Dell protects its customers from data theft during sales transactions
Background: Based in Round Rock, Texas, Dell is the world's #1 direct-sale computer vendor, providing a broad range of computer products for the consumer and enterprise markets. In addition to a full line of desktop and notebook PCs, Dell offers network servers, workstations, storage systems, printers, projectors, and Ethernet switches. The company also markets third-party software and peripherals, and Dell's growing services unit provides systems integration, support, and training. As of 2006, Dell employed more than 66,100 people worldwide with 2007 sales reaching over $57 million.
Challenges: Prior to deploying Ingrian DataSecure, Dell was looking for a solution to better protect its customers from data theft during sales transactions. Dell sells to customers directly from its Web site, making it responsible for the privacy of customer credit card information from thousands of transactions on a daily basis. Out of concern for their customers’ and employees’ privacy, and in an effort to comply with all industry regulations, primarily the Payment Card Industry standard (PCI), Dell needed a solution that could be implemented across the enterprise to accommodate their wide variety of platforms including Windows, Linux, SQLSever and Oracle. The ability for the solution(s) to interface into non-standard systems through an XML interface was also a requirement for Dell. Finding a security vendor that provided such flexibility was a challenge. After reviewing a number of encryption solutions, the company selected Ingrian for its multi-platform capabilities, flexible implementation points, ability to encrypt at the application and database layers, and centralized key management and policy capabilities.
“The primary driver for us is really around customer privacy. Confidentiality of customer information is key to Dell, as well as employee information. Obviously the industry factors like PCI were motivating factors as well. What we really wanted to get out of the solution was a single enterprise-wide standard that we could centrally manage and centrally report on so that we knew and had confidence in the state of our encryption solutions across the enterprise at any time.”
Jeff Chumbley, Director of Global Information Security and Compliance
Issues: Through Dell’s Global Privacy Program, the company initiated a solution to protect all sensitive information at the data layer in 2007. Prior to deploying Ingrian DataSecure, Dell had already implemented security programs to safeguard their environments and systems. To further develop their security program, Dell wanted a solution that could safeguard each piece of data they stored, be it customer, employee or corporate information. With Ingrian DataSecure, Dell has increased their overall security, protecting all data that could be left vulnerable to both internal and external threats.
Solution provided by Ingrian: Ingrian DataSecure appliances help protect the Dell brand and ensure customer privacy via an enterprise-wide encryption initiative that was completed in 2007. Dell deployed Ingrian’s encryption solutions across 10 applications in less than six months and significantly simplified and streamlined the process of encrypting millions of customer credit card transactions on Dell.com. This initiative helped ensure Dell’s continued compliance with PCI standards and the California Senate Bill 1386.
Ingrian DataSecure provides an intelligent, cost-effective way for Dell to protect all structured and unstructured data, at the data center and in distributed environments. Featuring dedicated hardware appliances and patent-pending cryptography software, Ingrian’s solutions deliver capabilities for granular encryption, seamless integration, and centralized key and policy management.
DataSecure delivers capabilities for field-, column- and file-level encryption, seamless integration, and centralized key and policy management—which enabled Dell to deploy an end-to-end encryption strategy with unparalleled ease and cost effectiveness.
With its capabilities for encryption of sensitive data in Web servers, application servers, databases, file systems, mainframe and distributed environments, DataSecure enables Dell to protect the sensitive data that poses a business or liability risk.
DataSecure is comprised of three components:
The DataSecure appliance, a dedicated hardware system.
Connector software, a software component that is installed on the Web server, application server, database, mainframe or file system that interfaces with the DataSecure appliance.
The EdgeSecure appliance, a dedicated hardware system optimized for remote locations.
Ingrian also offers a variety of configurations, ensuring that Dell’s solution was tailored to their specific security, performance, and budget requirements. Maximizing overall security, DataSecure also centralizes all cryptographic processing, key management, logging and auditing, and security policies on a single, hardened appliance. DataSecure’s robust security features also include:
Capabilities for segregating administrative duties so key controls are shared among multiple administrators.
Secure, multi-factor authentication and access control between databases and servers and the DataSecure appliance.
Granular authorization capabilities that enable constraints to be placed on user operations based on specific key permissions.
Active alerting capabilities so that, if attempts to breach protected data occur, mechanisms are employed to alert administrators.
Comprehensive backup and restore functionality and disaster recovery features.
Support for AES, 3DES, RSA, HMACSHA-1, and other cryptographic algorithms.
“Organizations today are under a tremendous amount of pressure to safeguard consumer date for three fundamental reasons. First, theft of sensitive information is at an all-time high…Organizations, as a result, need to look at the best practices and policies around how to secure that sensitive information. Secondly, compliance mandates are a big driver for this particular space. There are a large number of compliance mandates including things like Senate Bill 1386, now being pushed in 34 states in the U.S., in addition to PCI… Thirdly, and often times most importantly, is the issue around brand awareness and brand protection. Large organizations and companies we’ve worked with in the past have been very sensitive to protecting their brand, maintaining and gaining trust with their consumer base, and most importantly using that brand protection as a key differentiator against their competitive environment.”
Derek Tumulak, Ingrian’s VP of Product Management and Engineering
Summary: “[The results] have really been flawless. All of our SLA’s have been met. We overbuilt the solutions quite a bit to be able to accommodate future growth into other data element types and so far it’s been perfect.” - Jeff Chumbley, director of global information security and compliance.
Ingrian Networks, Inc.
350 Convention Way
Redwood City, CA 94063
Tel: +1 (650) 261-2400