nCipher Announces Newly Enhanced Database Encryption Solution.CAMBRIDGE, England -- nCipher plc (LSE LSE - Language Sensitive Editor :NCH NCH National Coalition for the Homeless NCH National Coalition for History NCH National Council for Hypnotherapy (UK) NCH National Center for Homeopathy NCH Notched NCH National Claims History NCH Nielsen Clearing House ): SecureDB, the Industry's First Practical Encryption-Based Database Security Solution, Now Supports IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) DB2, Microsoft SQL Server A relational DBMS from Microsoft that is a major component of the Windows Server System. It is Microsoft's high-end client/server database and is closely integrated with Microsoft Visual Studio and the Microsoft Office System. And Oracle nCipher plc (LSE:NCH), a leading provider of cryptographic IT security solutions, today announced that its next-generation database security solution, SecureDB(TM), now provides support for IBM DB2 and Microsoft SQL Server in addition to its previously announced support for Oracle. SecureDB is a highly sophisticated, easy-to-deploy database security solution that protects sensitive "data-at-rest" within multi-vendor database environments. Recent moves by state and federal governments toward regulating how companies handle consumer information and a number of high-profile security breaches involving sensitive data highlight the need for enterprises to impose more stringent security on credit card numbers, social security numbers, intellectual property and other sensitive information that resides in corporate databases. In a recent report by research firm Gartner Inc., Research Director Rich Mogull addresses the need for enterprises to protect sensitive data and the risk and cost for those that fail to do so. "By 2005, enterprises that do not encrypt stored, sensitive data will spend 50 percent more than enterprises that take this step, because of failure to comply with regulatory or contractual data protection requirements (0.7 probability)." The report continues, "By year-end 2006, failure to encrypt credit card numbers stored in a database will be considered legal negligence in civil cases of unauthorized disclosures (0.8 probability)."(1) Encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. is widely accepted as the ideal solution for protecting data-at-rest as it provides fail-safe protection unlike other access controls. However, to date it has not been widely deployed due to the complexity of custom integration work, variance in different database platforms and the performance impact of encrypting the entire contents of the database. Whereas lower level encryption techniques, such as waiting until data is physically stored, protect against theft of the storage media itself they fail to address the threats posed by illegitimate actions of authorized internal users. SecureDB enables users to encrypt just the sensitive information in a company's database leaving non-sensitive information unencrypted. It includes a unique policy enforcement application and database analysis tool designed to streamline deployment and to selectively apply this additional and important layer of security in the most efficient manner. SecureDB's column level approach minimizes the performance impact of encryption at this high profile point of attack as well as provides protection for the data as it is communicated and handled below the database level such that even if the storage infrastructure is breached, or if the storage media is stolen, unauthorized people will still not be able to access sensitive information. Furthermore SecureDB provides for a separation of duties designed to eliminate the "super-user" threat by dividing authority between security and access. For example, the database administrator may grant access to data but cannot grant rights to decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. sensitive data. A security officer, on the other hand, may grant rights to decrypt sensitive data but cannot grant access to data. Now with the ability to support multi-vendor database environments, which is common in many large organizations, this new security officer role can be applied uniformly and independently of the various database infrastructures and their respective operational and administrative staff. "As perimeter security breaches become increasingly common it is clear that encryption will become a ubiquitous underlying technology for a comprehensive security infrastructure. Encryption will be to security as IP is to networking," said Jeff Montgomery Jeff Montgomery may be:
About SecureDB nCipher, the leading provider of hardware security modules (HSM (1) (Hierarchical Storage Management) The automatic movement of files from hard disk to slower, less-expensive storage media. The typical hierarchy is from magnetic disk to optical disc to tape. ) has partnered with Valyd Inc. to deliver SecureDB, a database security solution that enables organizations to protect their most critical information assets through fine-grain (column-level) encryption of the most sensitive elements in their databases. SecureDB provides a centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. management console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. that can manage multiple database servers and support database applications from different database vendors simultaneously. Used in conjunction with an nCipher hardware security module (HSM), SecureDB delivers a higher level of security with a hardware-protected secure cryptographic key management system. This provides stronger policy management and administration controls. SecureDB is secured by FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. (Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. ) 140-2 Level 3 certified HSMs. About Valyd Valyd, Inc. creates software solutions that secure Enterprise data. Valyd's SecureDB platform secures sensitive "data at rest" in databases, enabling compliance with key regulatory and legislative mandates. The eSign product family secures "data in motion and in use" through the e-signing of electronic documents and content and ensuring their integrity, enabling Enterprises to safely transition from paper to electronic/ online processes. Valyd's products are used by leading financial, manufacturing and government organizations. About nCipher nCipher is redefining cryptographic security to protect points of risk across the enterprise - from network appliances (1) A specialized device for use on a network. For example, Web servers, cache servers and file servers can be implemented as general-purpose computers with the appropriate software or as network appliances, which are computers dedicated to a single function and cannot do anything to Web servers, to custom software applications and back-end databases A back-end database is a database that is accessed by users indirectly through an external application rather than by application programming stored within the database itself or by low level manipulation of the data (e.g. through SQL commands). . nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world's leading organizations - from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy - rely on nCipher to deliver a sound e-security infrastructure. nCipher's products are particularly well suited to organizations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers. nCipher is listed on the London Stock Exchange London Stock Exchange London marketplace for securities. It was formed in 1773 by a group of stockbrokers who had been doing business informally in local coffeehouses. (LSE:NCH) and is a member of the FTSE FTSE A company that specializes in index calculation. Although not part of a stock exchange, co-owners include the London Stock Exchange and the Financial Times. Notes: The FTSE is similar to Standard & Poor's in the United States. TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Washington, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com. Product or service names mentioned herein are the trademarks of their respective owners. (1) From Gartner Inc.'s "Best Practices for Effective Data Security," published September 22, 2004 |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion