1. Defend the Core:
Protecting Business Critical Data
BRUCE JOHNSON
VP Worldwide Sales & Services
www.Vormetric.com
2. Data is Everywhere
Business Application
Unstructured Data Systems
File Systems (SAP, PeopleSoft, Oracle
Financials, In-house, CRM, Security &
v
Office documents,
PDF, Vision, Audio & other eComm/eBiz, etc.)
Application Server
Other Systems
Fax/Print Servers (Event logs, Error logs
File Servers Cache, Encryption keys,
& other secrets)
Security Systems
Remote Locations
& Systems
Structured Data
Database Systems
Storage & Backup (SQL, Oracle, DB2,
Systems Informix, MySQL)
SAN/NAS Database Server
Backup Systems
Data Communications
VoIP Systems
FTP/Dropbox Server
Email Servers
Virtual
&
!
Cloud
Data exists in different formats, states, and locations.
Traditional Controls are not designed to secure it.
3. Data Security Drivers
Are we Compliant?
PCI DSS, HIPAA/HITECH, SOX
UK Data Protection Act & EU Data Protection Directive
Executive mandates to avoid unwanted media headlines
Are we Secure?
How can I protect my data?
Who is accessing my data?
What are my privileged users doing?
Are IT Operations Optimized?
Disruption of existing IT infrastructure is painful
Re-architecting applications or storage is expensive
Simplify security operations to minimize costs
4. Drivers for Encryption
Compliance to regulations
PCI, HITECH, State PII laws, EU laws, Int’l Laws
Customer or executive mandates
Increasing customer contractual demands to encrypt data
Limit or reduce personnel allowed to access sensitive data
Executive mandating encryption for safe harbor or to avoid breach
notification
Better Defense and Depth Data Security
Protect against threats that can cause a breach
Transformational technology
Protect data in Physical, Virtualized and Cloud environments
6. About Vormetric
Founded in 2001
Purpose:
To Simplify Data Security
Customers:
1000+ Customers Worldwide, 16 of the Fortune 25
Technology Partners:
IBM – Guardium Data Encryption
Symantec – NetBackup MSEO
Example Strategic Relationships
Intel
Imperva
7. Market Challenges We See
Too many encryption products
“
“
I have 3 different solutions for 3 different platforms and now I am
introducing another platform, how can I protect sensitive data with just
one solution?
I have to Implement quickly
“I have a pending audit, how can I secure data quickly?”
Performance Is Critical
“Performance of our existing solution is not what we had hoped,
how can we secure our sensitive data with minimal overhead?”
Keys are Everywhere
“I am starting to get overwhelmed with key management, is
there something that can help me manage them centrally?”
8. Data Security Simplified
Transparent Strong
Must be transparent to business Privileged users should not have
processes, end users, and access to sensitive data
applications Firewall your data – approved
Data type neutral – any data, users and applications allowed,
anywhere deny all others.
Efficient Easy
SLA, User, and Application Easy to Understand
performance must remain Easy to Implement
acceptable
Easy to Manage
Encryption overhead can
approach zero
9. Protect Server Data
Log Files
Payment Custom Apps Password files
ERP CRM CMS Config files
Log Files Archive
Password files
IIS APACHE WebLogic
Config Files
Data Files
Archive
Transaction Logs
DB2 Oracle SQL Sybase MySQL Exports
File Share Backup
Archive
File Servers FTP Servers Email Servers Others
Content
Multi Needs
DAS SAN NAS VM CLOUD
10. Layered Enterprise Security
Firewall
Network IDS / IPS
Security Content Internet
Layers of filtering
Defense DLP
IAM
WAF Applications Application Tier
Data DAM Data Tier
Security Database
Layers of
Defense
Encryption Operating System Server Tier
Storage Tier
Encryption Data
11. Imperva+Vormetric Protect Your Data
Firewall
Network IDS / IPS
Security Content Internet
Layers of filtering
Defense DLP
IAM
Applications Application Tier
Data Data Tier
Security Database
Layers of
Defense
Operating System Server Tier
Storage Tier
Data
12. Layered Database Security Solution
Users Awareness of Database
users & rights
Applications
Imperva Database Activity audit &
access controls
Database
Database file encryption,
Operating System
OS-level audit & access
Vormetric controls
Data Encryption key
management
13. Imperva and Vormetric Threat Coverage
Users
Imperva
Typical Threats:
Unauthorized access to
Applications sensitive database data
Database
Operating System
Typical Threats:
Vormetric Unauthorized system
access to data, mitigate risk
of lost media (server, disk)
Data
14. Imperva + Vormetric
Imperva SecureSphere Data Security Suite: Protect high-value
business databases in the data center
Audit and monitor user access to sensitive data across heterogeneous database platforms
Generate alerts or block access when prohibited or anomalous database access occurs
Advanced analytics and reporting to accelerate incident response and forensic investigation
Vormetric Data Security: Encrypt, audit and control access to
sensitive data files
Transparent encryption of structured (database) and unstructured data
Physical, virtual and cloud environments
Integrated encryption key management and management for Transparent Data Encryption
keys
Protect against external threats (hackers with user credentials) and most internal threats (IT
admins, etc)
16. Business Use Cases
Data Base Big Data UnStructured Document
Encryption and NoSQL Data – Application Management
From Standalone DB Big Data Typically Use Servers Supporting Documents, Files, etc.
Instances, to Clustered Unstructured Data Stores, Data for Application
Database Environments Distributed Across Specific Data Common Vendors:
Many Hosts Documentum,
Oracle, MSSQL, DB2, Logs, Reports, Exports, SharePoint, FileNet…
Sybase, Informix, MongoDB, Hadoop,
MySQL, Postgres Audio/Video Recordings
Cloudera, CouchDB
Four Common Use Cases
17. Fortune 500 Medical Devices: Protects SAP
Data without Oracle/Solaris changes
Business Problem
Global Compliance
PII, PHI, EU Data Protection, UK Data Protection, US HIPAA/HITECH
Executive Mandate for total data protection for all SAP data
Technical Requirement
Transparent protection without changes to Solaris OS, Oracle DB or apps
No changes to SAP Infrastructure investment
Solutions Delivered
Imperva SecureSphere Database Activity Monitoring
Vormetric Encryption to encrypt data at rest
Results Achieved
Policy driven Security
Complete data protection satisfies multiple compliance initiatives
Forensic audit data for platforms and data
18. Fortune 500 Financial Services:
Protects Data at Rest and Manages Access
Business Problem
Basel II & US banking regulations
EU Data Privacy and data across borders
Enterprise centralized datacenters to conserve costs but needed to ensure users only accessing data
for their specific country
Technical Requirements
Heterogeneous database security including DB2, Oracle, Microsoft SQL Server with multiple
versions of the same database
Protecting information at rest and managing privileged users
Ensuring database procedures only executed by right user for right tables.
Solutions Delivered
Imperva SecureSphere Database Activity Monitoring (DAM)
Vormetric Encryption
Results Achieved
Compliance with global banking regulations and EU privacy requirements
Operational efficiency with consistent security posture across heterogenous database
environment.
20. Vormetric + Imperva Combined Value
Robust Security: Ensures privileged users do not
access to sensitive data
Transparent: No disruptions to business operations
No changes to applications, databases, storage
Near zero performance impact
Manageable: Minimize costs and maximize ROI by
protecting and auditing heterogeneous database
environments
Quick: Rapid deployment without disrupting existing
environments
21. Thank You
www.vormetric.com
@Vormetric
www.Vormetric.com
Editor's Notes
Data is everywhere, as is the need to secure it.
Vormetric believes that “Data Security must be Simplified”It must be transparent, strong, efficient, and easy. If any of those four characteristics are missing then simplification fails.
Vormetric Encryption is a proven high-performance solution that transparently integrates into Linux, UNIX, and Windows operating systems to protect data in physical, virtual, and cloud environments.across all leading applications, databases, operating systems, and storage devices.
Business Issue: Regulatory Compliance Regulated Data : Personally Identifiable Information (PII), Personal Health Information (PHI - physical and mental health condition), employee payroll data as well as intellectual propertyGoverned by EU Data Protection Directive (EU 95/46/EC), UK Data Protection Act and US HIPAA/HITECH ActERP data from different geographic locations and systems consolidated in SAP instanceExecutive Mandate for total data protection for all SAP dataTechnical Requirement: Transparent protection without changes to databases (Oracle on Solaris) & applicationsNo changes to SAP Infrastructure investment spendSAP implementation had 138 columns of sensitive information Complete monitoring for privileged users, even in outsourced environmentsReplicated data to staging and DR environments remains encryptedSolution Imperva SecureSphere Database Activity Monitoring (DAM)Vormetric Encryption to encrypt data at restResults: Policy driven Security Complete data protection satisfies multiple compliance initiatives Different database instances in different areas have consistent security postureForensic audit data for platforms and dataIntegration with ArcSight SIEM for both Imperva DAM and Vormetric Encryption