Large Enterprise Professional Services Company


  • Is concerned about protecting the following types of information:
    • Healthcare information
    • Intellectual property
    • Employee PII
    • Mission-critical text, voice, and video information
    • Customer PII
  • Require data protection during the following circumstances:
    • Database security
    • Unstructured data security
    • Intellectual property
    • Data segregation
    • Contractual requirements (either with a customer or for suppliers)

Use Case

  • Applies Vormetric Data Security to adhere to global compliance regimes in the following ways:
    • Help meet requirements 3, 7 and 10 of the PCI DSS that call for the protection of cardholder information
    • Secure and controls access to ePHI – both unstructured medical imagery or structured database information from HIPAA/HITECH
    • Meet national data protection laws that mandate encrypting citizen personal information including UK Data Protection Act, EU Data Protection Directive and South Korea’s Personal Information Protection Act
    • Provide security, access control and reporting so enterprises can demonstrate effective controls over sensitive information mandated by Sarbanes-Oxley, GLBA, and Basel III
    • Enable large, consolidated datacenters to segregate and control data to meet the legal obligations of data across borders compliance measures without modifying applications or storage infrastructure
    • Implement security controls for addressing DHS Sensitive Systems Policy Directive 4300A and the Sensitive Systems Handbook
    • Meet NIST SP 800-53 Guidelines
  • Uses Vormetric Data Security to achieve the following:
    • Lock down their data with encryption, strong key management, and security intelligence
    • Create strict access policies that ensure only authorized users can access sensitive information
    • Reduce the attack surface against sophisticated Cyber threats, including Advanced Persistent Threats (APTs) and zero-day attacks
    • Tightly monitor exposure, and implement transparent controls that do not impact how employees perform their jobs
    • Leverage alerts that trigger red flags when users are performing actions outside of the behavioral norm
    • Engage in ongoing monitoring and reporting
  • Uses the following SIEM solutions to identify possible internal threats or APTs:
    • Splunk


  • Prevents the following insiders from accessing protected data with Thales eSecurity:
    • System administrators
    • Network administrators
    • UNIX/LINUX root users
  • Purchased Vormetric Data Security for the following reasons:
    • A data-centric strategy locks down the data, and removes risk from privileged users
    • Thales eSecurity sets controls around the data and examines controls from the inside out
    • Data is the main target for APTs and server data is the biggest target
    • Data-centric security mitigates risk and reduces the attack surface for APTs
    • Efficient, effective, and company is an outstanding partner
  • Rates the likelihood of recommending Thales eSecurity as 10 out of 10.