Featured Partners The latest business intelligence, analytics and integration solutions from Teradata partners GoldenGate Real-time data warehousing: It's all about the data! KXEN Lifting predictive analytics' productivity. Protegrity Database-level encryption ensures security. Siebel Enabling the insight-driven enterprise.

Print

Send to colleague

E-mail us

Protegrity delivers security for critical data in the warehouse

by Paul Giardina, Vice President of Marketing, Protegrity Corporation

The data warehouse contains the most valuable information assets in your organization. That also makes it a big target. With rising concerns about security of sensitive information, data warehouse managers—normally charged with helping the organization share information—have now also become the guardians at the gate.

As we've witnessed in recent years, effective information security demands more than surrounding the data warehouse. The way to fully protect valuable data assets is by encrypting data—down to the column level—within a database table. This is the only security method that can protect data in the event of a database breach, a deliberate data theft or even an accident, such as loss of a backup tape.

If you're not encrypting sensitive data (which includes personal identity information such as credit card numbers and Social Security numbers), you and your organization are vulnerable to security breaches. You are also increasingly exposed to penalties for non-compliance with a whole host of regulations from the credit card industry. In the United States, more than 20 state laws and a federal data-breach notification law are expected in 2006.

It is certainly important for companies handling sensitive corporate and personal identity data to have strong network firewalls, updated anti-virus software, implementation of unique IDs and other security precautions focused on the perimeter. However, as seen in the nearly 100 companies that reported thefts of sensitive data in the first half of 2005, clear evidence points to the most serious threats coming from within the perimeter—from current or past employees, partners or suppliers.

Many of the companies that handle sensitive credit-card data, for example, have not met Payment Card Industry (PCI) Data Security Standards requirements for protection of stored data, tracking usage and transmission of sensitive data across networks. Nor have most organizations scrutinized access and auditing procedures to safeguard against internal security threats. This exposes the organizations to both regulatory enforcement penalties of up to $500,000 and class-action lawsuits demanding tens of millions of dollars in penalties.

The Teradata-Protegrity partnership
Since late 2004, Protegrity has collaborated with Teradata on enterprise-level data encryption and management. In June 2005, the companies announced a global partnership to deliver database security for Teradata customers. Protegrity Defiance DPS complements the Teradata architecture by delivering information security with these prime advantages:

	Comprehensiveness—Protegrity is the only solution that establishes and manages centralized security policies, protecting and administering strong encryption keys and meeting stringent auditing requirements.
	Performance and scalability—The fastest encryption throughput in the industry leverages the power of the Teradata infrastructure and utilizes the processing power of each node it protects. It is multi-threaded and maximizes efficiency and scale with the computing power available—resulting in data that is closely protected while minimizing impact on existing systems.
	Enterprise-wide deployment—This is the only solution available that gives your company centralized management of policies and market-leading support for all databases and operating systems, including mainframes.
	Focused security—You can select, categorize and protect the most value-sensitive data in your organization.
	Full audit—Your organization gains unmatched visibility into user access and access attempts of sensitive information.
	Transparent to existing applications—Protegrity designs its solutions to be implemented at the database level with little or no programming required. This allows for quick installation and deployment, minimizing cost, operations impact and risk to current applications.

Randy Lea, vice president of Teradata product and services, adds that Protegrity's solution provides powerful data protection. He says, "Our customers typically have a concurrent mix of short transaction-like queries and long analytical queries against large volumes of current and historical data with high performance needs. Protegrity's proven solution is a perfect complement because it offers high-grade security and it leverages Teradata's unique parallel architecture for performance."

Airlines Reporting Corp: protecting data in a high-volume environment
ARC (Airlines Reporting Corp) acts as a digital business exchange for 135 airlines and more than 20,000 travel agents. As a repository for vast amounts of industry information, ARC offers its primary travel clients and interested third parties transaction-level history and analysis as unique business-planning services.

In December 2004, ARC entered into a formal beta relationship with Protegrity. "We've been interested in column-level encryption for some time because we believe it makes good business sense," says Randy Black, ARC's director of technical architecture. "And like many other companies, we were driven to take action by the mandatory requirements from payment card companies for protecting credit cardholder data."

ARC worked closely with Protegrity and Teradata to develop beta test criteria and complete two rounds of formal beta testing. "We successfully implemented Protegrity's beta version in less than one week," notes Black. Benchmarking for the ARC implementation showed minimal storage and performance overhead for the ARC data warehouse. Black explains that ARC selected Protegrity because it

	provides a true enterprise-wide solution, supporting Teradata and multiple other platforms and databases
	enables real separation of duties and roles, such as separating routine database administration from security policy management
	provides strong protection of encryption keys per PCI standards
	generates detailed audit reports of access to sensitive data
	presents water-clear transparency to business applications
	may be groomed to an organization's unique column-encryption needs

ARC's Teradata configuration with the Protegrity data security solution resident, now in production, operates as a dual-active environment with all production data replicated between systems. According to Black, Protegrity's solution not only functions per specification, it contains policy versioning functionality to support backup and recovery requirements. Black adds that Protegrity's solution is easy to understand and implement and, importantly, is extendable to other databases.

For more information on how Protegrity ensures the integrity and privacy of sensitive data housed in Teradata enterprise data warehouses, go to www.protegrity.com/securepro.html. T

© Teradata Magazine-March 2006

back to top