RESEARCH AND WHITEPAPERS

Vormetric Resource Center

Featured Research and Whitepapers

Research and Report
  • Research and Report
  • Whitepapers
Quantifying the Cost of a Data Breach by Industry

By Derek E.Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC

This report will provide you with explanations and actionable information that will help you secure your most crucial asset, your data.

Download

Vormetric Key Management for Software-as-a-Service (SaaS)

The use of SaaS applications such as a salesforce.com, ServiceNow, Workday, Box, and others has become the standard for the way many organizations conduct business, resulting in corporate data being sent northbound to the cloud.

While native and third-party encryption options including bring your own key (BYOK) are now being offered for many cloud services, challenges remain, including operationalizing the management of the encryption key lifecycle and the compliance requirements of some industry regulations to store keys separately from the encrypted data.

Download

451 Research: Peak 10 launches encryption as a Service

The 451 Take

Managed infrastructure providers can and do help supply their customers with encryption tools if asked. That is not special. What makes this worthy of note is that the offering is in the ‘as a service’ model. The service itself is based on a partnership and reseller agreement with established security vendor Vormetric (Thales Group), and uses the Vormetric Data Security Manager (DSM) integrated into the Peak 10 user console. It is agent-based, multitenant (at the DSM appliance) and runs on Peak 10 equipment as a virtual appliance. It is file-level encryption (as opposed to whole disk), and features include policy-based controls, auditable records, key management and other standard features for encryption software.

Download

2016 Vormetric Data Threat Report: Financial Services Edition

According to the legend of Willie Sutton, the oft-misquoted bandit robbed banks because ‘that’s where the money is’. Thus it’s no surprise that the U.S. financial industry is among those that are most heavily targeted by cyber attacks, and like the broader global economy, has been subject to numerous and well-publicized data threats.

Hardly a week goes by without news of another damaging data breach incident - according to the Privacy Rights Clearinghouse, the number of records breached in 2015 was more than twice that of 2014 – despite the fact that collectively, we are spending billions each year on various forms of cybersecurity and venture capitalists are spending princely sums on startups touting the latest and greatest new security offerings.

Download

2016 Vormetric Data Threat Report: Healthcare Edition

The past few years have subjected the U.S. economy to a seemingly endless chain of well-publicized data breaches that have elevated concerns about protecting sensitive data beyond the technical realm and into the mainstream public consciousness, and left few Americans confident that U.S. organizations are doing enough to ensure the safety of their digitally stored personal information.

Hardly a week goes by without news of another damaging data breach incident - according to the Privacy Rights Clearinghouse, the number of records breached in 2015 was more than twice that of 2014 – despite the fact that collectively, we are spending billions each year on various forms of cybersecurity and venture capitalists are spending princely sums on startups touting the latest and greatest new security offerings.

Download

2016 Vormetric Data Threat Report: U.S. Federal Edition

The past few years have subjected the U.S. economy to a seemingly endless chain of well-publicized data breaches that have left few Americans confident that U.S. organizations are doing enough to ensure the safety of their digitally stored personal information.

The past few years have subjected the U.S. economy to a seemingly endless chain of well-publicized data breaches that have left few Americans confident that U.S. organizations are doing enough to ensure the safety of their digitally stored personal information. The Cybersecurity National Action Plan (CNAP) recently outlined by President Barack Obama acknowledges some of the current weaknesses in our national digital infrastructure and contains several proposals to help reduce our overall vulnerability to cyber threats, including $3bn in new funding, the creation of a federal CISO role, plans to recruit new cybersecurity talent and increased information sharing with the private sector. Regardless of the timing, appropriateness and ultimate effectiveness of the proposals outlined in CNAP, the plan highlights the growing awareness that as a nation, we need to do more to help increase our overall preparedness to meet the security threats presented by a new world order filled with cyber-criminals, nation-states, hacktivists and cyberterrorists.

Download

2016 Vormetric Data Threat Report: Cloud and Big Data

The ‘triumvirate’ of cloud, big-data and the Internet of Things (IoT)1 can each offer substantial benefits via their ability to generate, collect and use data in novel ways that can both help improve decision making and allow for more agile and adaptive business models.

Unfortunately, as we have seen with historical patterns of IT evolution, security considerations typically take a back seat to establishing a market presence, and only get their due either as as a way to remove barriers to adoption or plug holes after the damage is done. Not surprisingly, then, we have observed a fairly strong positive correlation over time between the maturity of a specific computing model or resource, and the ability to secure that resource - and cloud, big-data and IoT have followed a similar pattern.

Download

Securosis: Securing Hadoop: Security Recommendations for Hadoop Environments

Analyst Report by Adrian Lane, CTO, Securosis

This research paper lays out a series of recommended security controls for Hadoop, along with the rationale for each. The analysis is based upon conversations with dozens of data scientists, developers, IT staff, project managers, and security folks from companies of all sizes; as well as decades of security experience the Securosis team brings. These recommendations reflect threats and regulatory requirements IT must address, along with a survey of available technologies which practitioners are successfully deploying to meet these challenges.

Download

451 Research: HSM giant Thales e-Security Aims Big with $400m Pickup of Data Security Vendor Vormetric

451 Research Report

On October 19, 2015, Thales e-Security acquired Vormetric. 451 Research released this report on October 20, 2015, to share their analysis on the opportunities and competiveness of the new combined company. The report also covers both companies’ profiles, core products and competition.

Download

451 Research: Cloud partnership program playing a growing role in Vormetric’s new encryption business

The 451 Take

It is becoming increasing common for technology vendors – particularly those whose software or hardware represents a specialized, valuable component of an enterprise infrastructure environment – to view cloud service providers as an important market and channel. This especially true as hybrid cloud models continue to blur lines between public and private, internal and hosted infrastructure resources. Most service providers, outside the small set of hyperscale public clouds, view their role as being more closely tied to service delivery than infrastructure operations. Security and compliance are at the top of that list, and are strong objectives for managed services. 451 Research’s Voice of the Enterprise cloud computing study rates security and compliance as the two most significant barriers to the adoption of cloud. The opportunity for security technology vendors in the managed hosting marketing is strong – likewise, the opportunity for service providers in developing managed offerings around these specific facets of infrastructure operations. The success of Vormetric’s cloud partner program is a useful indicator of this.

Download

Frost & Sullivan : 2015 Frost and Sullivan Global New Product Innovation Award Write Up

Read this paper to learn why Frost and Sullivan honored Vormetric with this prestigious award.

Download

IANS: Encryption as an Enterprise Strategy

By Dave Shackleford, IANS Faculty Member and SANS analyst

This report is a survey and offers analysts on creating an enterprise-wide encryption strategy and explores the growing “encrypt everything” philosophy.

Download

Aberdeen Group: Selecting Encryption for “Data-At-Rest” In Back-End Systems: What Risks Are You Trying To Address

By Derek E.Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC

This report will provide you with explanations and actionable information that will help you secure your most crucial asset, your data.

Download

451 Research: Vormetric enters encryption gateway fray with latest extension to its platform strategy

By Garrett Bekker, Senior Security Analyst

This research report analyzes Vormetric’s recent entry into the cloud encryption gateway market, tokenization, and explores Vormetric’s platform strategy. It includes a Strength, Weakness, Opportunity, and Threats (SWOT) analysis and competitive comparisons.

Download

Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

By Securosis analysts and industry experts, Rich Mogull, CEO and Adrian Lane, CTO.

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service).

Download

SC Magazine's seventh annual survey 2014: Guarding against a data breach

High-profile cyber attacks spur stronger security and risk management

The results of SC Magazine's seventh annual survey, "Guarding against a data breach," suggests that a negative impact to a company’s reputation compels companies to improve their security against a data breach. Of course, Regulatory mandates is a very close second. That's what the majority of nearly 1,000 respondents in the U.S. and U.K. had to say when queried about the primary reasons they are bolstering the protection of their electronic corporate data. The fear of negative publicity and compliance is driving a fair amount of the efforts in security, and so is executive board and customer demand. It seems the highly-publicized data breach at Target in December and resignation of both CEO and CIO has resulted in a massive restructuring of its leadership and information security and compliance division. This article that originally appeared in the April issue of SC Magazine, discusses trends in IT security investments and supply chain vulnerabilities. What is clear from the survey: The C-suite is getting the message. Highly concerned by the increase and severity of attacks, executive management are strongly engaged in security programs and engaging security leaders to have a larger a voice in the boardroom. And in some cases there is a clear business benefit as many organizations increase security investment to provide a broader differentiated message to their customers.

Download

Fieldfisher: 2014 Global Compliance: The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia

By Phil Lee, Partner, Field Fisher

Updated for 2014, this document examines the global legal obligations to encrypt personal data – included both national and industry drivers. National focuses include the EU (the United Kingdom, France, Germany and Spain), the USA, Asia (Singapore, South Korea, Japan and Taiwan) and Australia. The industry focus is most strongly around financial services compliance requirements requiring encryption, particular obligations placed on the payments services industry, and the obligation to implement access controls and threat pattern recognition capabilities.

Download

2014 Vormetric Insider Threat Report – European Edition

2014 Insider Threat Report

The 2014 Vormetric Insider Threat Report - European Edition represents the result of analysis of interviews with 537 IT and Security managers in major European enterprises around the question of insider threats. Insider threats have expanded from the traditional insiders to privileged users of systems and the compromise of internal accounts by the latest malware attacks. This infographic captures the key findings of the report, focusing on comparisons critical results around organizations insecurities, concerns, technology investments as well as comparisons against their US counterpart's responses.

US English Download

UK English Download

Download

2014 Vormetric Insider Threat Report - Australian Edition

2014 Insider Threat Report - Australian Edition

183 Completed Telephone Interviews with IT and Security managers In Australian enterprises Organizations feel highly vulnerable due to the constantly change nature of the Insider Threat Landscape Insider threats today have shifted to include both traditional insiders with access to critical data as part of their work, privileged users and the compromise of both groups' credentials by sophisticated malware and Advanced Persistent Threats (APTs). Focused on enterprises, the report details concerns, the status of protection today, and organizations plans to offset these threats. Details report the responses of European organizations as well as comparisons against their US counterparts.

Download

Enterprise Strategy Group: 2013 Vormetric Insider Threat Report: Healthcare

2013 Vormetric Insider Threat Report : Health Care

While all industries face an increasingly dangerous threat landscape, health care organizations are not defining new requirements, implementing new controls, or adapting security processes as quickly as those from other industries. Based upon the findings of this research project, health care organizations:

Remain more concerned with regulatory compliance than sound risk and threat management.

Download

451 Research Insight: Vormetric targeting channel revenue with cloud service-provider partner program

The 451 Take

The move makes plenty of sense for Vormetric. As its enterprise customers move workloads into cloud environments, it is important for the company to focus part of its energy on making it simple for those customers to move licenses to the cloud, or to acquire the same kind of protection from their cloud providers. Demand is increasing for data encryption among existing cloud users because unwanted access to data is in the public spotlight. Vormetric also stands to benefit in the long term from the recurring revenue associated with subscription-based sales of its tools (through service providers). A formal channel program is a valuable tool here. Infrastructure service providers, regardless of technical complexity or in-house expertise, tend to look to their technology vendors for specific and prescriptive direction around how to go to market with a given technology, pricing and support.

Download

Enterprise Strategy Group: 2013 Vormetric Insider Threat Report: Financial Services

insider-threat-thumbnail

Financial services firms enjoy a few advantages over organizations in other industries. Banks and investment firms tend to have larger IT/security budgets and highly experienced security staff members. Large metropolitan banks also have more lucrative salary structures, and so they also have the luxury of recruiting the best and brightest security talent.

In spite of these advantages, financial services firms remain nearly as vulnerable to insider threats—41% of financial firms believe they are extremely vulnerable or vulnerable to insider threats—as compared with 47% of organizations from other industries. Just as with other organizations, they don’t feel secure.

Download

Enhanced Protection For Teradata Environments

Enhanced Protection For Teradata Environments

As enterprise organizations continue to make increasing use of sensitive business data to gain competitive advantage, data security needs to be a primary consideration at the very beginning of these projects.

Topics:

Download

How Format-Preserving Encryption Tokenization Addresses PCI DSS 3.x Security Requirements, by Fortrex

How Format-Preserving Encryption Tokenization Addresses PCI DSS 3.x Security Requirements, by Fortrex

Fortrex Qualified Security Assessors (QSA) have authored this important white paper to help clarify the PCI DSS position on when and how to use Cryptographic Tokens, Tokens created using Format Preserving Encryption (FPE).

Topics:

Download

Fortrex: Evaluation of the Vormetric Token Server

Fortrex: Evaluation of the Vormetric Token Server

Fortrex Qualified Security Assessor (QSA) evaluated the Vormetric Token Server, and determined when properly implemented and configured within a secured cardholder environment, it can reduce the scope of the systems included in the scope of a PCI DSS assessment. They also qualified that the solution can be leveraged to tokenize other sensitive data within a corporate environment. Fortrex detailed their evaluation process in their white paper, Evaluation of the Vormetric Token Server.

Topics:

Download

FedRAMP Certification of your CSP Does Not Protect your Data in the Cloud

FedRAMP Certification of your CSP Does Not Protect your Data in the Cloud

Using the services of a CSP that is FedRAMP-certified does not guarantee that the data placed with that CSP will be encrypted, secured, or otherwise protected – only that the CSP has been vetted and has the capability to protect the data as mandated by the FedRAMP requirements.

Topics:

Download

Hadoop with Vormetric Transparent Encryption Performance Whitepaper

Hadoop with Vormetric Transparent Encryption Performance

Hadoop has rapidly gained acceptance in the enterprise and is becoming a central repository for all the data in an enterprise. The data is extensively mined and analyzed by several different applications for several different objectives. Because of the richness of the data security is always a concern.

Topics:

Download

Discover How to Efficiently Address DHS Continuous Diagnostics and Mitigation Requirements

Discover How to Efficiently Address DHS Continuous Diagnostics and Mitigation Requirements

The cyber attacks being waged against government agencies continue to get more frequent, fast changing, and evasive. The Department of Homeland Security (DHS) created the Continuous Diagnostics and Mitigation (CDM) program to help government agencies establish persistent safeguards against these evolving threats.

How can government agencies address the CDM’s requirements for securing the target: the sensitive data that thieves are trying to access and exploit? Download a white paper and discover the specific CDM requirements that relate to securing sensitive data. Then find out how the Vormetric Data Security Platform enables agencies to address these and many other requirements, with unparalleled efficiency and security.

Topics:

Download

Data Encryption and Access Control for Hadoop Architecture White Paper

Data Encryption and Access Control for Hadoop Architecture White Paper

This technical white paper explores Hadoop deployments, security options, and delves deeply into how to apply encryption and access control policies to protect Enterprise Data Lakes. The paper also makes recommendations on how to segment data lakes with encryption zones to gain security and compliance in a multitenant environment.

Topics:

Download

Performance Whitepaper – MongoDB 3.2 & Vormetric Transparent Encryption

Performance Whitepaper – MongoDB 3.2 & Vormetric Transparent Encryption

MongoDB Just Got More Secure with Vormetric Transparent Encryption

In enterprises around the world, data volumes have been undergoing explosive growth. As a result, “big data”—the aggregation and analysis of massive volumes of information—has become increasingly common.

Topics:

Download

Bloor for the EU’s new data protection regulation, encryption should be the default option

For the EU’s new data protection regulation, encryption should be the default

There are many regulations and industry standards that require that stringent safeguards are applied to personal and sensitive data. Of these, the EU data protection rules affect many organisations. Now, they are set to get tougher, with higher sanctions available for non-compliance and affecting a wider range of organisations than previously.

Topics:

Download

Best Practices for Assessing Your Cloud Data Security Services

Best Practices for Assessing Cloud Data Services

Your organization is ultimately responsible for your data as you move to the cloud. This paper lists the key questions to ask of your cloud and managed service providers to understand how they meet the data security requirements specified across leading industry security initiatives.

Topics:

Download

Industry Guidelines for Building Secure Cloud Services

Industry Guidelines for Building Secure Cloud Services

Cloud and managed service providers face a broad range of security initiatives for securing data in the cloud. This paper explains how to develop secure cloud services to meet the fundamental data security requirements across the leading industry standards.

Topics:

Download

Couchbase – Vormetric Whitepaper – Big Data Without Big Headaches

Couchbase – Vormetric Whitepaper – Big Data Without Big Headaches

The challenge of how to handle Big Data is only partially addressed by the databases that are used to store it. One of the most pressing issues around Big Data adoption will be security, as more and more organizations adopt it in the coming years. Read on to find out how to benefit from Big Data while eliminating potentially big headaches.

Topics:

Download

Securing the Keys to the Kingdom

Securing the Keys to the Kingdom

Securing the Keys to the Kingdom - With all of this data, there is also risk, specifically those entities within the organization that may have access to confidential data either due to their job function or because they are gaining it through surreptitious means. When used with an Operational Intelligence platform such as Splunk, the Vormetric Data Security Platform not only encrypts and controls access to your files and databases, but also provides information that is utilized by Splunkbase. Whether the deployment is physical or virtual, the joint solution can alert when unusual or improper data access is detected, and can offer detailed user and process information to help investigation.

Topics:

Download

Vormetric Data Security Platform Architecture White Paper

Vormetric Data Security Platform Architecture White Paper

As security teams struggle to contend with more frequent, costly, and sophisticated attacks, data-at-rest encryption becomes an increasingly critical safeguard. This white paper offers an overview of the different encryption approaches available today.

Topics:

Download

Vormetric Transparent Encryption Architecture White Paper

Vormetric Transparent Encryption Architecture White Paper

Today’s IT and security organizations need to continue to scale their capabilities. They need to employ safeguards around larger volumes of sensitive data. They have to guard against more persistent and sophisticated threats, and they must establish these safeguards in more places. To address these expanding requirements, leading enterprises and government agencies rely on Vormetric Transparent Encryption.

Topics:

Download

Vormetric Application Encryption White Paper

Vormetric Application Encryption White Paper

Vormetric Application Encryption reduces the complexity and costs associated with meeting this requirement, simplifying the process of adding encryption capabilities to existing applications. This architecture paper goes into detail of the security model, best practices, APIs, and offers a sample application encryption library.

Topics:

Download

Vormetric Cloud Encryption Gateway Technical Overview White Paper

Vormetric Cloud Encryption Gateway Technical Overview White Paper

This paper provides a technical overview of the Vormetric Cloud Encryption Gateway. It covers the solution’s most significant components and describes operational aspects such as administration, authentication, access controls, performance, upgrades, and licensing.

Topics:

Download

Vormetric Cloud Encryption Gateway

vormetric-cloud-encryption-gateway-white-paper

As organizations grow increasingly reliant upon cloud storage offerings like Amazon Simple Storage Service (Amazon S3), Box and Caringo, the need to secure sensitive data in these environments grows increasingly urgent. With the Vormetric Cloud Encryption Gateway, organizations can encrypt files in cloud storage, enabling a secure and compliant file sharing and storage environment.

Topics:

Download

Vormetric Tokenization With Dynamic Data Masking

For too many IT organizations, complying with the Payment Card Industry Data Security Standard (PCI DSS) and corporate security policies has been far too costly, complex, and time consuming. Now, Vormetric offers a better way. Vormetric Tokenization with Dynamic Data Masking helps your security team address its compliance objectives while gaining breakthroughs in operational efficiency.

Topics:

Download

A Dangerous Cyber Convergence: Persistent Insiders, Evolving Adversaries

A Dangerous Cyber Convergence: Persistent Insiders, Evolving Adversaries

The White House has made cybersecurity a top government - wide priority, and agencies have taken steps to strengthen perimeter defenses, but they are still struggling to manage insider threats and external threat vectors are evolving faster than they can keep up.

Topics:

Download

VMware Product Applicability Guide for Deploying Vormetric for PCI DSS Version 3.0 Compliance

VMware Product Applicability Guide for Deploying Vormetric for PCI DSS Version 3.0 Compliance

This white paper written by a leading QSA, Coalfire, goes through the PCI DSS 3.0 controls in great detail and describes how the Vormetric Data Security Platform deployed in a Payment Card Environment running in VMware can help gain compliance.

Topics:

Download

Complying with Payment Card Industry (PCI DSS) Requirements with DataStax and Vormetric

Complying with Payment Card Industry (PCI DSS) Requirements with DataStax and Vormetric

Merchants and organizations expect the underlying database to be highly secure and in compliance, as sensitive cardholder data will eventually be kept in the data store. DataStax Enterprise in conjunction with Vormetric offers a comprehensive data security solution for the data stored in Cassandra and helps organizations comply with PCI DSS requirements.

Topics:

Download

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

The TRM Guidelines are statements of industry best practices which financial institutions (FI) are expected to adopt, and although they are not legally binding, the degree of observance with the spirit of the TRM Guidelines by a FI will be taken into account by MAS in its risk assessment of the FI. These guidelines hold for any FI that is doing business in Singapore. This White Paper maps out how Vormetric meets many of the best practices laid out in this guideline document.

Topics:

Download

Vormetric Security Intelligence with SIEM Integration

Vormetric Security Intelligence with SIEM Integration

Vormetric Security Intelligence are granular event logs that produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These logs can inform of unusual or improper data access and accelerate the detection of insider threats, hackers, and advanced persistent threats (APT) that have bypassed perimeter security. With the availability of pre-defined dashboards and reports, Vormetric Security Intelligence easily integrates with Security Intelligence Event Management (SIEM) tools. This white paper describes the integration of Vormetric Security Intelligence logs with Splunk, HP ArcSight and IBM QRadar SIEM tools, details the generated log messages and sample reports that can be generated.

Topics:

Download

A White Paper by Fortrex: Using Encryption and Access Control for HIPAA Compliance

A White Paper by Fortrex: Using Encryption and Access Control for HIPAA Compliance

Since 1997 Fortrex Technologies, Inc. has been providing IT Governance, Risk, and Compliance advisory services and solutions. In this white paper Fortrex explores how encryption, access control and file access audit logs from Vormetric can Contributes to HIPAA compliance and exempt from notification requirements of HITECH.

Topics:

Download

Vormetric NIST800-53 Mapping

Vormetric NIST800-53 Mapping

Detailed Mapping of Vormetric Data Security Platform Controls to NIST800-53 Requirements
Critical to certification for meeting FIPS, is the implementation of security controls from NIST800-53, Appendix F. Focusing on the capabilities needed to meet these requirements, this paper provides background about the Vormetric Data Security Platform and the Vormetric Transparent Encryption product that is delivered through that platform.

Topics:

Download

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

Vormetric Data Security: Complying with PCI DSS Encryption Rules

This white paper outlines how to use Vormetric Transparent Encryption to meet PCI DSS 3.0 Requirements with Data-at-Rest Encryption, Access Control and Data Access Audit Logs in traditional server, virtual, cloud and big data environments. The paper maps PCI DSS requirements 3, 7, 8, 9 and 10 that can be addressed with Vormetric Transparent Encryption.

Topics:

Download

A Coalfire White Paper: Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS

This white paper goes through the PCI DSS 3.0 controls in great detail and describes how the Vormetric Data Security Platform deployed in a Payment Card Environment running in Amazon Web Service (AWS) can help gain compliance.

Topics:

Download

Security in the Cloud for SAP HANA

Intel, Vormetric, Virtustream and SAP deliver enterprise-class customer-controlled data security - High-speed data analytics is changing the way companies compete, enabling them to generate real-time insights to support their most important business processes. Cloud computing offers a complementary technology that also provides game-changing capabilities for business computing. Yet many companies have been reluctant to deploy mission-critical applications, such as SAP HANA, in hosted cloud environments. Although they would like the potential benefits, they have understandable concerns about security and compliance.

Topics:

Download

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental