Professional Documents
Culture Documents
com
Fle
Transparent
Encryption
Scal
Security Application
Intelligence Encryption
able
Vormetric
Data Security
Cloud Key Manager
Management Tokenization
Eff
icien
t
The Vormetric Data Security Platform features these products: Vormetric Batch Data Transformation. Makes it fast and
easy to mask, tokenize or encrypt sensitive column information
Vormetric Data Security Manager. The centralized in databases. Can be employed before protecting existing
management environment for all Vormetric Data Security sensitive data with Vormetric Tokenization or Vormetric
Platform products. Provides policy control as well as secure Application Encryption. Delivers static data masking services.
generation, management and storage of encryption keys.
Includes a Web-based console, CLI, SOAP and REST APIs. Vormetric Key Management. Provides unified key
Available as FIPS 140-2 and Common Criteria certified virtual management to centralize management and secure storage
and physical appliances. of keys for Vormetric Data Security Platform products, TDE,
and KMIP-compliant clients as well as securely storing
Vormetric Transparent Encryption. Built around a software certificates.
agent that runs on a server to protect data-at-rest in files,
volumes or databases on-premises, in the cloud, or in CipherTrust Cloud Key Manager. Manages encryption keys
hybrid cloud environments. Features hardware accelerated for Salesforce, Microsoft Azure and AWS that addresses
encryption, least-privilege access controls and data enterprise needs to meet compliance and best practices for
access audit logging across data center, cloud and hybrid managing encryption key life cycles outside of their native
deployments. Features these extensions and additions: environments – and without the need for enterprises to
become cryptographic experts. Available
• Container Security. Establishes controls inside of Docker™ for private cloud or on-premises deployment.
and OpenShift™ containers, so you can ensure other
containers and processes and even the host OS can’t Vormetric Protection for Teradata Database. Makes it fast
access sensitive data. Provides capabilities you need to and efficient to employ robust data-at-rest security capabilities
apply encryption, access control and data access logging in your Teradata environments. Offers granular protection,
on a per-or within-container basis.
enabling encryption of specific fields and columns in Teradata
• Live Data Transformation. Enables encryption and databases.
periodic key rotation of files and databases—even while
in use—without disruption to users, applications and Vormetric Security Intelligence. Produces granular logs that
business workflows. provide a detailed, auditable record of file access activities,
• Vormetric Transparent Encryption for Efficient Storage. including root user access. Offers integration
Provides a high degree of security for data stored on with security information and event management
storage systems by encrypting data while retaining (SIEM) systems. Delivers pre-packaged dashboards
critical storage efficiencies, such as deduplication and
compression. Offers the best data protection possible while and reports that streamline compliance reporting and
maintaining storage efficiency — an industry first solution! speed threat detection.
• Vormetric Transparent Encryption for SAP HANA.
Provides advanced data-at-rest encryption, access control,
key management and data access audit logging across
SAP HANA implementations and environments
KMIP
CipherTrust Cloud Enterprise Key Big Data
Key Manager KMIP Management Encryption
Vormetric
Data Security Manager
External HSM integration Secure Key Import
Import and use high entropy master keys Bring your own Data Encryption
from supported external HSMs keys via REST
Advanced Capabilities
Software Specifications
Administrative Interfaces Secure Web, CLI, REST
Number of Management Domains 1,000+
API Support PKCS #11, Microsoft Extensible Key Management (EKM), REST
Security Authentication Username/Password, RSA multi-factor authentication (optional)
Cluster Support Yes
Backup Manual and scheduled secure backups. M of N key restoration.
Network Management SNMP, NTP, Syslog-TCP
Syslog Formats CEF, LEEF, RFC 5424
FIPS 140-2 Level 1, FIPS 140-2 Level 2, FIPS 140-2 Level 3
Certifications and Validations
Common Criteria (ESM PP PM V2.1)
administration through the Vormetric DSM. Securing Sensitive Data-At-Rest Wherever It Resides
Container Support
*$^!@#)( John Smith *$^!@#)(
-|”_}?$ 401 Main
• Docker, Red Hat OpenShift
-|”_}?$
%-:>> Street %-:>>
Cloud Support
File-level encryption prevents privileged user abuse
• AWS: EBS, EFS, S3, S3I, S3 Glacier
• AZURE: Disk Storage, Azure Files
• PCF: MySQL databases within Pivotal Cloud Foundry
Technical specifications
Zero-downtime encryption and Operating System Support
• Microsoft: Windows Server 2019, 2016 and 2012
key rotation
• Linux: Red Hat Enterprise Linux (RHEL) 6 and 7 and 8,
Live Data Transformation delivers these key capabilities: SuSE Linux Enterprise Server 11, 12 and 15
Cluster support
Zero-downtime encryption deployments. The solution
enables administrators to encrypt data without downtime • Microsoft Cluster: File Cluster, SQL Server Cluster
or disruption to users, applications or workflows. While Database support
encryption is underway, users and processes continue to • IBM DB2, IBM Informix, Microsoft SQL Server, Oracle,
interact with databases or file systems as usual. Sybase and others
Big Data Support
Seamless, non-disruptive key rotation. Both security best
• Cassandra, CouchBase, Hadoop, MongoDB, SAP
practices and many regulatory mandates require periodic key HANA
rotation. Live Data Transformation makes it fast and efficient
Backup/Replication Support
to address these requirements. With the solution, you can
• DB2 backup, NetBackup, NetWorker, NTBackup,
perform key rotation without having to duplicate data or take Oracle Recovery Manager (RMAN), Windows Server
associated applications off line. Volume Shadow Copy Service (VSS)
Container
KMIP Data Security Engine
Manager
Network and
Storage SAN NAS DAS
Infrastructure
Create compliance
VMs Databases and audit reports
Dynamic data masking. Policies define whether a field is • Amazon Machine Image (.ami)
returned fully or partially masked based on user identification • Microsoft Azure Marketplace
controlled by an AD or LDAP server. • Google Cloud Platform
For example, the policies could enable customer service System requirements:
representatives to see only the last four digits of credit card • Minimum hardware: 4 CPU cores, 16–32 GB RAM
numbers, while account receivables staff could access the full
• Minimum disk: 80GB
credit card number.
Application integration:
Non-disruptive. Format preserving tokenization protects
• RESTful APIs
sensitive data without changing the database schema.
Authentication integration:
• Lightweight Directory Access Protocol (LDAP)
• Active Directory (AD)
• Client Certificate
• OAuth2
Performance:
• More than 1 million credit card size tokenization
transactions per second, per token server (using
multiple threads and batch (or vector) mode) on a
32-core server (dual-socket Xeon E5-2630v3) with
16 GB RAM
Vormetric Application
Encryption
App Servers
Vormetric Application
Web Server Encryption Service
Collecting
Sensitive Data RESTful Authentication &
RESTful PKC#11 Authorization
Request Response
Tokenization Service
Vormetric Tokenization Server
Production Database
Policy
Centralized Key
Management
Data Security
Manager
Encryption and
Key Management
Security Application
Encrypted tablespaces
AES256, ARIA128, ARIA256
Intelligence Encryption
Cloud Key
Data Security
Manager
Tokenization
Encryption Keys
RSA2048, RSA4096
Management
Enterprise Key
Management
Data
Masking
Encrypted Database • Digital certificates (X.509): DER, PEM, PKCS#7,
PKCS#8, PKCS#12
Third-Party Encryption
Securely Vault Keys KMIP Keys • Microsoft SQL TDE, Oracle TDE, IBM Security
and Certificates Guardium Data Encryption, KMIP-clients
Asymmetric • Example partners: Nutanix, Linoma, NetApp, Cisco,
Symmetric MongoDB, DataStax, Huawei
API Support
Certificates
• PKCS#11, Microsoft Extensible Key Management
•Manual Key Import •Logging Self encrypting drives,
(EKM), OASIS KMIP
•Key Vault •Ingest tape libraries, etc Key Availability and Redundancy
•Reporting •Retrieval
•Scripting Interface •Removal • Secure replication of keys across multiple appliances
with automated backups
Marketing
Marketing Executives
SCM ERP
Integrated Data Warehouse
Operational
Applications Systems
Protection Customers
Data Platform
Business Partners
Images CRM Teradata Database Intelligence
Frontline
Workers
Integrated Discovery Platform Data mining
Teradata
Audio Machine Appliance
and Video Logs for Hadoop Business
Analysts
Math and Stats
Teradata Aster Database Data
Scientists
Move Manage Access Languages
Text Web and
Social Teradata Unified Data Architecture Analytics Engineers
Sources System Conceptual View Tools & Apps Users