Over the coming weeks The Tech Herald will attempt to offer some insight in to various companies, some you know and some you do not. The features are designed to give some information, good and bad if it is relevant, into companies or services IT departments should care about. To the home user, there will be features on companies and tools that will offer you some insight into things you might not be aware of as well.
Vormetric protects data, you have data to protect, here is a little research for you. (IMG:J.Anderson)
Who:
Why should you care? Vormetric is a young company, you might not know who they are, and you have never heard of a Data Security Expert unless you count the database guy in development. However, if your company is looking to expand using multiple platforms and different data sets, if you have compliance issues or need to establish compliance certification, then you may want to start researching companies who focus exactly on that area.
Compliance (HIPAA, SOX, PCI, GLBA, and countless others) is a huge, if not the single largest, business security issue of late 2007 to early 2008. Think back, five months in to the year, (May 2008 at the time of press –ED) and already we have seen more PCI related information losses, data leaks, and exposures than any other period over the last twenty four months. TJX and Hannaford Bros. will spend hundreds of millions of dollars this year alone on their PCI related screw ups. Add to that, hospitals and other medical related industry losses due to HIPAA violations and you can see that while there is a general consensus the data is at risk (at rest or in transit), little is being done to protect it.
There are also the mass marketing of reports, surveys, and other news that C-Level executives are scared. They are afraid that their company is next, and that they will end up on the eleven-o-clock news. Depending on how you view these reports, the glass is half empty or half full. The common thread is that no matter what happens, the added security is reactive instead of proactive. Executives react to data loss and then rush to add security only after disaster strikes.
Focusing on three areas, Compliance, IP protection, and scaled vertical market protection, Vormetric only offers to do one thing; protect your company’s data. Encryption solutions come in all shapes and sizes, but the key to proper encryption is to identify exactly what needs protected, and build out from there. Security should always focus on how well it will work with a unique business model, and because of that, you need to design security plans based on the needs of the business. If you fail to do this, business is hampered by the security policies and so-called "solutions" that halt normal production.
After researching and talking to the company, the reason Vormetric is listed in this profile is that they can help a company start by identifying the information that needs protected, and build security around that while the business expands. Their primary focus is encryption and centralized key management/unified key security.
For established companies, Vormetric is cross platform, as Data Security Expert is growth based, you can use what you want, when you need it, and grow from there. The scale and scope of your network is not a factor with Vormetric, as they only focus on the data. When it comes to the key management and encryption Vormetric says, "We can do this for any application, any file, any database in distributed environments and also protect the encryption keys of 3rd party products."
[Note The Tech Herald had no prior contract with Vormetric before research began. The company was picked at random originally for a DLP article. After talking to their marketing and sales departments, both on official news related issues and on the sly pretending to be an interested company or potential customer, the idea to feature them as the first in a list of company profiles was decided.]
So what do they offer?
Four things make up Data Security Expert. The first is Data Security Server, which is a centralized appliance that offers both key and policy management. It has a pretty GUI that allows web based administration, policy management, and auditing across the company. The second part is Database Encryption Expert, which supplies transparent encryption to applications and databases. It works with DB2, IBM, Informix, Microsoft SQL Server, Oracle, Sybase, and others. It can encrypt the data sure, but it also secures password files, audit logs and more.
The third part is File Encryption Expert, offering file encryption, role and user based policy enforcement for data integrity and decryption, and separation of duties. The separation of duties feature restricts access to data by allowing system administrators or root users the ability to maintain the system and backup data, without being able to view the encrypted data. The final part to Data Security Expert is Encryption Expert, which automatically encrypts information based on policy and provides layers of access control, integrity controls, and auditing controls.
So what’s the catch?
You can contact Vormetric at their website. www.vormetric.com
Comment on this Story