Headquartered in Houston, Texas, BMC Software is a global leader in enterprise IT management software and services. The company delivers innovative IT management solutions that enable customers to fully leverage complex technologies, ranging from cloud to mainframe to mobile. BMC serves one hundred percent of the Forbes Global 100 and 82 percent of Fortune 500 companies. Offerings include IT service management (ITSM), data center automation, performance management, virtualization lifecycle and cloud computing management.
Across the globe, the IT industry is becoming acutely more sensitized to cyber-based threats and the commensurate need for heightened security precautions. Audley Dean, senior director of Information Security at BMC, commented, “Our customers are deeply interested in how we handle their data. They want to know what measures we take to protect the assets they entrust to us. Many of our clients also must align to federal and industry regulations concerning how sensitive information is safeguarded.”
The BMC team looked at a variety of options to cover encryption of the company’s mixed Oracle and Microsoft SQL environment. Joel Bruesch, BMC’s senior manager of Information Security, recalled, “We are very aware of the risks associated with advanced persistent threats [APTs] and felt that we needed an approach that gave us granular control of protecting our information. At BMC, everything we do is grounded in best-in-class solutions and processes. It was imperative to choose an encryption and key management strategy that could stand up to the demands of the marketplace and our own expectations.”
One of the options considered by BMC was the use of database-level encryption. “Deploying security at the repository level turned out to be very cost prohibitive to implement and manage,” stated Bruesch. “We did extensive research and ultimately decided on Vormetric Encryption and Vormetric Key Management: The way the Vormetric solutions are structured gives us the protection we need and enables us to automatically address the majority of standards-driven controls with no manual intervention.”
The Vormetric solutions provide encryption and management of both structured and unstructured data across BMC’s distributed environment. Encryption includes data access controls, integrated key management and data access reporting. If needed, keys can be managed and securely stored for use with Transparent Data Encryption (TDE) for both Oracle and Microsoft SQL Server databases.
“Some of our customers are now coming onsite to perform audits or assessments of our security measures. The Vormetric solution provides us with file auditing capabilities that comprehensively address any possible concerns,” noted Bruesch. “We’re also leveraging Vormetric to negate a lot of the complexities in the implementation of controls for industry standards, such as simplified quarterly key rotation.
“The Vormetric solution has been extremely easy to implement; it only took about a day to get our infrastructure configured and running. From a performance perspective, our users really aren’t aware that encryption is taking place at all, which is great.”
Dean concluded, “The decision to implement Vormetric was one that everybody was very comfortable with. Our clients actively acknowledge that the solutions’ capabilities significantly minimize risk and are definitely key elements of our infrastructure.”
Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, virtual and cloud environments. Data is the new currency and Vormetric helps over 1100 customers, including 17 of the Fortune 25 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable solution suite protects any file, any database and any application — anywhere it resides — with a high performance, market-leading Data Security Platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.