Regulation

States “Encryption is the ultimate protection mechanism because even if someone breaks through all other protection mechanisms and gains access to encrypted data, they will not be able to read the data without further breaking the encryption. This is an illustration of the defense in depth principle.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that ensure security of data, supporting standard, robust encryption algorithms.

States organizations should “store keys securely in the fewest possible locations and forms.”

Ingrian centralizes the storage and management of keys on a single, dedicated security appliance—where all keys are stored encrypted and integrity checked within the platform, and are never available in plain text to anyone.

Mandates that organizations “Fully document and implement all key management processes and procedures, including:

• Generation of strong keys
• Secure key distribution
• Secure key storage
• Periodic key changes
• Destruction of old keys
• Split knowledge of dual control of keys
• Prevention of unauthorized substitution of keys
• Replacement of known or suspected compromised keys

With Ingrian’s solution, cryptographic keys never leave the DataSecure platform. The only way to access the DataSecure platform is at the administrator level, via a secure Web-management console, a command line interface over SSH, or a direct console connection. The platform can be configured so that individual administrators are granted access only to areas for which they are responsible.

Ingrian offers a FIPS 140-2 Level 3-compliant hardware security module, which supports the U.S. government requirements to ensure that the storage media itself is extremely tamper resistant.

Regulation

Cardholder data must be encrypted by “…strong cryptography such as PGP or Triple-DES with associated key management processes and procedures.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that ensure security of data, supporting standard, robust encryption algorithms.

Requires that the following methods are used to “authenticate all non-consumer users when accessing cardholder information”: unique user name and password, token devices (i.e., SecureID, certificates, or public key), or biometrics.

Ingrian delivers multi-factor authentication and authorization capabilities that ensure only authorized access to critical data.

Mandates “access to all audit trails logged on all critical systems.”

Ingrian offers robust, centralized logging and auditing capabilities for all security related activity.

Regulation

Requires that the head of each agency shall be responsible for “providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruprtion, modification, or destruction of information collected or maintained by or on behalf of the agency.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that ensure security of data throughout an agency, whether data is in storage, transit, or use.

Ensure that senior agency officials support operations through “assessing the risk and magnitude of the harm that could result from unauthorized access… determine the levels of information security appropriate to protect such information… and implement policies and procedures to cost-effectively reduce risks to an acceptable level.”

Because it manages encryption at the field level, DataSecure enables organizations to customize their security to adequately protect specific records. By implementing this solution, organizations significantly enhance internal controls and gain more sophisticated visibility of how and when sensitive data is accessed. By offering a centralized, appliance-based approach to encryption, Ingrian enables agencies to address critical security threats with unprecedented cost effectiveness.

Regulation

Must undertake “an evaluation of whether such internal control structure and procedures… include maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer… [and] provide reasonable assurance that transactions are recorded as necessary.” (Section 103)

How Ingrian Addresses

With its granular encryption capabilities and centralized key management, Ingrian offers sophisticated controls over what financial data can be accessed, and by whom. Further, it offers detailed logging capabilities so that organizations can both understand and thus knowledgeably report on the way sensitive financial data is used and managed.

Mandates that “the signing officers have disclosed… all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls.” (Section 302)

Ingrian’s field level encryption capabilities offer a way to secure critical data inside financial institutions, both from internal and external threats. By implementing this solution, organizations significantly enhance internal controls, gain more sophisticated visibility of how and when sensitive data is accessed, and mitigate the threat of internal fraud.

Stipulates “each annual report… contain an internal control report, which shall… contain an assessment… of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” (Section 404)

By augmenting internal controls over how critical data is accessed and managed, financial institutions can benefit by communicating these sophisticated safeguards—and the enhanced control of data—to auditors and shareholders.

Regulation

States that organizations “must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.” (Article 17.1)

How Ingrian Addresses

Ingrian’s field level encryption capabilities offer a way to secure critical data inside organizations, both from internal and external threats. By implementing this solution, organizations significantly enhance internal controls, gain more sophisticated visibility of how and when sensitive data is accessed, and mitigate the threat of unauthorized access, disclosure, use, or modification.

Mandates that “Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.” (Article 17.1)

Because it manages encryption at the field level, DataSecure enables organizations to customize their security approach to ensure that sensitive data—whether a credit card number, social security number, or patient record—is always protected.

Regulation

States that organizations must “insure the security and confidentiality of customer records and information.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that ensure security of data throughout an organization, whether data is at rest, in transit, or in use.

Requires that organizations “protect against any anticipated threats or hazards to the security or integrity of such records.”

By securing data inside an organization, Ingrian protects sensitive data from a range of security threats that are prevalent today.

Requires banks to “protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.”

Ingrian delivers multi-factor authentication and authorization capabilities that ensure only authorized access to critical data.

Regulation

Must “disclose… any breach of the security of the data… to any resident of California whose unencrypted personal information was… acquired by an unauthorized person.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that enable organizations to intelligently encrypt sensitive personally identifiable information.

Regulation

Mandates a business “that owns or licenses personal information about a California resident to implement and maintain reasonable security procedures and practices to protect personal information from unauthorized access, destruction, use, modification, or disclosure.”

How Ingrian Addresses

Ingrian delivers granular encryption capabilities that protect personal data in applications and databases from internal and external threats.

States that a “business that owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information.”

With its granular encryption capabilities, DataSecure offers sophisticated controls over how personal information is managed, enabling organizations to map data classification mechanisms to their information security approaches.

Offers following definition:

“Personal information” means an individual's first name or first initial and his or her last name in combination with any one or more of the following data elements, when either the name or the date elements are not encrypted or redacted:

1. Social security number.
2. Driver’s license number or California identification card number.
3. Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
4. Medical information.

Because it manages encryption at the field level, DataSecure enables organizations to customize their security approach to ensure that sensitive data—whether a credit card number, social security number, or patient record—is always protected.

By implementing this solution, organizations significantly enhance internal controls, gain more sophisticated visibility of how and when sensitive data is accessed, and mitigate the threat of unauthorized access, disclosure, use, or modification.

Regulation

Section 1173(d)(2) of the Act states the rule “Draws no distinction between internal and external data movement. Therefore, this final rule covers electronic protected health information at rest (that is, in storage) as well as during transmission.”

How Ingrian Addresses

Ingrian delivers encryption capabilities that ensure security of data throughout an organization, whether data is at rest, in transit, or in use.

States: “Each person …who maintains or transmits health information shall maintain reasonable and appropriate administrative… safeguards”

The only way to access the DataSecure platform is at the administrator level, via a secure Web-management console, a command line interface over SSH, or a direct console connection. The platform can be configured so that individual administrators are granted access only to areas for which they are responsible.

Requires that organizations “ensure the integrity and confidentiality of the information.”

By securing data inside an organization, Ingrian protects sensitive data from a range of security threats that are prevalent today.

Requires safeguards against “unauthorized users or disclosures of the information.”

Ingrian delivers multi-factor authentication and authorization capabilities that ensure only authorized access to critical data.