GLBA News

Voltage SecureData Grows Momentum With Major Integrators and Global 2000 Companies

Leading organizations standardize on advanced cryptographic solution to foil identity theft, speed compliance efforts, protect outsourced environments and avoid public data breach disclosures

From the RSA 2008 Conference in SAN FRANCISCO, CA – April 8, 2008 - A growing list of major systems integrators (SI’s) are embracing Voltage SecureData, an advanced cryptographic solution that elegantly addresses the security and protection of consumer identities and financial, account and credit information in large corporate databases. Based on a new encryption approach, Format-Preserving Encryption, Voltage SecureData also speeds time-to-compliance with PCI DSS (Payment Card Industry Data Security Standard) and other mandates, on average, by more than five times.

Early adopters, including most recently a major Australian organization, are discovering that Voltage SecureData is the most innovative, most rapidly-integrated, easiest-to-deploy cryptographic solution to surface in the market in the past five years. Whereas other security systems force organizations to expend massive effort re-architecting and re-writing code, Voltage SecureData very simply protects customer information as it is collected, used and stored across databases and applications—minimizing changes to legacy applications.

Through a growing ecosystem of integration partners – featuring BearingPoint Inc.; MphasiS, a division of Electronic Data Systems Corp. (EDS); and others, including the integrator of record for a major deployment in Australia – large enterprises across the globe are embracing Voltage SecureData’s innovative approach. Enterprises working with Voltage SecureData include leading credit card issuers, banks, government organizations and retailers.

Voltage SecureData’s early market momentum demonstrates that there finally is a ‘real’ data encryption solution that very simply just works. The alternatives are too complex, costly, and difficult to maintain.

Voltage customers and integrators are discovering that Voltage SecureData:

·         Protects customers from Identity Theft
By scrambling identity information such as credit card numbers, bank account numbers, social security numbers with the Format-Preserving Encryption approach, criminals will be unable to compromise customer identities in the event of a data breach

·         Enables them to achieve corporate compliance five times faster, on average. This “time to implement” is critical to help companies comply with PCI Data Security Standard and other regulatory compliance standards.

·         Reduces the risk around exposing sensitive customer data. By providing data encryption and masking, sensitive fixed-format data such as credit card numbers, bank account numbers, and social security numbers can be protected. For organizations outsourcing application development, Voltage SecureData can also enable developer access to production data – but safeguard customer identity information, reducing the risks of sensitive data being exposed in a test environment.

·         Supports legacy environments. The breakthrough implementation of Format-Preserving Encryption (FPE) overcomes the key cost of making application changes. The cost of finding developers to re-write code on legacy systems can be exorbitant, a fact evidenced during handling of the Y2K bug.

·         Is flexible and adaptable to changes. Command line, web services and toolkit deployment options allow customers to choose the deployment path most ideal for their organizations.

“Our customers and integration partners are learning that Voltage SecureData is the only practical, easy-to-deploy solution that protects information regardless of its location,” said Terence Spies, chief technology officer, Voltage. “Plus, Voltage SecureData doesn’t require customers to make massive application changes since it supports existing data formats across applications and databases.”

Voltage SecureData’s momentum arrives at a critical time for organizations seeking to avoid sensitive information breaches, leaks, business loss and irreparable brand damage; and rapidly and cost effectively – with as little disruption to business or infrastructure as possible – comply with complex government and industry mandates such as PCI DSS (Payment Card Industry Data Security Standard), EU Data Protection, Gramm-Leach-Bliley Act (GLBA), US HIPAA (Health Insurance Portability and Accountability Act), Personal Information Protection and Electronic Documents Act (PIPEDA), California SB1386 and the new Identity Theft Red Flag regulations.

"Data protection needs to take into account both internal and external threats, including those against critical database and application resources," said Trent Henry, vice president and research director, Burton Group. "However, many protection mechanisms require application retooling or add complexity that delays or halts deployment. Format-preserving encryption overcomes these issues. It's an exciting step toward improved, simpler data protection and compliance with regulatory requirements."

More About Format-Preserving Encryption (FPE)

In order to protect customers from such setbacks, Voltage SecureData’s Format-Preserving Encryption (FPE) approach encrypts information without changing the size or format of the data. As a result, large enterprises can easily embrace Voltage SecureData without overhauling their existing IT systems. In stark contrast, traditional encryption technologies often change the size or format of customer data, creating incompatibilities as data is encrypted and unencrypted. For instance, a 16-digit credit card number could become a 50-digit number that’s incompatible with a business’s existing IT infrastructure. FPE ensures such setbacks don’t occur with Voltage SecureData.

Pricing and Availability

Voltage SecureData has been available since October 2007 and is rapidly gaining momentum within the industry and global organizations in multiple vertical markets. Pricing starts at $35,000 for a data masking bundle. Beyond the initial bundle, pricing is offered per runtime instance and per connection (e.g. per application).

About Voltage Security
Voltage Security, Inc., an enterprise security company, is the global leader in information encryption. Voltage solutions, based on next generation cryptography, provide encryption that just works for protecting valuable, regulated and sensitive information persistently and based on policy. Voltage delivers power, simplicity and the lowest total cost of ownership in the industry through the use of award-winning Voltage Identity-Based Encryption™ (IBE). Voltage Security offerings include Voltage SecureMail™, Voltage SecureData™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.

Voltage Security is the number one OEM provider of email encryption technology in the world with OEMs that include Microsoft, Proofpoint, Secure Computing, Sendmail, Canon, Code Green Networks and NTT Communications. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems . Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government, such as American Board of Family Medicine, Diebold, Integro Insurance Brokers, NTT Communications, SafeAuto Insurance, Winterthur Life UK Ltd. and XL Global Services. For more information please visit http://www.voltage.com.

###

Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Voltage SecureMail, Voltage SecureFile, Voltage SecureData and the Voltage Security Network (VSN), are registered trademarks of Voltage Security, Inc.
All other trademarks are property of their respective owners.

Industry Supports Voltage SecureData

Steve Katz, CISSP; founder and president, Security Risk Solutions; first CISO of Citibank:

"Identity theft continues to be one of the fastest growing crimes in America. PCI and the new Identity Theft Flag Regulation that went into effect on Jan. 1 will increase the pressure on public and private companies to protect sensitive customer data. Voltage SecureData brings a completely new approach to the table that will dramatically cut the costs, complexity and time to compliance as well as reducing the risks associated with identity theft."

Warren Zafrin, managing director, Financial Services Risk & Security, BearingPoint:

"Our customer engagements typically involve highly sensitive projects and deeply confidential data. Voltage SecureData is a practical alternative for our customer settings. It’s non-invasive and greatly mitigates customer risk.

Raj Patil, vice president of North America, MphasiS, a division of EDS:

"We need the best of both worlds. We need to build new web services and applications, and both those advanced solutions must protect sensitive data. That’s where Voltage SecureData enters the picture. It gives us – and our clients – piece of mind as we embark on innovative new application projects."

Dr. Howard Robkoff, Chief Security Architect, MphasiS, a division of EDS:

"Voltage's Format-Preserving Encryption capability reduces the complexity and cost of retrofitting cryptographic protection of private and sensitive data in existing applications. By preserving the type of the underlying data there is no need to introduce expensive modifications of existing database schemas."

Eric Ouellet, Vice President, Secure Business Enablement Group, Gartner:

"Many organizations fear the impact of encryption on precious system resources and the potential repercussions of schema changes on long-standing systems and those downstream that also need access to the data. Advanced technologies and approaches that simplify deployments and favor minimal impact on existing systems will provide strong value and broad appeal with clients."

Trent Henry, Vice President & Research Director, Burton Group:

"Data protection needs to take into account both internal and external threats, including those against critical database and application resources. However, many protection mechanisms require application retooling or add complexity that delays or halts deployment. Format-preserving encryption overcomes these issues. It's an exciting step toward improved, simpler data protection and compliance with regulatory requirements."

Paul Stamp, Principal Analyst, Forrester Research:

Forrester Research analyst Paul Stamp said (eWeek 3/19/08) the firm's approach removes a layer of complexity from the database encryption process. "It can also make it easier to ship production data into a test environment, which is a big deal for maintaining security in the troubleshooting process," Stamp said.

-end-

Share or bookmarklet this web page at: