A leading global human capital and management consultancy handling more than 70 million customer interactions every year across multiple geographic regions throughout Europe.
A core part of the consultancy’s operations revolve around the collection and careful management of individually identifiable human resource records. Given the huge volume of sensitive data that its operations hold and manage across interconnected networks, strict privacy control and access policy are a necessity for the company.
In light of plans to consolidate aspects of its Pan-European operations, it became a priority to implement a data protection solution which could address various data privacy compliance concerns in the EU and worldwide. Due to the sensitivity of the data involved, it is essential that the company be able to demonstrate to its customers that their data could not be accessed indiscriminately, and that customer data could not be copied, duplicated or transferred across international borders in contravention of local legislation stemming from the EU Data Protection Directive.
Evolving European Union (EU) data protection regulations – including the UK Data Protection Act – require that the firm must be able to continually demonstrate to customers that it is compliant with the latest industry and governmental requirements. In addition, the new USA PATRIOT Act presented a serious business challenge for the company as customers in Europe required clear and auditable processes be put in place to ensure that only certain staff can access certain types of data, as well as that specific data cannot be transferred or duplicated across international borders.
Robust encryption with monitored key management was determined the best way to overcome not only the risk posed by increasingly prevalent cyber attacks, but to also meet stringent regulatory compliance demands and issues surrounding ‘data sovereignty’ in a consolidated virtual environment.
Despite having existing data security solutions in place to protect sensitive customer data, the company found itself in a position whereby it needed a more powerful and simple way to manage security across a variety of systems and locations. The Vormetric Data Security solution addressed the security and access policies required to manage and secure the data of its growing customer base.
A spokesperson for the company said, “We’re under a lot of pressure to demonstrate separation of duties to our end users, many of which being large banks and other international financial institutions. As a result, we must have security provisions in place that allow us to report precisely on where data is stored, where it can be accessed from and who can access it.”
Given that the company’s customer interactions are highly transactional by their very nature, encryption performance and the impact on the speed and reliability of systems, was of utmost concern. The company has no option but to implement strict security measures, but at the same time could not tolerate any significant impact on application performance.
Prior to going into production with the solution, the Vormetric solution was deployed in ‘learn mode’, enabling the implementation of polices in a draft form without explicitly enforcing them. This low-risk approach, initially applied to a disaster recovery environment, enabled the company to test and review policies before applying them to the production environment. After this highly successful proof of concept trial, the Vormetric Data Security solution was applied to a heterogeneous database environment.
Implementation of the solution took just one month and was deployed during scheduled database maintenance, minimizing the risk of downtime or the violation of any client agreements.
Vormetric Encryption agents reside on the company’s servers and evaluate all information requests against customisable policies, providing intelligent and seamless security and access control over sensitive data. Following implementation, a spokesperson for the company commented that, “There had been extremely minimal impact on operations and no material degradation in performance” – demonstrating how the product’s design is such that it mitigates impact on database and application performance.
He continued, “We needed a data protection strategy that not only secured our data stores effectively but also allowed us to implement a policy to monitor data movement – identifying who accessed what and where. The Vormetric solution allows us to simplify separation of duties and, with initial roll-out taking just one month, disruption and administration-overhead has been minimal.”
The Vormetric Data Security product family provides a single, manageable and scalable solution to manage any key and encrypt any file, any database, any application, anywhere it resides — without sacrificing application performance and avoiding key management complexity.