Founded in 1988, Cadence Design Systems is one of the most recognizable names in the electronic design automation (EDA) industry. The Nasdaq-listed company provides software, hardware, IP and services that are used prolifically throughout the $300 billion global semiconductor marketplace. The San Jose, California-based company has 4,700 employees and in 2010 generated revenues of $936 million.
“Everything we do involves a lot of data sharing,” explained David Vargas, Cadence Information Security Architect. “We get very specific details about planned new products, as well as problems clients need solved. Much of the information is so sensitive that the repercussions of inadvertently allowing unsanctioned access could be catastrophic. The need for tight security is obviously a very critical part of our business.”
“Our customers need to know when they entrust us with their data, it is completely secure,” Vargas Elaborated. “They want assurances that it has been encrypted and that nothing inappropriate has occurred. It is not uncommon to be asked to provide log files documenting which users have accessed specific files and what actions they took.”
To address varied client requirements, Cadence offers project environments with tiered categories of security. Vargas recalled, “When originally creating the different project security profiles we looked for best-in-class security products. We quickly determined that the integrated encryption, access control and key management components of the Vormetric Data Security solution would provide exactly what we needed.
“Our clients know the excellent reputation of Vormetric solutions and most are aware that the products are heavily used by the government: This provides instant credibility, and confidence in how we ensure the ongoing integrity of all project-related data.”
Cadence performs a large number of customer engagements and all are typically very diverse. “Vormetric gives us the flexibility and granularity we need to quickly generate the appropriate security characteristics for any given project. We can set up multiple clients and efficiently provide each one the desired levels of protection, including logging, access rights and encryption,” noted Vargas.
Extensive use is made of a load-balanced server farm to place resources in a cloud configuration. “We create what are essentially private clouds in our environment and then use Vormetric to provide the ongoing security. This approach enables a dramatic reduction in the number of machines required to handle the workload, and the flexibility of the Vormetric solution directly supports this without compromising security,” stated Vargas. “The Vormetric management console allows remote deployment of access controls and facilitates precise customization of individual data security policies.”
The cadence environment is predominantly VMware, utilizing Red Hat Enterprise Linux, and a smaller number of Citrix, Solaris and SUSE Linus components. Vargas commented, “Our business is extremely dynamic and Vormetric handles reconfiguration of clusters with zero impact to ongoing projects. Security policies are enforced throughout our global network. We’ve had up to 400 discrete virtual environments simultaneously protected, and the encryption process overhead is so low that it is completely unnoticeable. I’m very happy with the performance of all of our Vormetric components.”
Vormetric Data Security’s integrated key management is used to centrally manage the distribution, backup and recovery of encryption keys, as well asto provide capabilities to conduct a centralized audit of related security operations. Vargas stated, “This application is really excellent: I have not yet found an equal in the industry.”
“Trust is hugely important to the way we do business, and showing clients the Vormetric implementation immediately creates a sense of confidence,” concluded Vargas.
The Vormetric Data Security product family provides a single, manageable and scalable solution to manage any key and encrypt any file, any database, any application, anywhere it resides- without sacrificing application performance and avoiding key management complexity.