Vormetric Data Security Solutions

Protecting Data-at-Rest from Data Breach Notification Requirements

Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe Data breach notification requirements vary by jurisdiction, but almost universally include a “safe harbour” clause if the data lost was in encrypted form. National laws include the UK Data Protection Act, EU Data Protection Directive 1995, EU ePrivacy Directive, South Korea’s Personal Information Protection Act, Australian Privacy Act and others.

But protection and prevention of data breaches is not as simple as implementing hardware level disk encryption or OS level encryption within systems. Attacks are increasingly able to penetrate perimeter defences, compromise accounts, and mine data without targets even being aware of the attack. With this kind of activity, simple encryption schemes won’t prevent a data breach – attackers will access accounts that allow them to decrypt and extract personal data. Driving this are criminal groups willing and able to pay for stolen personal information that has direct monetary value.

To protect organisations from the consequences of a data breach requires a data-centric focus on security around personal information.

Vormetric helps organisations to prevent data breaches

A data-centric focus on preventing the loss of personal information requires:

  • Encryption of personal data wherever it resides – including file systems databases, web repositories, cloud environments, big data environments and virtualisation implementations.
  • Policy-based access controls to assure that only authorised accounts and processes can see the data.
  • Monitoring of authorised accounts accessing data, to ensure that these accounts have not been compromised.

Vormetric provides key portions of the solution to implementing data-centric security, providing security controls that enable organisations to safeguard and audit the integrity of customer records and information against a broad range of threats against data. Vormetric data breach protection solutions are transparent to existing operating processes and applications for rapid implementation of protection from data breaches.

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection from data breaches by limiting data access to only personnel and programmes authorised to do so. The same data provides the security intelligence information required for the Security Information and Event Management solution to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption adds another layer of data breach protection, enabling organisations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management enables centralised management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

This single platform solution to multiple data breach protection needs helps organisations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.


2014 Global Compliance: The legal obligations..

2014 Global Compliance

By Stewart Room, Partner, Field Fisher Water House. This document examines the global legal obligations to encrypt personal...  

Download >>


Bloor White Paper: For the EU’s new data protection regulation, encryption should be the default

Bloor White Paper

There are many regulations and industry standards that require that stringent safeguards are...

Download >>


 We know the data at rest is secure. [Vormetric Data Secuirty] mitigated the risk we had with the Illinois Personal Information Protection Act. 

Mark Guth
Senior Manager of Information Security
Nicor Gas
Read the Case Study: Download


Encryption Architecture

Vormetric Data Security Use Cases

Download >>
Encryption Architecture

Vormetric Data Security Public Sector Use Cases

Download >>

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental