Ingrian Software Encrypts PeopleSoft Apps Data

Ingrian Networks has released a version of its encryption appliance software that supports PeopleSoft applications, which it says will help companies comply with regulations.

Ingrian Networks Inc. has released a version of its encryption appliance software that supports PeopleSoft Inc. applications.

Ingrian DataSecure is now capable of encrypting data within PeopleSoft Human Capital Management, CRM (Customer Relationship Management) and Financial applications.

That includes column-level encryption of sensitive data such as employees Social Security numbers, salary data and e-mail addresses; customer credit-card numbers, e-mail addresses and ID numbers; and other financial data, including transaction records.

Karim Toubba, vice president of product management at Ingrian, in Redwood City, Calif., said the new version will help PeopleSoft users comply with security mandates and privacy legislation, including Californias AB 1950, Europes Data Protection Directive, Visas Cardholder Information Security Program, MasterCards Site Data Protection Program and the Gramm-Leach-Bliley Act.

Encryption can be a drag on database performance. Ingrian approaches the problem by supporting the latest algorithms, such as AES (Advanced Encryption Standard), Toubba said.

Also, cryptographic processing is offloaded to the hardware appliance component of the product. In addition, pooling together such appliances can offer load-balancing to handle transaction volume, he said.

/zimages/6/28571.gifOracle patched 23 critical vulnerabilities in its first quarterly patch rollup. Read more here.

Toubba said two other components help lighten the performance drag: storing the cryptographic keys on the appliance instead of on a database, and allowing encryption without application code changes.

"We implement a view-trigger model," he said. "We create a view inside a database and rename the view name to the original base table name and create a level of abstraction," so processes can be validated, can occur and can then present data to an application.

Jon Oltsik, an analyst at Enterprise Strategy Group, in Milford, Mass., said Ingrians approach is good for lessening the labor of encryption. "Right now, if you want to encrypt at the application level or at the database layer, its a pretty labor-intensive process," he said. "[Ingrian] can automate that process fairly easily. You integrate into the appliance at the database or application layer."

Ingrians tight integration is important, Oltsik said, because it enables granular control. "I can encrypt just the Social Security number and keep the rest [of the data] in clear text," he said.

"If you were to try to do that on the database, first there are restrictions on what you can encrypt on the database. Also, if you start to do encryption and decryption on the server, you take a performance hit. Thats processor-intensive."

The version of DataSecure that supports PeopleSoft applications has been shipping for about a month.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest database news, reviews and analysis.