Privacy changes raising data-security profile in Australia: Vormetric

Australia’s growing focus on security-related governance and regulations made it a natural choice of location for encryption-management firm Vormetric as the company prepares to use its new Sydney office as a launching-off point to the Asia-Pacific region, the head of the company's Australian operations has explained.

With new advanced persistent threats (APTs) “gathering data at an alarming rate”, Vormetric country manager Damian Harvey told CSO Australia, many companies are being compromised because they “have personally identifiable information sitting on systems that are barely protected.”

Poor control of user privileges opened up other avenues of compromise as cyber-criminals entered through privileged user accounts and extracted company data without detection, Harvey said.

Wrapping that data in a layer of carefully managed encryption provides tighter control over enterprise data that may not even be available to administrators.

“Hackers tend to look for softer targets, and people are still coming in under authorised accounts and extracting the data,” Harvey explained. “We greatly reduce the attack surface by wrapping that layer up and only decrypting it for people authorised to access the data.”

“We're actually tying a person to a process, then deciding whether to deny, allow, decrypt or encrypt the data. This gives a granularity at the access layer that the industry hasn't seen before, and we've been able to help a number of organisations clean up system-administrator behaviours around the data sets.”

Vormetric's encryption tools use highly optimised parallel encryption routines to encrypt up to a terabyte of in-memory data within ten seconds, Harvey said, noting that the company's architecture fixes the common problem in which management of encryption keys is taken offline; keys are stored on a purpose-built, FIPS-compliant, tamper-proof hardware security module (HSM).

“We do this in a way that's transparent to the business,” he explained. “Applications don't have to be rewritten, databases don't have to be reconfigured, and performance is not degraded. People don't know it's being encrypted and decrypted on the way through.”

Overseas, Vormetric counts 17 of the Fortune 25 companies and already operates in 20 countries – including through partners in Australia and New Zealand. With its own presence in Australia, however, the company is positioning itself in preparation for what Harvey believes will be a surge in demand for data-management tools.

The Australian government's recent shift to a privacy environment built on Australian Privacy Principles (APPs) had raised overall awareness of the need for better security, he explained.

“We see it as a signal that the government is taking all of this more seriously,” he said.

“That's one of the reasons we have launched here: we are really trying to educate people around our capabilities, so we are in a position to help clients comply with APPs or simply protecting citizens' information against what we're seeing with the APTs or privileged user attacks. We're working to establish ourselves and get ahead of the curve as people become more cognisant of data encryption.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.


Copyright © 2014 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.