Database Encryption: File Level vs. Column Level Approaches
Learn which solution is right for you! This paper covers the two primary approaches to database encryption and provides a clear overview of benefits and tradeoffs.
Building an Effective Data Protection Strategy: 5 Best Practices
Gain expert knowledge on how to develop a solid program to safeguard your data, without extensive implementation timelines or cost.
Perception vs. Reality: What You Should Know About Data Encryption
With numerous requirements, approaches and methods for database encryption, navigating the why, how and ifs of database encryption can seem daunting. Listen to Forrester Research’s Noel Yuhanna to understand this important topic.
History & Heresy: The Future of Data Encryption
Guest Speaker: Martin Hellman, co-inventor of Public Key Cryptography
Silver Bullets Work on Werewolves, Not Database Security
This webinar provides a simple process for organizations to devise a quickly achievable and effective strategy for minimizing risk to database data while achieving compliance with regulations such as PCI, HIPAA and Sarbanes-Oxley. Listen to Imperva’s Brian Contos and Vormetric’s Gretchen Hellman to understand this important topic.
Enforcing Data Privacy Protection in an Oracle Database Environment
Learn how to gain strong separation of duties and data security for Oracle environments.
Passing PCI Data Security Standards for Encryption with Vormetric Data Security
Information security and IT operations professionals must be ready to show compliance with Payment Card Industry Data Security Standards (PCI DSS) requirements 3, 7 and 10 for protecting data at rest across the entire enterprise, often within a short time frame. Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for heterogeneous IT environments that requires minimal administrative support and does not undermine performance. This paper:
- Outlines how Vormetric addresses PCI DSS compliance
- Features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance
- Maps PCI DSS requirements 3, 7, and 10 to Vormetric Data Security capabilities (see Appendix A)
New Regulations are Putting CEOs Behind Bars
Regulatory compliance is a key issue facing businesses to day—but many of the main areas of legislation involved are new instruments, most of which have not yet been tested in practice. Most companies are, unsurprisingly, worried about what they must do to ensure compliance. Worse, many are unaware of just how many regulations have been passed recently, and which affect their businesses. But the sanctions for failure to comply are high — one piece of legislation, Sarbanes-Oxley, contains provisions for company officers to be jailed for between 10 and 25 years for different offences, as well as facing fines that could run into millions of dollars.
Top Five Reasons Encryption Alone Isn’t Enough
Encryption has become an important proactive security control used to reduce the risks associated with stolen or lost data. This control is particularly important with respect to using the compromised data to commit fraud or corporate espionage. The process of encrypting data renders it unusable, meaning that thieves attempting to commit these crimes are thwarted – even if they have physical access to the data asset. In addition, the more than 35 state breach notification laws provide safe harbor if the compromised data in question was encrypted. Encryption alone, however, is not enough to reduce all the risks to sensitive data.
Learn the five reasons why companies need more than just encryption to combat today’s threats.
Data Privacy Legislation, Regulations and Standards
The increasing accessibility of personal data and the rapid escalation in identity theft cases has resulted in a spate of regulatory legislation and industry standards targeted at ensuring confidentiality for personal and confidential information. Compliance with these regulations and standards has resulted in new security challenges for security officers and IT executives. Vormetric Data Security integrates strong data access control, host and application protection and selective encryption of stored data, providing a comprehensive security solution that protects the vulnerabilities in the stored information environment and prevents the unauthorized access and viewing of personal and confidential information. Vormetric enables organizations to meet the data protection requirements of legislative mandates and industry standards.
Enterprise Data Privacy
Protecting confidential data is a difficult job that gets more complex each day. Current security technologies like firewalls, IDS/IPS, and anti-virus do little to protect mission-critical data which may be one explanation for the recent string of visible security breaches that seem to make the headlines on a daily basis.
Ignorance and the security status quo are no longer viable excuses as they leave private data extremely vulnerable. Organizations must transition from a passive approach to information security to an active approach that addresses new threats to sensitive data and increasingly strict legislation.
Keeping Data Safe in an Outsourced Environment
Outsourcing is a highly attractive strategy in today’s tough economy and competitive global market. Like most companies, you probably outsource some functions to third parties to reduce costs and time to market, free up resources to concentrate on your core capabilities, and gain a competitive edge in your market. Global outsourcing offers these substantial benefits, but also poses some notable challenges. The free flow of non-public information (NPI) and intellectual property (IP) in the form of digital information such as source code or engineering drawings has created a dilemma for companies that outsource – how do you safeguard digital information and still provide the access third-party partners need to get the job done?
Defending OS Vulnerabilities in an Oracle Environment
Organizational security policies or regulatory auditing standards that enforce a strict separation of duties may mandate that measures be taken to distribute administrative tasks and access privileges among multiple groups within the organization. Enabling these security measures extends beyond the Oracle DBMS, requiring that the entire database environment be sealed off from all unauthorized accesses.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Achieving Data Privacy Through Database Encryption
Today, much of an enterprise’s sensitive data is stored ‘on line’ in databases. Databases supply information for a variety of applications that support an organization’s day-to-day operations, as well as storing historical transactions. Particularly sensitive information may include customer lists, financial results, personal information, credit card numbers, purchase and sales records, access codes, health records, corporate intellectual property and confidential government information.
This conflict between accessibility of information and the need to assure privacy of data has forced enterprises to incur a high level of security risk in order to remain competitive. Successfully resolving this tension requires that an enterprise shift its security strategy from implementing incremental, independently managed point solutions to refocusing on directly improving the security of the target of the attack itself.
Sarbanes-Oxley: Enforcing Control Objectives for Enterprise Information
Section 404 of the Sarbanes-Oxley Act mandates that executive management of a publicly held company report on and evaluate the effectiveness of their internal controls over financial reporting, and provide an additional report from independent auditors attesting to the effectiveness of the company’s internal controls and procedures for financial reporting. Learn how to leverage access control, encryption and audit to simply the implementation of separation of duties and protect sensitive financial data.
Protecting Personal Data Privacy
In today’s regulated IT environment, organizations that collect and store personal information from customers or other private individuals need to ensure its confidentiality wherever it resides. Enterprises subject to the requirements of legislation such as the Gramm-Leach-Bliley Act (GLBA), HIPAA and California SB 1386, as well as industry standards such as Visa’s Cardholder Information Security Program (CISP), risk steep fines, litigation and brand damage if personal information becomes compromised. To address this issue, an increasing number of organizations have created security policies that define the appropriate use of such data. Without the ability to enforce these policies, however, the possibility of exploiting vulnerabilities in the IT environment still exists.
Achieving Data Privacy Through Database Encryption (IBM)
Pervasive network connectivity is providing organizations with the opportunity to leverage their digital assets, resulting in enhanced productivity and increased profitability. Customers, vendors, partners, and other constituents are able to access the information they require in real time, improving communications and reducing costs. At the same time, this increased accessibility to sensitive information increases its vulnerability to malicious activity and misuse from both within and outside of the organization.
