FILE ENCRYPTION

Vormetric Data Security Use Cases

Data Security through a Transparent File Encryption Program

Virtually every data-security compliance directive mandates data encryption. But compliance is no longer enough. As organizations are forced to announce their data has been breached, public trust plummets, profit and share prices fall, and once promising executive careers in both the public and private sectors crumble.

What organizations need today goes beyond compliance to true security. Unfortunately, with today’s advanced threats, network-based security tools and controls, such as IDS, IPS, firewalls, malware and SIEM solutions, are not enough. Encryption technologies must be added to overall enterprise security programs. But all encryption is not the same. To achieve the greatest security possible, executives need to understand the different kinds of encryption, how they work, and which file encryption program will make their data safest from breach.

Encryption Technologies

Self-encrypting drives (SEDs) and full disk encryption (FDE) technologies are frequently recommended for desktops and laptops, but these technologies are not particularly appropriate for enterprise-wide data security. In enterprises, data is frequently stored in multiple forms on multiple operating systems and in multiple places including the cloud. SED and FDE encrypt the data on the drive, but only when the drives are not booted. When the drives are booted, which in today’s work environment is most, if not all, of the time, the data is vulnerable. What this means is the data is protected if someone physically steals the drive. It is not if the drive is booted. Then, anyone with network or system access (for example, an internal resource with malicious intent or an external cybercriminal) has clear-text data access.

File-Based Encryption with Integrated Key Management

A better enterprise-wide solution is file-based encryption with integrated key management, which, as the name suggests, encrypts data at the file level independent of hardware and operating system. This approach can encrypt all data at rest and only decrypts it when it is needed for use. This, in itself, significantly reduces the risk of a breach.

Moreover, in the best systems, this file encryption program:

  • Is transparent, so users are unaware of encryption and decryption processes taking place
  • Uses policies to ensure only people who should have access to unencrypted data do have access
  • Identifies and authenticates users and devices and enables different levels of access based on function/need
  • Logs all access and generates alerts whenever unusual access occurs, or when attempts to access data against policy occur
  • Efficiently manages encryption keys separate from the data
  • Enables encryption to move with the data, including when it is being transmitted to another system
  • Takes advantage of encryption/decryption chipsets native to the hardware the enterprise uses so there is virtually no system degradation

The Vormetric Solution

Vormetric Transparent Encryption enables data-at-rest file encryption, privileged user access control and the collection of security intelligence logs without re-engineering applications, databases or infrastructure. The deployment of Vormetric’s encryption software is simple, scalable and fast. Vormetric Transparent Encryption Agents are installed above the file system on servers or virtual machines to enforce security and compliance policies. As with all Vormetric products, on-going policy and encryption key management operations are centralized and efficient with the Vormetric Data Security Manager.

No application changes are required for Vormetric Transparent Encryption software to deliver data encryption, privileged user access control and security intelligence

No application changes are required for Vormetric Transparent Encryption software to deliver data
encryption, privileged user access control and security intelligence

Vormetric Transparent Encryption Key Attributes

  • Transparent deployment – No development or changes required to user experience, applications and infrastructure.
  • Supports compliance and contractual mandates – Vormetric enterprise encryption software satisfies mandates around data encryption, file encryption, least privileged access, monitoring and encryption key management.
  • Limits privileged user risk – The Vormetric data encryption software solution stops root, system, cloud, storage and other administrators from accessing data while preserving their ability to perform their day-to-day administrative responsibilities.
  • The broadest heterogeneous operating system and application support – Vormetric Transparent Encryption agents support Windows, Linux and Unix platforms as well as most databases and all unstructured file types.
  • Maintain Service Level Agreements (SLA) – Distributing agents optimized for specific file system and encryption acceleration hardware across servers results in very low latency and little overhead.
  • Scales and grows with your requirements – With proven deployments of over 10,000 servers, companies can be confident that, with Vormetric’s enterprise encryption software solution, they can easily expand protecting files and data as new business requirements arise across physical, virtual, cloud or big data environments.

A Few Vormetric Partners Who Use File Encryption with Integrated Key Management

ANALYST REPORT

Encryption as an Enterprise Strategy

Vormetric Data Security Platform

Offers survey results and analysis on creating an enterprise-wide encryption strategy.  

Download >>

WHITE PAPERS

Vormetric Cloud Encryption Gateway

Vormetric Cloud Encryption Gateway

Increasingly, sensitive and strategic corporate data is finding its way into cloud storage environments.

Download >>

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental