[D’Amo Customer Story] Employee Data Protection and Regulatory Compliance for N Systems Inc.
*To protect our customer’s privacy, we chose not to reveal our client’s name and refer to it under the pseudonym of N Systems Inc.
Background
N Systems Inc. is a subsidiary within a major Japanese precision engineering conglomerate. The company focuses mainly on the development and support of computer software for its parent company.
The Challenge
Protecting personal data and meeting regulatory compliance
N Systems’ main challenge was to establish a sustainable process to protect the personally identifiable information (PII) of its employees, as well as to keep compliant with the Financial Instruments and Exchange Act (J-SOX), a Japanese regulation that makes it mandatory to have adequate internal controls in place for the financial reporting process. It was also in the process of preparing itself for consumer data privacy regulations like the General Data Protection Regulation (GRPR) and California Consumer Privacy Act (CCPA).
As a company in charge of developing software components for digital cameras and automatic exposure control devices, N Systems managed numerous data of employees and customers. This time, it came to Penta Security to work out a solution to protect its employee database. Specifically, N Systems was hoping for the following results:
1) Having secure storage of employees’ personal data
2) Allowing HR employees to safely view the personal data of former employees
3) Having a robust access control system to prevent internal data leakage
Current situation
N Systems used Microsoft SQL Server to manage the personal data of employees. The database included personal information like names, phone numbers, home addresses, as well as job-related information such as work performance scores, cooperativity scores, qualifications, and attendance rates. Since HR employees had to be granted access to such sensitive information of former employees, unauthorized access from within the company became a primary concern. N Systems also worried about a potential leak of employee data to the public.
After careful considerations, N Systems realized that it needed a systematic encryption solution with three key components: 1) a data encryption system, 2) a robust access control, and 3) log generation and management features.
The question: self-development vs. solution adoption
It had long been standard practice for organizations to adopt third-party solutions to protect client and application servers from web attacks. Yet, in terms of protecting database servers, many organizations still relied on in-house developers for encryption, access control, and log management. This was not only highly costly, but also took a lot of time and effort away from valuable human resources.
In the end, N Systems decided to adopt a third-party solution – D’Amo for SQL Server. D’Amo is an integrated data encryption solution package that offers data encryption along with access control and log management, without the need to make any modifications to the existing database management system.
The Solution
Robust encryption deployed in a breeze
“We are finally free from the constant worries of leaking employee data,” an IT manager at N Systems said. The main reason for choosing D’Amo was the quick and easy adoption process and the convenience of the encryption key management system.
Without the need for any additional software development, D’Amo was deployed within one week after a couple of installations and settings. Moreover, it did not require N Systems to make any modifications to its existing database applications. In addition, since D’Amo allows for column-level and partial encryption, N Systems was able to select the specific columns containing sensitive information to encrypt. This allowed N Systems to protect their sensitive data without slowing down the servers.
Simple and easy management
D’Amo can be managed through one central console with an intuitive graphical user interface. It does not require users to have a professional security background to operate the system. Encryption, decryption, access control, and operation logs can all be managed with a few clicks.
The Benefits
With D’Amo, N Systems was able to secure its employees’ information while still allowing HR staff to access and search within the database without any notable inconvenience or delay. Not only is this useful for managing employee data, organizations can also use D’Amo to secure and manage their customer databases, making it the perfect solution for GDPR/CCPA compliance.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security