Case Studies

Welcome to our showcase of successful client engagements

Case Study: Large national Retailer

Company
A $4 billion retail conglomerate and holding company, operating three retail subsidiaries in more than 30 states. The company sells such items such as brand-name apparel, shoes, accessories, and housewares.

Challenge
Many customer transactions, which happen at the store level, are completed with the use of credit cards. The consortium of Visa, MasterCard, American Express, Discover, JCB and Diners, which aligned on Dec. 16, 2004, now require vendors to protect sensitive customer information. These requirements are defined in the CISP regulation. Some of these protection requirements include:

• Securing sensitive data that is stored in databases
• Restricting system access on a “need to know” basis
• Tracking and monitoring all access to sensitive data by unique ID
• Implementing and maintaining an information security policy specific to sensitive data

Solution
After evaluating a number of approaches, the company made a decision to implement Protegrity’s Data Security Platform for Teradata in November, 2005, to protect their sensitive customer credit card data. Working with both the NCR/Teradata team and Protegrity, the company implemented Protegrity Data Security Platform for Teradata in three days. Protegrity fully trained the company team regarding how to utilize Protegrity’s Data Security Platform for Teradata while incurring no major changes to existing application code.

During both the roll-out to the test and production system, the company performed extensive system testing to ensure that the new security controls would enable all users to access and manage data efficiently. The company found that Protegrity’s Data Security Platform performed very well in relation to day-to-day Teradata operations.

Benefits
Through implementing Protegrity’s Data Security Platform for Teradata, the company is now able to address a multitude of PCI data protection and auditing requirements. Protegrity’s DSP for Teradata solution is transparent to the company warehouse environment. As a result, this solution minimizes the amount of implementation work that is necessary to implement the product. From a performance standpoint, the company realized minimal impact to their environment. Back to top

Case study: apparel, personal care and beauty products retailer

Company
Nearly $10 billion in annual sales and operating nearly 3,600 stores throughout the US. Originally focused on apparel, the company has expanded into personal care and beauty products.

Challenge
One of the business drivers that led the company to protect sensitive data was the increasing presence of state protection bills. These acts require the protection of personal data and notification of a compromise or suspected compromise of confidentiality if the sensitive data is not encrypted.

The second business driver that required a deep level of database security was VISA CISP. Due to its large retail store structure, the company and its affiliates use credit cards for a majority of its customers purchases. The consortium of Visa, MasterCard, American Express, Discover, JCB and Diners, which aligned on Dec. 16, 2004, now require vendors to protect sensitive customer information. These requirements are defined in the CISP regulation. Some of these protection requirements include:

• Securing sensitive data that is stored in databases
• Restricting system access on a “need to know” basis
• Tracking and monitoring all access to sensitive data by unique ID
• Implementing and maintaining an information security policy specific to sensitive data

The company faced a number of complex system challenges due to their complex enterprise architecture. This included the need to protect sensitive data in many different database systems, and to ensure that data being moved between these databases and staging environments was well protected.

Solution
After an extensive evaluation of products and technologies, the company decided to roll out Protegrity’s Data Security Platform (DSP) for Teradata among many other database environments. Protegrity’s DSP enabled the company to define and deploy a central database security policy for Teradata and other database systems.

Benefits
Through implementing Protegrity’s Data Security Platform for Teradata, the company is now able to address a multitude of PCI data protection and auditing requirements. The Protegrity Data Protection System for Teradata solution is transparent to the company warehouse environment. As a result, this solution minimizes the amount of implementation work that is necessary to implement the product. From a performance standpoint, the company realized minimal impact to their environment. The Company found that Protegrity’s Data Security Platform for Teradata had minimal impact to its production system. Plus, data can now be reviewed with the customer directly. Back to top

Case study: Travel products and services company

Company
An airline-owned company offering travel products, services, ticket distribution, and financial settlement through a variety of channels in the US, US Virgin Islands and the America Samoas. The company was established as a closed corporation as part of the deregulation of the Airline industry in 1984. Its core function is the operation of the systems and processes that make up the Area Settlement Plan which currently processes:

• Over 3 Million transactions per week
• $65+ Billion dollars per year in settlement for 135 + Airlines and 23,000 travel agents

Challenge
Due to the variety of transactions the company manages for their core customers, the Teradata system needs to store sensitive customer data from many different airline carriers. In anticipation of growing credit card protection requirements by VISA and other leading vendors, the company made a decision to encrypt their highly sensitive customer data. Requirements of the CISP regulation include:

• Securing sensitive data that is stored in databases
• Restricting system access on a “need to know” basis
• Tracking and monitoring all access to sensitive data by unique ID
• Implementing and maintaining an information security policy specific to sensitive data

The company also recognized that they needed to implement an enterprise solution to address their multi-platform, multi-database environment which includes Teradata, Oracle and SQL Server. Other key functional requirements included:

• Separation of Duties
• Database administration versus security policy management
• Strong protection of encryption keys per PCI standards
• Audit Logging – detailed reports of access to sensitive data
• Transparency to existing applications
• Customizable for the company specific needs for column level encryption

Solution
After evaluating a number of approaches, the company made a decision to implement Protegrity’s Data Security Platform for Teradata to protect their sensitive customer credit card data. Working with both the NCR/Teradata team and Protegrity, the company implemented Protegrity’s Data Security Platform for Teradata in three days. Protegrity fully trained the company team regarding how to utilize Protegrity’s Data Security Platform for Teradata while incurring no major changes to existing application code.

Benefits
The key areas of business benefit for the company were in the areas of product usability, features, and performance. In order for the company to develop similar feature function to Protegrity’s Data Security Platform for Teradata, it would have taken many man years of development expertise, most of which the company did not have available to them. In addition to available development resources, the ease of use by which Protegrity’s Data Security Platform enables the company staff to manage the encryption of sensitive data saves a tremendous amount of time. Finally, ensuring that the company’s Teradata environment performs adequately is critical in relation to the investment made in Teradata and for the company’s customers utilizing the system. Back to top