Database Encryption Solutions

The Vormetric Data Security Platform from Thales enables enterprises to meet compliance requirements, data privacy mandates and best practices for protection of sensitive data stored within databases. Solutions span data center and cloud environments, and include zero-downtime deployment options, application level field or column encryption, tokenization and secure management of TDE master encryption keys for existing databases.

Challenges:
  • Central Point of Failure

    Databases represent a central aggregation point—and a focal point for thieves. Your databases, whether on-premises or in the cloud, hold the data that matters to your business and that is prized by would-be attackers.

  • Insufficient Security Controls

    Insufficient security controls expose your organization to fraud and data breaches. For example, when key management is handled within the database, the DBA has control of both the data and key. Database encryption solutions often disregard the potential for insider abuse, as well as advanced persistent threats, where an attacker imitates a privileged user.

  • Complex and Inefficient Key Management

    As database environments expand, so do key management challenges. While database vendors offer key management functionality, this only works when the enterprise uses that vendor's specific databases. Using multiple key management tools is complex and creates more opportunities for errors and fraud.

  • Support for existing and new deployments

    The data security controls used often need to vary based on the type of database deployment. The priority for an existing deployment is often to apply protection without disrupting operations or requiring re-architecture of the application, while new deployments need the flexibility to use the best tools for applying the highest level of protection. With typical enterprises requiring data security controls for hundreds or thousands of nodes, approaches need the flexibility to match requirements, scale appropriately, and integrate with existing security tools and environments.

Solutions:

For organizations that need to apply more granular encryption, including at the column or field level within databases, Thales offers Vormetric Application Encryption. Vormetric Application Encryption simplifies the integration of encryption into existing corporate applications and features standard-based APIs, which are used to perform cryptographic and key management operations. Users can choose between standards-based AES encryption and schema maintaining format preserving encryption (FPE), as well as local on-systems encryption capabilities or remote access using RESTful APIs.

  • Vormetric Transparent Encryption

    Vormetric Transparent Encryption (VTE) offers strong, transparent, file and volume level database encryption, access controls and data access audit logging capabilities. Options enable deployment without initial encryption downtime, and no changes to operations or workflow are required . With Vormetric Transparent Encryption, you can secure sensitive data in databases across your enterprise, whether you’re running Oracle, IBM DB2, Microsoft SQL Server, MySQL, Sybase, NoSQL environments, or any combination thereof on premises or within cloud Infrastructure as a Service (IaaS) environments.

    Even Platform as a Service (PaaS) environments are supported, with an integrated solution that protects MySQL databases within Pivotal Cloud Foundry – Vormetric Transparent Encryption for Pivotal Cloud Foundry.

  • Vormetric Application Encryption

    For organizations that need to apply more granular encryption, including at the column or field level within databases, Thales offers Vormetric Application Encryption. Vormetric Application Encryption simplifies the integration of encryption into existing corporate applications and features standard-based APIs, which are used to perform cryptographic and key management operations. Users can choose between standards-based AES encryption and schema maintaining format preserving encryption (FPE), as well as local on-systems encryption capabilities or remote access using RESTful APIs.

  • Vormetric Tokenization with Dynamic Data Masking

    Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with PCI DSS and data privacy mandates by replacing information stored within database fields or columns with tokens.

  • Vormetric Batch Data Transformation

    Vormetric Batch Data Transformation is a high speed utility for quickly performing initial encryption or tokenization of sensitive data within databases or files. Also supports development, test and partner usage of databases by replacing sensitive data before it leaves secure environments.

  • Vormetric Key Management

    Complements Oracle and Microsoft SQL server native encryption capabilities by providing a central, compliant solution for securely storing and managing the TDE Master Encryption Keys that protect the database encryption keys used within these environments.

Benefits:
  • Database Protection Without Noticeable Performance Impact

    Thales database encryption solutions are highly scalable and offer protection of your database environment without compromising performance. Our database encryption has been field-tested in the most performance-intensive environments, with proven scalability to support 50,000 cryptographic transactions per second.

  • Single platform options that meet the full range of databased data-at-rest encryption needs

    Vormetric Transparent Encryption makes it easy to add strong system level protections to existing databases, easily limiting system level access to cleartext only to the database process and database user role, while allowing other system level roles to work as usual without exposing sensitive data. Application encryption and tokenization solutions enable the next level of control - limiting access from within databases and applications to only those who require it for their work. And TDE key management easily adds secure, compliant, protection for TDE Master Encryption Keys that are used by existing Oracle and MS SQL native encryption environments.

  • Improved Compliance Posture

    The security intelligence built into Vormetric Transparent Encryption provides vital insights needed to track and demonstrate compliance with mandates such as HIPAA, PCI DSS, GLBA, SOX and others.



Download Document