Privacy changes raising data-security profile in Australia: Vormetric

Australia’s growing focus on security-related governance and regulations made it a natural choice of location for encryption-management firm Vormetric as the company prepares to use its new Sydney office as a launching-off point to the Asia-Pacific region, the head of the company's Australian operations has explained.

With new advanced persistent threats (APTs) “gathering data at an alarming rate”, Vormetric country manager Damian Harvey told CSO Australia, many companies are being compromised because they “have personally identifiable information sitting on systems that are barely protected.”

Poor control of user privileges opened up other avenues of compromise as cyber-criminals entered through privileged user accounts and extracted company data without detection, Harvey said.

Wrapping that data in a layer of carefully managed encryption provides tighter control over enterprise data that may not even be available to administrators.

“Hackers tend to look for softer targets, and people are still coming in under authorised accounts and extracting the data,” Harvey explained. “We greatly reduce the attack surface by wrapping that layer up and only decrypting it for people authorised to access the data.”

“We're actually tying a person to a process, then deciding whether to deny, allow, decrypt or encrypt the data. This gives a granularity at the access layer that the industry hasn't seen before, and we've been able to help a number of organisations clean up system-administrator behaviours around the data sets.”

Vormetric's encryption tools use highly optimised parallel encryption routines to encrypt up to a terabyte of in-memory data within ten seconds, Harvey said, noting that the company's architecture fixes the common problem in which management of encryption keys is taken offline; keys are stored on a purpose-built, FIPS-compliant, tamper-proof hardware security module (HSM).

“We do this in a way that's transparent to the business,” he explained. “Applications don't have to be rewritten, databases don't have to be reconfigured, and performance is not degraded. People don't know it's being encrypted and decrypted on the way through.”

Overseas, Vormetric counts 17 of the Fortune 25 companies and already operates in 20 countries – including through partners in Australia and New Zealand. With its own presence in Australia, however, the company is positioning itself in preparation for what Harvey believes will be a surge in demand for data-management tools.

The Australian government's recent shift to a privacy environment built on Australian Privacy Principles (APPs) had raised overall awareness of the need for better security, he explained.

“We see it as a signal that the government is taking all of this more seriously,” he said.

“That's one of the reasons we have launched here: we are really trying to educate people around our capabilities, so we are in a position to help clients comply with APPs or simply protecting citizens' information against what we're seeing with the APTs or privileged user attacks. We're working to establish ourselves and get ahead of the curve as people become more cognisant of data encryption.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags vormetricprivacy

More about CSOVormetric

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts