Vormetric believes that “Data Security must be Simplified”It must be transparent, strong, efficient, and easy. If any of those four characteristics are missing then simplification fails.
Vormetric Encryption is a proven high-performance solution that transparently integrates into Linux, UNIX, and Windows operating systems to protect data in physical, virtual, and cloud environments.across all leading applications, databases, operating systems, and storage devices.
Business Issue: Regulatory Compliance Regulated Data : Personally Identifiable Information (PII), Personal Health Information (PHI - physical and mental health condition), employee payroll data as well as intellectual propertyGoverned by EU Data Protection Directive (EU 95/46/EC), UK Data Protection Act and US HIPAA/HITECH ActERP data from different geographic locations and systems consolidated in SAP instanceExecutive Mandate for total data protection for all SAP dataTechnical Requirement: Transparent protection without changes to databases (Oracle on Solaris) & applicationsNo changes to SAP Infrastructure investment spendSAP implementation had 138 columns of sensitive information Complete monitoring for privileged users, even in outsourced environmentsReplicated data to staging and DR environments remains encryptedSolution Imperva SecureSphere Database Activity Monitoring (DAM)Vormetric Encryption to encrypt data at restResults: Policy driven Security Complete data protection satisfies multiple compliance initiatives Different database instances in different areas have consistent security postureForensic audit data for platforms and dataIntegration with ArcSight SIEM for both Imperva DAM and Vormetric Encryption
Defend the Core: Protecting Business Critical Data BRUCE JOHNSON VP Worldwide Sales & Serviceswww.Vormetric.com
Data is Everywhere Business Application Unstructured Data Systems File Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, Security & v Office documents, PDF, Vision, Audio & other eComm/eBiz, etc.) Application Server Other Systems Fax/Print Servers (Event logs, Error logs File Servers Cache, Encryption keys, & other secrets) Security Systems Remote Locations & Systems Structured Data Database Systems Storage & Backup (SQL, Oracle, DB2, Systems Informix, MySQL) SAN/NAS Database Server Backup Systems Data Communications VoIP Systems FTP/Dropbox Server Email Servers Virtual & ! Cloud Data exists in different formats, states, and locations. Traditional Controls are not designed to secure it.
Data Security Drivers Are we Compliant? PCI DSS, HIPAA/HITECH, SOX UK Data Protection Act & EU Data Protection Directive Executive mandates to avoid unwanted media headlines Are we Secure? How can I protect my data? Who is accessing my data? What are my privileged users doing? Are IT Operations Optimized? Disruption of existing IT infrastructure is painful Re-architecting applications or storage is expensive Simplify security operations to minimize costs
Drivers for Encryption Compliance to regulations PCI, HITECH, State PII laws, EU laws, Int’l Laws Customer or executive mandates Increasing customer contractual demands to encrypt data Limit or reduce personnel allowed to access sensitive data Executive mandating encryption for safe harbor or to avoid breach notification Better Defense and Depth Data Security Protect against threats that can cause a breach Transformational technology Protect data in Physical, Virtualized and Cloud environments
About Vormetric Founded in 2001 Purpose: To Simplify Data Security Customers: 1000+ Customers Worldwide, 16 of the Fortune 25 Technology Partners: IBM – Guardium Data Encryption Symantec – NetBackup MSEO Example Strategic Relationships Intel Imperva
Market Challenges We See Too many encryption products “ “ I have 3 different solutions for 3 different platforms and now I am introducing another platform, how can I protect sensitive data with just one solution? I have to Implement quickly “I have a pending audit, how can I secure data quickly?” Performance Is Critical “Performance of our existing solution is not what we had hoped, how can we secure our sensitive data with minimal overhead?” Keys are Everywhere “I am starting to get overwhelmed with key management, is there something that can help me manage them centrally?”
Data Security Simplified Transparent Strong Must be transparent to business Privileged users should not have processes, end users, and access to sensitive data applications Firewall your data – approved Data type neutral – any data, users and applications allowed, anywhere deny all others. Efficient Easy SLA, User, and Application Easy to Understand performance must remain Easy to Implement acceptable Easy to Manage Encryption overhead can approach zero
Protect Server Data Log Files Payment Custom Apps Password files ERP CRM CMS Config filesLog Files ArchivePassword files IIS APACHE WebLogicConfig Files Data FilesArchive Transaction Logs DB2 Oracle SQL Sybase MySQL ExportsFile Share BackupArchive File Servers FTP Servers Email Servers OthersContentMulti Needs DAS SAN NAS VM CLOUD
Layered Enterprise Security FirewallNetwork IDS / IPSSecurity Content InternetLayers of filteringDefense DLP IAM WAF Applications Application Tier Data DAM Data TierSecurity DatabaseLayers ofDefense Encryption Operating System Server Tier Storage Tier Encryption Data
Imperva+Vormetric Protect Your Data FirewallNetwork IDS / IPSSecurity Content InternetLayers of filteringDefense DLP IAM Applications Application Tier Data Data TierSecurity DatabaseLayers ofDefense Operating System Server Tier Storage Tier Data
Layered Database Security Solution Users Awareness of Database users & rights Applications Imperva Database Activity audit & access controls Database Database file encryption, Operating System OS-level audit & access Vormetric controls Data Encryption key management
Imperva and Vormetric Threat Coverage Users Imperva Typical Threats: Unauthorized access to Applications sensitive database data Database Operating System Typical Threats: Vormetric Unauthorized system access to data, mitigate risk of lost media (server, disk) Data
Imperva + Vormetric Imperva SecureSphere Data Security Suite: Protect high-value business databases in the data center Audit and monitor user access to sensitive data across heterogeneous database platforms Generate alerts or block access when prohibited or anomalous database access occurs Advanced analytics and reporting to accelerate incident response and forensic investigation Vormetric Data Security: Encrypt, audit and control access to sensitive data files Transparent encryption of structured (database) and unstructured data Physical, virtual and cloud environments Integrated encryption key management and management for Transparent Data Encryption keys Protect against external threats (hackers with user credentials) and most internal threats (IT admins, etc)
Business Use CasesData Base Big Data UnStructured DocumentEncryption and NoSQL Data – Application ManagementFrom Standalone DB Big Data Typically Use Servers Supporting Documents, Files, etc.Instances, to Clustered Unstructured Data Stores, Data for ApplicationDatabase Environments Distributed Across Specific Data Common Vendors: Many Hosts Documentum,Oracle, MSSQL, DB2, Logs, Reports, Exports, SharePoint, FileNet…Sybase, Informix, MongoDB, Hadoop,MySQL, Postgres Audio/Video Recordings Cloudera, CouchDB Four Common Use Cases
Fortune 500 Medical Devices: Protects SAPData without Oracle/Solaris changes Business Problem Global Compliance PII, PHI, EU Data Protection, UK Data Protection, US HIPAA/HITECH Executive Mandate for total data protection for all SAP data Technical Requirement Transparent protection without changes to Solaris OS, Oracle DB or apps No changes to SAP Infrastructure investment Solutions Delivered Imperva SecureSphere Database Activity Monitoring Vormetric Encryption to encrypt data at rest Results Achieved Policy driven Security Complete data protection satisfies multiple compliance initiatives Forensic audit data for platforms and data
Fortune 500 Financial Services:Protects Data at Rest and Manages Access Business Problem Basel II & US banking regulations EU Data Privacy and data across borders Enterprise centralized datacenters to conserve costs but needed to ensure users only accessing data for their specific country Technical Requirements Heterogeneous database security including DB2, Oracle, Microsoft SQL Server with multiple versions of the same database Protecting information at rest and managing privileged users Ensuring database procedures only executed by right user for right tables. Solutions Delivered Imperva SecureSphere Database Activity Monitoring (DAM) Vormetric Encryption Results Achieved Compliance with global banking regulations and EU privacy requirements Operational efficiency with consistent security posture across heterogenous database environment.
Vormetric + Imperva Combined Value Robust Security: Ensures privileged users do not access to sensitive data Transparent: No disruptions to business operations No changes to applications, databases, storage Near zero performance impact Manageable: Minimize costs and maximize ROI by protecting and auditing heterogeneous database environments Quick: Rapid deployment without disrupting existing environments
Thank You www.vormetric.com @Vormetricwww.Vormetric.com