&H Photo was faced with an aggressive timeframe to become PCI DSS compliant. After some consideration the company decided to approach the PCI requirements as an opportunity rather than a burden; they wanted to make sure this was a business initiative and not an IT initiative. The company has a large heterogeneous information system with sensitive customer data across mixed database and application environments. In addition to B&H's New York brick and mortar store the data is stored and used for its growing online and mail-order businesses. They needed one scalable system that could handle all the back-end needs of our different sales channels. Deciding to go with a standards-based approach B&H evaluated three approaches: use native encryption offered by a database vendor; use third-party offerings that encrypt data at the database level; and use third-party systems that encrypt at the application level before the data is transferred to the database.

Info Security Products Guide
this article

Best Deployment Scenario - Database Security


Solution provided: Realizing that key management is one of the toughest PCI DSS requirements B&H was looking for a solution that was powerful yet easy to integrate into the existing environment. After a thorough evaluation process B&H chose SafeNet DataSecure® to encrypt its customer data. B&H needed flexible implementation points at both the database and application tiers yet also wanted a single integrated and comprehensive solution that meets all PCI requirements for data encryption. The company realized that traditional point products could only patch problems and would over time create "œsilos" of security and in doing so would make managing data protection a costly and burdensome task. Within months B&H implemented SafeNet DataSecure Platform as its PCI-compliant data encryption solution. The implementation was straightforward due to the out-of-the box system connectors and quick turnaround and assistance from SafeNet's technical service group. DataSecure was implemented across two development sites and a heterogeneous database environment that interfaces with both internal legacy applications and an external Web-based system. In this implementation DataSecure performs data encryption at the API level (instead of the database or application server level) allowing it to perform multiple encryptions using the same JavaScript code each time reusing that code with different applications and databases. Encryption is offloaded to the DataSecure platform keeping DBA functions separate from the security functions and keeping performance levels at their highest to ensure uninterrupted business processes.

Summary: After achieving PCI compliance B&H continues to manage security as an ongoing initiative and continues to make investments to "future-proof" the company's brand. By taking this strategic approach to enterprise data protection B&H has built an extensible security foundation that will grow as the organization grows as their IT environment diversifies and as data privacy needs change over time. B&H understood the cost-saving benefits by taking a strategic approach to its security strategy and is now realizing the upstream benefits to encryption - their technological commitment to consumer protection has boosted the value of B&H's brand and customer loyalty.

SafeNet Inc.
4690 Millennium Dr.
Belcamp MD 21017