Vormetric Database Security Solutions


Regulatory compliance initiatives, large-scale data breaches, protecting intellectual property, and maintaining a trusted brand are driving IT departments in every industry to adopt data-level controls for all sensitive information. Data protection is no longer an option- it's a requirement. But data protection must be balanced with concerns about application support, invasiveness, and performance. They must also consider the increased management burdens of broad and heterogeneous server encryption implementations which have multiple data repositories that include databases as well as unstructured data.

Data protection involves multiple tiers of security. One critical tier is the encryption of sensitive data in the database to manage privileged system users and provide data protection against potential threats such as lost media and external hackers. Vormetric Encryption and Vormetric Key Management provide a powerful and complete data protection solution for protecting sensitive database and server data:

  • Vormetric Encryption provides data protection for both structured and unstructured data. This data protection solution enables IT teams to encrypt and control access to database files, as well as unstructured data at the operating system level. Vormetric Encryption supports all file types along with all versions of Oracle, DB2, SQL Server, MySQL, Informix, Sybase, and proprietary databases, in physical, virtual, and cloud environments
  • Vormetric Key Management is the ideal data protection key management solution for enterprises that have chosen to use Oracle Database or Microsoft SQL Server TDE encryption. Vormetric Key Management functions as a network Hardware Security Module (HSM) for TDE implementations, to store and manage all database master encryption keys for tablespace/database encryption

Data Protection Challenges

While there are a variety of ways to protect structured and unstructured data, there are several key issues inherent in some data protection approaches. Some of the more notable data protection challenges include:

  • Protecting both Structured and Unstructured Data - Databases are part of a larger web of information flows that include backups, archives, Extract-Transform-Load (ETL) files, and reports. While data protection for structured data in the core database might be adequate, unstructured data, such as a spreadsheet report extracted from the database containing sensitive data, also needs to be considered when evaluating data protection and security. TDE provides data protection for sensitive data within the database, but cannot be extended to perform unstructured data protection outside of the database
  • Reducing Administrative Overhead - Most data protection and encryption solutions only protect one platform or one operating system, creating silos of encryption. For example, internal database encryption (TDE) solutions require user training and processes that are unique to each database company, a costly and resource-consuming task. They do not generate the economies that come from a single database encryption solution which provides data protection for multiple databases. An organization looking to provide data protection with internal database encryption functionality will need to factor in these increased costs and administrative resources required for managing multiple database encryption solutions
  • Augmenting Inadequate Policy and Database TDE Key Management - Internal database encryption solutions provide minimal encryption key management functionality and point to network hardware security module vendors (HSMs) or third-party key managers to provide the necessary encryption key management. It can become painful for enterprises with large deployments to use the native database key management solutions, since each database server will have separate encryption keys to manage
  • Simplifying Legacy Database Migration - Many enterprises need to support older database versions that do not include TDE functionality for data protection. It can be difficult or impossible to migrate these older database versions to more recent versions offering internal TDE data protection, because of the constraints inherent in the packaged database application
  • Improving Performance - Data protection and encryption operations can impose additional performance overhead. In the case of internal database encryption, this performance requirement applies regardless of the type of database encryption, whether application-level, database encryption (TDE) level, or file/OS-level. The performance overhead required for TDE varies significantly depending on the workload, whether column encryption or tablespace encryption is used, and whether the implementation supports hardware cryptographic acceleration such as Intel® AES-NI® or SPARC Niagara Crypto modules

Data Protection with Vormetric Encryption

Vormetric Encryption encrypts and decrypts data in a way that is transparent to the database, file, or application, which helps minimize performance overhead. This database data protection solution also offers integrated policy management, centralized encryption key management, and the necessary separation of duties (SOD, sometimes referred to as "segregation of duties").

Vormetric Encryption provides databases data protection for all types of unstructured data, along with structured data in all versions of Oracle, DB2, Microsoft SQL Server, MySQL, Informix, Sybase, and other proprietary databases.

Benefits of Vormetric Encryption for Data Protection

Vormetric Encryption delivers the following data protection benefits:

  • An Extensible Data Protection Solution for Structured and Unstructured Data - While TDE and other internal data protection and encryption approaches provide data protection within the database, Vormetric Encryption provides data protection both inside and around the database on all major operating systems, including Windows, Linux, and UNIX. Vormetric Encryption provides data protection and encryption irrespective of whether the server is physical, virtual, or in the cloud. And it does this with no changes to the application, database, or underlying storage infrastructure
  • A Single Data Protection Solution for All Databases - Vormetric Encryption minimizes administrative overhead with a single policy and encryption key management console. It establishes data protection policies and manages database encryption across all database platforms and versions. Vormetric Encryption currently supports all database versions from Oracle, DB2, SQL Server, MySQL, Informix, Sybase, and proprietary databases
  • Operational Efficiency through Integrated Data Protection Policy and Encryption Key Management - Vormetric provides secure key management with Vormetric Encryption as well as for third-party databases through Vormetric Key Management. One extensible encryption key management solution with a common data protection interface eliminates database encryption silos, lessens administrative costs, and provides a consistent data protection and security posture
  • Exceptional Performance - Vormetric Encryption provides superior performance over internal database TDE implementations. Vormetric Encryption performs database encryption and decryption operations at the optimal location of the file system or volume manager, and takes advantage of microprocessor encryption technology, such as Intel® AES-NI® and SPARC Niagara Crypto modules, to maximize performance and increase data protection
  • Future-Proof, Transparent Encryption and Data Protection - To maximize return on IT investments, enterprises need a data protection solution that can evolve as their requirements change. Internal data protection solutions may offer tablespace encryption or column encryption, but Vormetric Encryption provides data protection at the operating system level to perform database encryption, irrespective of database version or functionality

Vormetric Key Management for Data Protection

For enterprises that have chosen to use Oracle database or Microsoft SQL Server database encryption (TDE), Vormetric Key Management is the ideal solution for adding critical key storage functionality. Vormetric Key Management functions as a network Hardware Security Module (HSM) to store and manage the master encryption keys (MEK) for tablespace encryption and data protection.

Benefits of Vormetric Key Management for Data Protection

  • Availability - Vormetric Key Management increases data protection and availability with encryption keys stored in redundant Data Security Manager Appliances configured to provide high availability and disaster recovery
  • Broader TDE Deployments - Vormetric Key Management enables centralized TDE encryption key management, increasing data protection, reducing administrative complexity, and expanding database TDE deployments
  • Interoperability - Vormetric Key Management provides a single data protection platform to manage and secure keys for all third-party database encryption and TDE environments
  • Manageability - Vormetric Key Management provides key generation, recovery, and expiration tracking for the master database encryption keys for other vendors' TDE data protection solutions
  • Compliance and Auditability - Vormetric Key Management improves data protection by enabling separation of duties between IT functions and encryption key management, including encryption key generation, storage, expiration tracking, and auditing of key operations

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental