Interview with Scott C. Nevins, President and CEO of Protegrity

Protegrity is a leader in database security software, delivering privacy and protection solutions for mission-critical data stored in databases. Its flagship product Secure.Data enables companies to comply with the strictest government and industry regulations on data privacy and security by preventing both unauthorized and unauditable access to sensitive data.

We talked with Scott C. Nevins, President and CEO of Protegrity, about the company and database security issues. Mr. Nevins is a recognized business leader with an impressive track record spanning more than two decades. He has successfully built four emerging technology and service companies.

The boom of online business gave a large boost to database security in the past few years. Who are the people you see most worried about database security?

The people most concerned about security are the CISOs (Chief Information Security Officers), CPOs (Chief Privacy Officers), and IT Auditors and Compliance Officers. Due to government and industry regulations, senior executives are now personally liable for security and privacy of information. Company executives are attacking this issue head on to fulfill their internal and external obligations. A breach now costs a company significant dollars, potential jail time, and loss of customer and partner confidence.

What do you see as the major challenge in database security today?

Most companies today are still focused on securing data “in transit” rather than “data at rest” in the database. Data lies dormant in databases over 99% of the time and it is there that it is most vulnerable to both internal and external breaches.

Internal DBAs, high level programmers, and experienced users have a high degree of access to sensitive data. External hackers who penetrate the perimeter security defenses know that the crown jewels are in the database. Unauthorized access NEEDS to be stopped.

Companies must face the challenge of securing the data in their databases to create complete security solutions. Past concerns of poor performance, high implementation costs, and weak data security through simple encryption are met head on with Protegrity’s Secure.Data product where implementation times are generally 1-3 days, minimal performance degradation, application transparent and high level security.

Companies need to act and proactively protect their data in their databases.

How much success have you had with Secure.Data? Is it still the only system in the world to encrypt and secure database information at the data-item level?

Secure.Data has become the industry standard for database security. It is the only “out-of-the-box” enterprise security solution that provides for data-item level protection. It is now protected by 5 granted patents. Secure.Data is a complete database security solution that provides secure key management; secure audit and reporting; enforced segregation of duties; centralized console control; application transparent; high performance.

Secure.Data is also the only product that supports all major databases on the NT, Unix and mainframe platforms including IBM, Sybase, Oracle and Microsoft.

Protegrity’s customers include the largest and most well respected Fortune 1000 companies in the financial, healthcare and consumer goods industries.

What qualities do you think are essential to be successful in the database security market?

The product needs to:

  • protect and audit sensitive information stored on all the major relational databases (IBM, Sybase, Oracle and Microsoft).
  • an “out-of-the-box” application transparent solution that can be implemented in days, not months. The real cost is not simply the cost of the product, it is the total cost of the implementation.
  • strong role-based access control to facilitate granular access control to sensitive data that allows for sharing of information with business partners, customers, and other internal and external users, without the risk of breach of critical information assets.
  • centralized application of privacy rules.
  • secure audit trail.

There’s been a lot of discussion on the topic of internal threats in 2002. Do you see the disgruntled employee or the outside attacker as the bigger threat?

Both are enormous threats to a company. The vast majority of the larger security breaches have occurred as a result of internal personnel however both are threats that can and need to be stopped at the source of the breach – the database.

What are your plans for the future?

On the business side, Protegrity’s relationships with IBM, Sybase, Oracle, Microsoft, nCipher, RSA and other strategic partners will continue to expand. Protegrity offers the strongest and most comprehensive database security solution.

We will continue to expand our relationships with key enterprise software applications such as PeopleSoft, SAP and others.

Our product will continue to move forward addressing the new security risks. Protegrity’s platform will be expanded to incorporate wireless initiatives and other types of information.

Protegrity will stay focused on ensuring that it remains at the top of the most central part of data and information security – at the source “data at rest” where data is most vulnerable.