This week I met enterprise encryption company Vormetric whose mission is to talk to companies about securing ‘business critical' data. Fronted by former PGP sales director Paul Ayers, it is branching into the European market after nearly ten years building foundations in Silicon Valley.
Many advisory whitepapers and ICO undertakings will advise you to ‘do' or ‘use' encryption.
All very well you may say, but is it as simple as hitting a button and encrypting everything? Or do you go another way and just encrypt what an employee deems to be necessary?
The two issues here are: firstly, you end up encrypting everything and, costs aside, this is a fairly pointless exercise, and secondly, you leave an uneducated employee to decide what should and should not be protected content in an email.
Ayers said: “What I saw with PGP was post-HMRC, awareness is there and the adoption of encryption in mobility is now a mature space. The focus on protecting everything has changed to a focus on securing data, and the most critical data that is on the servers in the data centre.
“A lot of the breaches we saw at PGP were because of USB sticks, now it is large volumes of records. In this article it said that of the top 15 data breaches, five were servers or databases. So we see the technology adoption and understand the problem and put the processes in place.”
Vormetric's move to establish a local presence in the EMEA region has been driven by continued data breaches, forcing a need for businesses to reconsider the nature of what constitutes sensitive data, and put measures in place to substantially mitigate the impact of any incidents. In addition, industry pressures, such as compliance with standards such as PCI DSS and requirements surrounding the US Patriot Act, ‘data sovereignty' and the geographical location of data, are all driving demand for encryption-based solutions.
Ayers, who will act as vice president of EMEA sales for Vormetric, said that it offers data security in physical, virtual and cloud environments and can work with structured and unstructured data, as well as securing all Windows, Unix and Linux servers. The company is currently offering version five of its technology.
Richard Gorman, CEO of Vormetric, said: “In addition to increasingly hefty fines levied at firms that experience data loss, the total cost is significantly compounded as a result of lasting reputational damage. Encryption provides a way for firms to reduce this cost and risk. Encryption technologies provide a way for firms to reduce this cost and with many of our multinational customers already using Vormetric encryption and key management technology to protect data in Europe, we realised it was time to invest in a local presence.”
Speaking on the use of encryption in businesses, Ayers said that many businesses will buy encryption for compliance, as many of its customers will have intellectual property or customer-centric data and will want to avoid breaches.
He said: “It is encryption on demand, a business knows it needs to do it to its advantage and be able to work with any operating system. Some of our customers say that this is about putting a ‘service wrap' on the server or there is an analogy of putting a firewall on the data, so you can determine who or what has access to the data.
“You want to know where your data is and deal with the cloud but control access. The customer will have access to the keys on premise.”
Looking forward, Ayers told me that its key aim for the EMEA region was to build awareness of the company and its product offering of encryption management for servers and key management.
He said: “There is more and more encryption, so how do you manage the keys? We added a key vaulting technology and you can use the appliance as a key vault. If you are serious about security, then the implementation of encryption is critical.”