Vormetric Encryption Provides Bridgeway with Industry-leading Protection from Cyber Threats

Known for being one of the most recommended and highest rated providers of legal management solutions, Bridgeway Software, Inc. is continually evolving its model of delivering quality software and services to clients. Justin Knowles, director of information technology and security at Bridgeway, commented, “We’re constantly expanding our portfolio, including the introduction of cloud-based applications. We wanted to ensure the integrity of our customers’ data against malicious cyber-based threats with an industry-leading protection solution.”

Business Challenge

Knowles stated, “With data breaches now a statistical certainty, traditional data protection technologies were no longer sufficient to protect our clients’ information and with a notable client list – most from the Fortune 1000 – our SaaS offerings make a prime target for malware such as Advanced Persistent Threats (APTs). In addition to APTs and other external threats, we needed to protect ourselves from insider attacks. Even with stringent processes and controls, we still needed to demonstrate to customers and prospects that we have these potential vulnerabilities suitably mitigated.”

Technical Challenge

The breadth of Bridgeway’s product portfolio attracts a wide range of client data that must be continually secured. Any viable solution needed to accommodate this diversity without requiring additional resources. Knowles recalled, “The Bridgeway team created a set of technical, business and operational requirements. Our solution had to include, at a minimum, a 128-bit AES encryption algorithm, robust key and data separation, and congruency with HIPAA requirements was imperative. We also needed policy-based encryption and the ability for centralized administration.”


“Having done extensive research and evaluations, only one company was able to meet all of our requirements and that was Vormetric,” Knowles recounted. “In addition to our individual selection criteria, we really liked Vormetric’s data-centric model. It’s very evident that traditional security measures are no longer sufficient to defend against cyber-based threats: The Vormetric Data Security strategy emphasizes focusing protection at the data level so even if a malicious attack gets past everything else, no harm can be done. Our client’s information is never at risk!”

Bridgeway implemented several Vormetric Data Security Encryption appliances and used the Vormetric Toolkit to accelerate and automate deployments across its infrastructure.

Vormetric Encryption provides enterprises with the ability to encrypt sensitive data residing in physical, virtual and cloud environments. Sophisticated access control protects both structured and unstructured data – on Linux, UNIX and Windows-based platforms – within a common infrastructure environment.


Information security is a primary concern for enterprise clients considering any SaaS solution, never mind one that manages privileged legal information like Bridgeway. While enterprises drive to exploit the benefits of SaaS, the vendor they choose must be able to mitigate these concerns and Bridgeway does.

“I’m very happy with the flexibility of the Vormetric architecture: We could have one of our appliances go offline and service offerings will continue to function using an appliance at a secondary location. Performance has been great too; our users have not been able to discern any difference in response times with encryption turned on,” reflected Knowles.

He continued, “We don’t have the luxury of a massive IT or security staff, so we really appreciate the ease of operations that Vormetric gives us. The products are very intuitive and we were able to quickly gain operational proficiency. We need tools that do a lot of the ‘legwork’ for us and the inherent intelligence of the Vormetric solutions definitely enables us to make best use of our team’s resources.”

Vormetric Encryption includes the Vormetric Data Security Manager which provides console functionality for centralized key and policy management within a FIPS (Federal Information Processing Standard) 140-2 certified appliance. “We’re really delighted to be able to leverage the ruling that if data encrypted to a level compliant with FIPS 140-2 is ever compromised, it is deemed unusable and considered destroyed,” noted Knowles. “This officially waives a section of the reporting and mediation requirements imposed by mandates such as HIPAA, which is great for us.”

He concluded, “Given the critical importance of data protection, our selection of Vormetric solutions is definitely giving us a competitive advantage. The policy-based encryption and separation of duties, coupled with the data-centric security model puts us in a powerful position when discussing data integrity with our existing clients and prospects: The benefits are obvious and compelling.”