GRAMM LEACH BLILEY ACT (GLB) COMPLIANCE

Vormetric Data Security Solutions

GLB and Requirements for Protecting Data-at-Rest

The Gramm-Leach-Bliley Act (or GLB) also known of as the Financial Services Modernization Act applies to US financial institutions and governs the handling of non-public personal information. One of many items called for by the act are basic requirements for protecting customer financial records and other personal information.

Specifically, Section 501(b) of the GLB requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. It also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. This includes:

  • Insuring the security and confidentiality of customer records and information;
  • Protecting against any anticipated threats or hazards to the security or integrity of such records
  • Protecting against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

For organizations affected by the standard, these requirements, combined referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:

  • Safeguard and monitor customer records and information
  • Create and maintain effective risk assessments
  • Identify, implement and audit specific internal security controls that protect this data

Vormetric provides key portions of the solution to these problems, providing security controls that enable organizations to safeguard and audit the integrity of customer records and information against a broad range of threats against data. Vormetric supports these activities across widespread heterogeneous infrastructures that include virtualized environments, cloud and big data implementations as well as within traditional data centers.

The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to customer records and information. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Vormetric details who accesses data, leaving a clear audit trail, and enables extended security controls warranted by today’s threat environment for recognizing compromised accounts when combined with a SIEM or Big Data for Security implementation.

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection by limiting data access to only personnel and programs authorized to do so, and provide the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

This single platform solution to multiple data protection needs helps organizations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

2016 DATA THREAT REPORT

Learn About Trends in Encryption and Data security

Protect What Matters

2015 witnessed an increase in the number and intensity of data breaches. From high-profile attacks against government agencies...

Download >>

ANALYST REPORT

Encryption as an Enterprise Strategy

Vormetric Data Security Platform

Offers survey results and analysis on creating an enterprise-wide encryption strategy.  

Download >>

CUSTOMER QUOTE

 We are a rapidly expanding and dynamic business, and the flexibility Vormetric provides is crucial to the bank: It’s a solution that grows with us and allows us to securely maintain our data at all times 

Daryl Belfry
Director of IT
TAB Bank
Read the Case Study: Download

2016 DATA THREAT REPORT

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental