It’s time to rethink data breaches. While network and device centric security efforts are important, they leave security gaps which often go undetected and remain exploitable. Regulators, auditors, partners and customers are increasingly demanding that enterprises encrypt their data.
Once encrypted, mishandled data is meaningless. Financial and reputational damage to an organization is avoided and compliance auditors know that sensitive information is being protected.
Smartcrypt Transparent Data Encryption (TDE) protects sensitive information at rest on enterprise servers and ensures compliance with a wide range of regulatory requirements and customer privacy mandates. It eliminates the negative effects of theft or accidental sharing of customer information, employee records and intellectual property.
Compliance mandates addressed by Smartcrypt TDE include:
- PCI DSS -- Addresses PCI DSS 3.0 compliance provisions 3, 7, and 8 which require privacy safeguards for all cardholder information.
- HIPAA/HiTech -- Covers the requirement that unstructured medical imagery and structured database information containing ePHI be shielded.
- GDPR -- Requires that by 2018, companies conducting business in the European Union better secure how they collect, store and use personal information.
Smartcrypt TDE is cost-effective and easy to manage, securing file and application data without application changes, additional infrastructure or professional services. No endpoint software is required and user experience is unaffected.
Smartcrypt TDE is installed on application, file and database servers containing sensitive information. Data is encrypted at the block level by a file system driver, between the operating system and the file system. Agents perform automatic encrypt/decrypt operations as data is read/written across the network.
Encrypytion of data at rest on enterprise servers with Smartcrypt TDE lays a strong foundation for a complete defense-in-depth data protection strategy.
- Protect sensitive application data or files
- No changes to applications
- Encryption key management
- SIEM and Syslog integration
- No end-user involvement
- No outside contractors