banner

Thales Blog

Vormetric Live Data Transformation – Boldly Going Where No Encryption Has Gone Before

January 17, 2017

Eric Wolff Eric Wolff | Senior Product Marketing Manager More About This Author >

Downtime. Nobody likes it. Unplanned downtime is almost always expensive. A 2015 report from IDC also revealed that for the Fortune 1000, the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year.

Planned downtime is also a pain. Before I was in the security business, I marketed network solutions that were “bumps on the wire” that required planned downtime for deployment. There were ways to minimize or even reduce the downtime, but they were complicated.

Vormetric Live Data Transformation – Boldly Going Where No Encryption Has Gone BeforeSo it goes with encryption. Great ROI – not least of which from the better sleep you get, knowing that data thieves get nothing they can use (and how happy you’re making the compliance team). But, for enterprise-class encryption, there’s planned downtime while tens of thousands of files or a large database gets encrypted. Sure, there are ways to prevent downtime, but they can be complicated and/or require administrative time and/or extra disk space. But now you have the option of enterprise encryption without downtime, with Vormetric Live Data Transformation. With it, a database of any size or any number of files can be used while undergoing encryption.

Reducing Friction in Getting Your Job Done
Consider the CFO of a large organization. One day, the CFO decides or is told that it’s time to encrypt the hard drive on their PC or Mac laptop. The CFO turns on encryption and knows that soon, the entire hard drive will be encrypted. The process might take a few days but eventually all the data will be protected.

Now you and your CISO are talking about purchasing enterprise-class encryption for a database or large group of sensitive files. In your deployment planning document attached to the purchase requisition, you note that the target data will be offline for several days during a long February weekend. The CFO doesn’t approve the purchase requisition. The CFO says, “Why does data have to be offline? Why doesn’t this work like my laptop?”

The CFO finds the downtime plan does not jibe with what they experienced with their laptop. But he or she is the only person using their laptop. In contrast, with enterprise databases or other storage, thousands of users across hundreds of servers require concurrent access. It’s complicated compared with a laptop. But downtime for encryption should not be, and no longer needs to be, tolerated. And there’s no downtime with Live Data Transformation. Start encrypting, and walk away. Use all the data while it’s being encrypted. Just like the CFO’s laptop.

Encryption Can Peg the CPU, But You Won’t Get Pegged.
The CFO’s laptop never slows down while its data is being encrypted. Its operating system carefully balances between encrypting the data and allowing work to be done. Live Data Transformation offers the same process, but on a much larger scale. With Live Data Transformation, on a per-server basis, your organization can decide that encryption can take no more than a chosen CPU percentage, leaving the rest to run applications normally.

Stop Tearing Your Hair Out
Perhaps your organization has a large data set with encryption already in place. At some point, that data set goes to an archive, for example, offsite. Meanwhile, Live Data Transformation has enabled you to do scheduled key rotation for all your live data sets. Months go by and a file recovery is needed. When the archive is mounted, you discover that your current encryption keys differ from those in the archive. Where’s that key? How am I going to recover that file? You might now be tearing your hair out. But with Vormetric Live Data Transformation key versioning, everything works automatically.

Live Data Transformation is part of Vormetric Transparent Encryption, where keys and policies are provided by the Vormetric Data Security Manager (DSM). Live Data Transformation adds key version management to the picture. A Transparent Encryption Agent with Live Data Transformation discovers an older key version in an archive, requests the key for that version from the Data Security Manager, and data recovery from the archive happens immediately. The restored data is encrypted with the current cryptographic key. You calmly tell the user, “your recovered data is now available”.

Conclusion

The ability to deploy encryption without planned downtime is a game-changer for organizations that need to keep their data safe. Another one of the tradeoffs between security and availability is eliminated. So live long and prosper, my friends, and happy encrypting.

For more information on Vormetric Live Data Transformation, please visit: https://cpl.thalesgroup.com/encryption/live-data-transformation-extension