Defense and industrial conglomerate Thales Group completed its estimated $424 million acquisition of data security technology maker Vormetric in March to add new product and service offerings into the Thales e-Security business portfolio.
Based in Silicon Valley, Vormetric designed its platform to help enterprises and public sector agencies defend their information and applications in either physical or cloud computing environments.
In this conversation with ExecutiveBiz, Vormetric U.S. Federal Sales Vice President Wayne Lewandowski gives an update on the company’s integration into the Thales Group enterprise and opportunities the French firm sees in the U.S. public sector arena, along with a forecast of where agencies will take data encryption efforts forward next year.
ExecutiveBiz: What major developments have occurred at Vormetric since the acquisition?
Wayne Lewandowski: As the integration continues, the need identified in the federal market for our combined solutions continues to grow at an extraordinary pace. We have introduced our new patented technology called Live Data Transformation. One of the major hurdles to any encryption project is the initial conversion.
This is compounded moving forward as the data grows and the organization has a key rotation strategy. Traditional methods require data to be taken out of use or replicated. Both have significant impact to the organization. LDT enables computer resources to be used on an available basis to accomplish this task as a background process.
An innovation that eliminates the transformation process concern. Further, we are seeing momentum associated with cloud offerings as they continue to extend beyond IaaS, but SaaS, and PaaS environments particularly in a FedRAMP environment.
ExecutiveBiz: What potential does Thales see in Vormetric and in particular the U.S. public sector arena?
Wayne Lewandowski: The market continues to identify with an enterprise strategy for data security. Point solutions from application/storage vendors and cloud providers only answer part of the requirement. As the public sector goes to the cloud, there will always be certain data that is maintained in classified environments and potentially field deployed.
The notion of having a data security platform that meets the needs of the entire enterprise with centralized control is becoming an imperative. Knowing that an agency can control data access without owning the infrastructure is quickly becoming an imperative.
ExecutiveBiz: Where do you attribute Vormetric’s 62-percent growth in bookings year-over-year to?
Wayne Lewandowski: Market validation of our platform. You don’t need to look to hard at the news to find a data breach that involved privileged users. This is a cornerstone to our solution to mitigate such risk. The growth in cloud and our ability to address unique environments such as AWS S3, Docker, and field level security along with file level demonstrates a completeness to our offering.
In the federal market, we saw 388% growth from government fiscal year 2015 to FY 2016.
ExecutiveBiz: How do you see data encryption in agencies evolving over the next year?
Wayne Lewandowski: The pivot here is from taking a “we need to encrypt everything” approach to understanding that access controls are a key component to the encryption strategy. This coupled with key management alongside encryption, creates a high confidence that data is being accessed by the individual or role in the agency that it is intended.
The NIST 800-53 standard addressed this early on at a high level and the necessity of this more complete solution is in high demand. As FedRAMP-approved clouds to continue to deploy our solution, it will be become critical to agencies addressing the governance of access and keys remotely from the cloud.
ExecutiveBiz: What additional steps can agencies take in that effort?
Wayne Lewandowski: Leadership needs to ask tough questions of their security teams such as: “Are we truly addressing the problem of adversaries being in the environment and ensuring data is not accessible?”
Security is a strategic and enterprise concern regardless of the mission. Ensuring that personnel, mission, legislative, or highly sensitive intellectual property must be guarded from those who wish to do us harm or monetize the rich target of government data. The strict governance of this level of protection will be fundamental to IT moving forward.