[D’Amo Customer Story] Data Encryption for K Financial’s Microsoft SQL Server
*To protect our customer’s privacy, we chose not to reveal our client’s name and refer to it under the pseudonym of K Financial.
Background
The financial industry processes some of the most sensitive information of consumers. From personally identifiable information (PII) to bank account and payment card information, the data that banks possess are highly appealing for cybercriminals. A leak of personal data could end up in identity theft, while mismanagement of financial data can lead to tremendous loss, which the bank would need to recover.
K Financial is one of the largest commercial banks in South Korea with more than 30,000 employees. At the time of this story, K Financial adopted Penta Security’s D’Amo for SQL Server for its dual-core CPUs.
The Challenge
Security system for automated banking systems
Automated banking machines (ABM) operate all year round, making it difficult to monitor their activities and statuses individually. This makes them vulnerable to security attacks, putting the customers’ personal and financial data at risk.
Due to this concern, K Financial consulted with Penta Security for a database encryption solution that would both protect customer data and prevent unauthorized access. K Financial specified the following three requirements:
1) The solution must not make changes to or alter the settings of the existing solution packages installed in the machines.
2) The solution must not slow down the machines’ operations.
3) K Financial’s databases are set to high availability mode with active/standby pair configurations, meaning that a shadow copy of an actively operational database is created in real-time to prevent data loss. The solution must be applicable to this configuration.
The Solution
Optimized for Microsoft SQL Server
The databases processed by K Financial’s ABMs are hosted by Microsoft SQL Server. D’Amo for SQL Server is a perfect solution that offers optimized compatibility for it without slowing down the system. To protect the databases, D’Amo provides data encryption at the storage level along with a robust access control system. It also stores a copy of the audit log which can be reviewed at a later time.
No changes to existing solution package
Since K Financial’s ABMs were already installed with various solution packages, modifying them would significantly increase costs. Fortunately, D’Amo is able to provide encryption and access control without making changes to the existing solution packages.
Convenient management tools
D’Amo is easy to operate and does not require any cybersecurity expertise. All of D’Amo’s functionalities can be applied and managed through a few clicks via a graphical user interface. What’s more, K Financial is able to freely select the columns to encrypt and decrypt. Account administrators can easily configure access control policies through an intuitive template.
Support for high availability mode
D’Amo is compatible with databases configured to high availability mode, allowing it to protect both the active and the standby databases in real-time (see figure below).
Dual access control for important data
To protect important columns in the database, D’Amo provides 2-level access control. The first level controls logins to the database management system (DBMS), while the second level controls access to the columns containing important data.
Access control configurations
D’Amo’s access control can be managed through both an allow list and a deny list. Account administrators can configure the policy on the basis of IP address, MAC address, application used for access, time of access, and OS account if terminal access is enabled.
The Benefits
With D’Amo, financial institutions like K Financial can rest assured that their sensitive customer information is safely protected. Not only does D’Amo help organizations meet regulatory compliance, but it also saves a lot of time and resources in the long-run, because the cost of data breaches and financial crime can significantly damage an organization’s financial standing and reputation.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security