Thales News Release

Vormetric Data Security Survey Shows The Power Of Negative Publicity And Positive Impact Of State Laws

March 12, 2007

"Keep Me Out of the Press" Most Frequently Cited Reason for Protecting Information by Booth Visitors at RSA 2007 Conference

SANTA CLARA, CA - March 12, 2007 - Fear of negative publicity is the primary driver for companies and organizations engaged in data protection, according to a survey taken by Vormetric, Inc. The survey was conducted at the RSA Conference at San Francisco's Moscone Center February 5-9. The need to comply with a growing body of state laws concerning the security of information entrusted to them also ranked as a strong motivator for attendees at the conference.

In the survey of more than 500 visitors to Vormetric's booth, 74 percent of respondents cited a need to protect their own intellectual property from theft or compromise. Just 33 percent named credit card data and 43 percent noted corporate financial records as the types of data needing protection.

Growing Sophistication, Further Questions

Vormetric, a leader in the data protection business since 2001, also found that 67 percent of those surveyed believe that most data breaches originate from within the organization rather than from an external threat. This finding was consistent with a 63 percent response in Vormetric's October 2006 survey of attendees at Oracle OpenWorld in San Francisco.

Vormetric conducted a similar canvas at Oracle OpenWorld in 2005 and found that only 45 percent of those surveyed were interested in learning about some aspect of data encryption. That response rate jumped to 63 percent in 2006.

In Vormetric's 2007 RSA conference survey, slightly over half of respondents noted that the information in their company's data bases should be encrypted, while approximately one third indicated a need for encryption of tape backup systems and of flat files.

"We can learn a number of things from these answers to our surveys," commented Vormetric's senior director of marketing Dr. Heather Mark.

"First, laws like California's SB1386 are working. Mandatory disclosure of actual or likely data breaches when the data is unencrypted is focusing everyone's attention on this very serious problem. When executives tell us 'I don't want to be the guy on the front page of the Wall Street Journal,' you know they're paying attention."

"Secondly, many more people are aware of encryption and getting the message that it is a necessary step. They also see that data that resides in many places throughout their enterprise is vulnerable to hackers and thieves. But I'm not sure whether everyone yet understands that encryption alone is not enough; it has to be combined with tight, documented control of the people and the applications that have access to the data. You also have to protect the underlying OS and application infrastructure where the data resides."

Protecting Intellectual Property: A Growing Concern in Today's Global Economy

"We're pleased to see that more and more people understand the need to protect their company's intellectual property," added Dr. Mark. "One of our large clients is an automotive manufacturer with engineers and facilities in several countries. We developed a way for them to encrypt and control access to valuable proprietary information in both the company's central database and in its backup storage.

"IP represents a critical competitive advantage. So too is the ability to control costs via outsourcing and offshoring. But outsourcing and offshoring can also expose unprotected IP -- trade secrets, design specifications and other confidential corporate information -- to outsiders, whether they are here or on the other side of the globe. Our latest survey shows that this message is resonating with companies across many industries."

Vormetric Security Survey Response Q&A - Condensed Summary
(Multiple responses permitted)

Q: What drives you to secure data?

  • Keep me out of the press 52%
  • State laws 47%
  • Keep the auditors happy 38%
  • My boss 18%

Q: Most breaches are because of

  • Internal threat 68%
  • External threat 43%

Q: Where does your sensitive data reside?

  • KDatabases 62%
  • Network storage 43%
  • Laptops 36%
  • Desktops 33%
  • Servers w/attached disks 30%

Q: Where do you need encryption?

  • Databases 54%
  • Tape backup 32%
  • Flat files 31%
  • Point of sale 17%

Q: What types of data do you need to protect?

  • Intellectual property 74%
  • Non-public information 44%
  • Financial records 43%
  • Credit card data 33%
  • Patient data 25%

Vormetric Takes to the Road

Vormetric chief financial officer Frank Teruel is scheduled to speak on "Managing Risks to Corporate Data" Wednesday, March 14 at the Ziff Davis Security Summit in New York. For more information, visit

About Vormetric

Vormetric is the leader in data security management and enforcement solutions. Vormetric Data Security provides a centrally managed, high performance, easy-toimplement, distributed solution that solves the pressing compliance, security and risk management challenges facing today’s enterprises and government agencies. Vormetric’s application- and database-transparent solution outperforms other offerings to provide stronger and broader data security at a fraction of the management and implementation cost.

Vormetric’s more than 230 customers represent the world’s most trusted brands in financial services, retail, manufacturing, healthcare, media, energy and telecom industries as well as highly security conscious government agencies.

Vormetric technology has received strong market validation for its innovative approach to data security, including:

  • Selection by IBM as the core database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows
  • Computerworld Technology Innovation Award
  • Selection by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option
  • Partnership with Oracle to secure the execution environment for Oracle® Database Vault
  • Five patents issued and nine patents pending

Vormetric is a trademark of Vormetric, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners