Telecom – National Privacy laws
A major mobile virtual network operator in Italy, which generates and processes thousands of input files per day, many of which contain sensitive customer information and mobile phone traffic data.
The primary goal was to secure sensitive customer information and mobile phone traffic data to achieve compliance with the laws issued by the Italian Data Protection Authority (DPA).
This meant protecting data in the Teradata Enterprise Data Warehouse (EDW) and UNIX file servers that load and unload data from external systems.
The solution also had to be highly scalable, transparent to authorized users, and require minimal changes to functional processes.
Lastly, the company required “Separation of Duties” capabilities, to isolate data security administration to the security team.
Protegrity first implemented the File Protector on the UNIX file servers to encrypt all data at the file system level.
An authorized and signed ETL tool was augmented with Protegrity software to enable transparent read access to the files, and encrypt individual columns of data, before loading them into the Teradata EDW.
Protegrity’s Database Protector for Teradata was applied to the Teradata EDW for column-level encryption/decryption within the environment.
Protegrity Enterprise Security Administrator (ESA) was also implemented to allow the security team to restrict access and sensitive data decryption to authorized users and processes and define alerts and monitoring, on the entire data security system.
Requirements & Challenges
- Protect sensitive data to the satisfaction of Italian DPA requirements
- Secure data at rest in file servers, and at the column level within Teradata ecosystem
- Adopt a high-performance scheme that could keep up with the high-transaction Teradata system
- Security also could not impact performance by more than 20%
- Wherever possible, perform no changes to functional processes
- Implement a separation of duties
Results & Benefits
- Achieved compliance according to Italian DPA laws and guidelines
- Near-zero reduction in system performance
- Files encrypted at rest on incoming file servers
- Data encrypted at the column level in the Teradata EDW
- Negligible changes to functional processes
- Separation of duties implemented with the data security policy