Why Protegrity Prime Our unique data security technologies are built for today's data-driven businesses. Learn More
Data Discovery Uncover where sensitive data resides
Data Management Control every corner of the enterprise
Data Protectors Protection beyond platforms
Professional Services Security experts for every need
Security Gateways Data security that goes with the data
Vaultless Tokenization Go beyond encryption
Contact Us

Financial Services Case Study

Internal Privacy Policy

Company Overview

A top 10 European bank with full-service offerings, including corporate and institutional banking, retail and private banking, life and pension products and over 10 million customers.


Business Problem

Internal policy was put in place that required the Common Data Warehouse (CDW) team to implement a data-centric security solution to prevent unauthorized users from accessing sensitive production data in test/development systems.

Sensitive data needed to be protected – at rest, in transit and at use – but locking down all the data was not an option. The IT team needed to leverage production data in internal test environments as they developed new programs and systems but they did not need to see the data in the clear.

The new data governance policies required that the technologists, such as DBAs, programmers, or system engineers, could not access the sensitive customer data in the clear or grant sensitive data access to others.

Requirements and Challenges

Protect sensitive data in the Teradata CDW and Hadoop (Hive)
Advanced tokenization with support for high ASCII Latin-1 & Latin-4 characters, consistently without loss
Length Preservation – Retain structure of the current file length or CDW columns

Character preservation through the entire data flow – FTP, Hadoop (Hive), DataStage, Teradata, User application
Scripts and Coding Alignment – maintain consistency between production and dev-test environment
Future Proof – Support for other European character sets, new data sources

Protegrity Solution

Fine-grained data tokenization was applied to key data elements that allowed the IT team to leverage the data in a protected form. The test environment remains full-functioning but unauthorized users are unable to access or grant access rights to sensitive data in the clear.

Critical to the success of the solution, Protegrity also enabled the CISO to determine and specify what data is to be protected, where it is to be enforced, who will have access and when and how the data will be protected.

Enterprise key management (EKM) capabilities are integrated into the platform and provide an easy-to-use system for managing keys. Built-in comprehensive auditing and reporting provides the insight needed to track usage and patterns.

Results & Benefits

Met or exceeded all requirements in the internal privacy policy
Protegrity Vaultless Tokenization preserved data structure and column widths
Audited compliance to new data security policy
Negligible changes to functional processes using de-identified data
Implemented fine-grained data security on any/all character sets and data sources, without significant changes to CDW
Clear separation of duties implemented with the data security policy