The Vormetric Data Security Platform from Thales enables enterprises to meet compliance requirements, data privacy mandates and best practices for protection of sensitive data stored within databases. Solutions span data center and cloud environments, and include zero-downtime deployment options, application level field or column encryption, tokenization and secure management of TDE master encryption keys for existing databases.
Databases represent a central aggregation point—and a focal point for thieves. Your databases, whether on-premises or in the cloud, hold the data that matters to your business and that is prized by would-be attackers.
Insufficient security controls expose your organization to fraud and data breaches. For example, when key management is handled within the database, the DBA has control of both the data and key. Database encryption solutions often disregard the potential for insider abuse, as well as advanced persistent threats, where an attacker imitates a privileged user.
As database environments expand, so do key management challenges. While database vendors offer key management functionality, this only works when the enterprise uses that vendor's specific databases. Using multiple key management tools is complex and creates more opportunities for errors and fraud.
The data security controls used often need to vary based on the type of database deployment. The priority for an existing deployment is often to apply protection without disrupting operations or requiring re-architecture of the application, while new deployments need the flexibility to use the best tools for applying the highest level of protection. With typical enterprises requiring data security controls for hundreds or thousands of nodes, approaches need the flexibility to match requirements, scale appropriately, and integrate with existing security tools and environments.
Vormetric Transparent Encryption (VTE) offers strong, transparent, file and volume level database encryption, access controls and data access audit logging capabilities. Options enable deployment without initial encryption downtime, and no changes to operations or workflow are required . With Vormetric Transparent Encryption, you can secure sensitive data in databases across your enterprise, whether you’re running Oracle, IBM DB2, Microsoft SQL Server, MySQL, Sybase, NoSQL environments, or any combination thereof on premises or within cloud Infrastructure as a Service (IaaS) environments.
Even Platform as a Service (PaaS) environments are supported, with an integrated solution that protects MySQL databases within Pivotal Cloud Foundry – Vormetric Transparent Encryption for Pivotal Cloud Foundry.
For organizations that need to apply more granular encryption, including at the column or field level within databases, Thales offers Vormetric Application Encryption. Vormetric Application Encryption simplifies the integration of encryption into existing corporate applications and features standard-based APIs, which are used to perform cryptographic and key management operations. Users can choose between standards-based AES encryption and schema maintaining format preserving encryption (FPE), as well as local on-systems encryption capabilities or remote access using RESTful APIs.
Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with PCI DSS and data privacy mandates by replacing information stored within database fields or columns with tokens.
Vormetric Batch Data Transformation is a high speed utility for quickly performing initial encryption or tokenization of sensitive data within databases or files. Also supports development, test and partner usage of databases by replacing sensitive data before it leaves secure environments.
Complements Oracle and Microsoft SQL server native encryption capabilities by providing a central, compliant solution for securely storing and managing the TDE Master Encryption Keys that protect the database encryption keys used within these environments.
Thales database encryption solutions are highly scalable and offer protection of your database environment without compromising performance. Our database encryption has been field-tested in the most performance-intensive environments, with proven scalability to support 50,000 cryptographic transactions per second.
Vormetric Transparent Encryption makes it easy to add strong system level protections to existing databases, easily limiting system level access to cleartext only to the database process and database user role, while allowing other system level roles to work as usual without exposing sensitive data. Application encryption and tokenization solutions enable the next level of control - limiting access from within databases and applications to only those who require it for their work. And TDE key management easily adds secure, compliant, protection for TDE Master Encryption Keys that are used by existing Oracle and MS SQL native encryption environments.
The security intelligence built into Vormetric Transparent Encryption provides vital insights needed to track and demonstrate compliance with mandates such as HIPAA, PCI DSS, GLBA, SOX and others.
Most enterprises rely on a diverse database infrastructure to meet specific business objectives, but this complexity increases risk and costs. With databases housing our most sensitive and highly regulated information, organizations need better database security strategies.
Download
In today’s enterprises, databases house some of the most highly sensitive, tightly regulated data—the very data that is sought after by malicious insiders and external attackers. To safeguard against the kinds of database attacks that have dominated security headlines recently, organizations are increasingly implementing strong database encryption strategies.
Download this solution brief to learn how Thales can help you protect your critical data against both insider and external threats.
Download
Vormetric Transparent Encryption delivers data-at-rest encryption, privileged user access controls and security intelligence logs to proactively meet compliance reporting requirements for structured databases and unstructured files. With Vormetric Transparent Encryption, IT and security professionals can efficiently safeguard more data, in more environments, and against more threats as sensitive data moves into cloud deployments, big data platforms, virtualized systems and more.
Download
Vormetric Application Encryption reduces the complexity and costs associated with meeting this requirement, simplifying the process of adding encryption capabilities to existing applications. This architecture paper goes into detail of the security model, best practices, APIs, and offers a sample application encryption library.
Download
Vormetric Transparent Encryption (VTE) for PCF protects data stored within PCF MySQL v2.4.0 or later instances with file-level encryption and access control, effectively limiting access to database files to only allowed users and groups. This combination enables organizations to meet compliance requirements and best practices for data security, including excluding access from administrators of the Pivotal environment
Download
Microsoft SQL Server and Oracle Database solutions provide native transparent database encryption (TDE) that protects the data stored in their customers’ databases. Managing the TDE keys presents challenges such as isolating them from the assets they protect and storing them securely. Thales key management solutions centralize key management for Microsoft SQL Server and Oracle Database, providing greater command over the keys while increasing data security.
Download
My concern with encryption was the overhead on user and application performance. With Thales eSecurity, people have no idea it’s even running.Karl MudraCIO
Delta Dental of Missouri
Thales eSecurity is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity.Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company
