How NetLib Security’s Encryptionizer assisted a nonprofit in their mission
Compliance regulations continue to drive companies toward seeking optimal data security solutions. Meeting such standards was the goal for LiftFund, a nonprofit CDFI (Community Development Financial Institution) approaching three decades of business, with a focus on microlending to small businesses that may be unable to afford standard banking options. Since beginning its journey, the company has made more than 23,000 such loans, for a total of over $372 million. It also offers free educational services to its borrowers so that they can become self-sufficient in the future. With a varied client base, including small businesses and startups, and partnerships with financial institutions, the requirements for compliance were pressing.
Ultimately, they turned to a valued consultant, one that has worked with NetLib Security for a number of years and installed solutions for other customers. This consultant helped LiftFund to discover NetLib Security’s Encryptionizer: a unique solution to transparently encrypt stored data on Windows servers and connected devices. Those looking to secure data and achieve compliance can do so with virtually no changes to performance or program code.
What LiftFund needed was a solution that could help mitigate the risk of their customers’ data being compromised, as well as protect their own Personally Identifiable Information (PII) from malicious actors or accidents. Encrypting their databases, folders and IIS was of paramount importance to this goal, as they sought compliance with SOC 2 (Service Organization Control 2) and GLBA (Gramm-Leach-Bliley Act). Ease of deployment, cost efficiency, and securing their application data on site were further factors in their decision, as they are a nonprofit that assists other companies in need.
“LiftFund was required to come into compliance with several third party applications that store sensitive data and Encryptionizer was the only product that was able to satisfy their requirements. Besides data stored in SQL Server databases, they also had IIS attachments (eg, PDFs) which needed to be encrypted so they could be viewed only through the authorized applications. It was a pleasure working with such an experienced and dedicated group of people on such an important mission,” said David Stonehill, NetLib Security CTO.
Since implementing Encryptionizer, LiftFund has already begun meeting their business needs. According to DK Thepuatrakul, Vice President of Information Technology, NetLib Security is integrated with almost all of their on-premise systems, which accounts for a number of their applications. Beyond SQL Server, this included securing several third party applications. Working together with NetLib Security to help meet their specific parameters, LiftFund has also implemented Encryptionizer to be ready for SOC 2 certification before the year is over.
“At LiftFund, we developed our own proprietary loan origination platform since 2006. We have been and are still continuously developing and adding more programs to integrate with many cloud-based software that help us work more efficiently to serve the company growth,” said DK Thepuatrakul, Vice President of Information Technology at LiftFund. “We have quite complicated systems both cloud and on-premises. To prepare LiftFund for SOC II compliance, at first I had some concerns whether we could find a software solution that could protect everything we had. NetLib Securitty met all the challenges and worked with us to ensure that all sensitive data would be protected in our environment. Now we are ready and NetLib Security has given us the confidence to meet SOC II compliance requirements.”
NetLib Security transparently encrypts data on servers, legacy systems, devices and distributed applications. Our unique encryption solutions are a cost effective, easy way to proactively and transparently protect your data. Encryptionizer is our powerful platform that encrypts stored data right out of the box. It can also secure almost any desktop and server database on the Windows platform, such as Microsoft SQL Server, PostgreSQL, MySQL, Microsoft Access, and legacy environments like Visual FoxPro among others, while directly assisting with compliance requirements.
Is your patient data protected?
For many industries, compliance becomes a trickier issue every year. New regulations like GDPR and CCPA, in recent years, have joined HIPAA in requiring companies to meet certain standards to protect their customers’ personal data.
Meeting these requirements was a major goal for a Medical Device Manufacturer (MDM) with thousands of employees and customers worldwide. The recently updated FDA guidelines from 2016 created even more privacy laws for the nearly century-old company to follow. Personal health information (PHI) is, after all, a critical component of healthcare operations, as well as a tempting target to hackers. These laws are designed with this truth in mind. As such, the MDM made protecting their patient data and adhering to all pertinent privacy regulations a top priority
Unfortunately, this is no easy task, and after more than a year and half of searching, the firm was still unable to find a solution that met its needs. As they tell it, that all changed when they found NetLib Security. The MDM had been looking for a product that could be included on their myriad servers and medical devices; a standardized answer rather than a patchwork suite of solutions. For the past several years, NetLib Security has been working with the MDM’s team to help meet key business objectives of securing stored data on their devices. This manufacturer regularly puts new devices out in the field, so they were eager to acquire the ability to protect new products without the complication of different solutions for each device type. Their customers are hospitals, after all, which tend to purchase hospital equipment and medical devices in bulk. The company offers hundreds of products throughout the healthcare industry, from microbiology testing systems to flow cytometers, along with their connected servers. NetLib Security’s Encryptionizer® is integrated with a substantial quantity of these machines, with the intention to roll out the software onto future products with no additional programming required.
The MDM has had no hesitation in expressing positive feedback about what Encryptionizer provides and how it fulfills their company’s needs. Through NetLib Security’s interactions with the handful of teams across the business, related to several markets, NetLib has taken these lessons to add enhancements to the install process and implementation, thus giving customers more flexibility on rollout.
“Ensuring a seamless simple approach to data security has always been a primary goal,” said David Stonehill, CTO of NetLib Security. “Working with the MDM to address their pain points with a solution that can be transparently deployed at scale and meet their key business needs was a great team effort across the board.”
And where different teams and products required distinct needs and approaches, NetLib Security has tailored its solution to fit needs wherever required, while still ensuring ease of use, deployment, and integration. Ultimately, the goal is to simplify security for stored data with no additional programming required. Encryptionizer transparently encrypts data on servers, legacy systems, devices and distributed applications.
The MDM has also identified a few other areas where they plan to utilize NetLib Security’s encryption solution. Some of the MDM’s products incorporate third party solutions. Encryptionizer will allow the MDM to address this potential weak link in the chain for data security, without the involvement of the external developer, which may have different or even subpar security policies. They also plan to roll out encryption protection to legacy devices already in the field. Legacy medical devices and their connected servers are in fact another primary concern for the entire healthcare ecosystem. They represent an easier way to manage patient care and information but they are also a highly vulnerable access point for bad actors. Given that these may no longer be supported by the developer, they constitute another major security vulnerability.
While many companies are still grappling with how to address the problem, NetLib Security has developed a cost effective and powerful solution to this industry wide issue, and looks forward to assisting the MDM in their future efforts.
What do you think is the key to a successful sports team? The shoes? The favorite sports drink? Player salaries? Complaining about the referees? No – it’s athlete data and analysis. Athlete data analytics is a hot topic in sports that offers a competitive advantage in more ways than one. It holds great value for any team and for its competitors. Typically stored in a database and accessed via a proprietary analytics engine, this requires unique data and code protection planning, and is the reason C Sharp Sports teamed up with NetLib Security for protecting, managing, and defending the new holy grail on and off the field.
From professional leagues to smaller, amateur clubs, C Sharp Sports, an information management system provider for the sports industry, is a new player on the scene. Their goal is to help organizations manage and protect what could be as much a goldmine for the club’s competitors as for the team, like stealing the opponent’s playbook. Through a suite of applications, C Sharp Sports offers clubs the ability to easily access and leverage that data in a variety of ways, including training, performance monitoring, or tracking personal and financial information.
This 360 degree view of each athlete provides a truly competitive edge to help keep their players in good “health”, be it physical or financial, ensuring the highest levels of performance on the field. C Sharp Sports not only distinguishes itself from competitors as an Information Management System, but it has become The Learning Platform for Sports as well.
Clubs, trainers and volunteers all receive access to an extensive library filled with exercises, a Players Monitoring Module, a state of the art Video analysis tool and, through a partnership with AION Sports, a Virtual Reality application that is part of the package for sports clubs as well.
Given all the data they are collecting, including Personal Health Information (PHI), and with full deployment planned for 2019, it became imperative for C Sharp Sports to find a solution to protect sensitive team data, as well as protecting their own intellectual property from C Sharp Sports competitors. Previously, the company had utilized other solutions, but they did not find any vendor who was able to meet the multitude of their needs and that could be deployed quickly and with ease. Making a simple code change could take a week of valuable time. Initially, C Sharp Sports looked at Microsoft’s Transparent Data Encryption (TDE) solution, but found it to be prohibitively expensive. Nor was it easy to roll out for a distributed application, or capable of providing all the safeguards they needed. Ultimately, their search led them to NetLib Security, whose powerful data encryption solution, Encryptionizer, effectively and efficiently locks down the data with a flexible and scalable architecture; in turn helping C Sharp Sports scale to meet their growing business needs and that of its customers.
“It is good to have a partner such as Netlib Security on whom you can depend regarding the encryption and security of your most valuable assets, namely your Intellectual Property,” said Rufus van Gom, CTO Interstellar Sports, parent company of C Sharp Sports.
The results have been beneficial to both companies. Today, NetLib Security protects their databases and program code. One critical advantage C Sharp Sports has gained has been time: for example, the complete elimination of that aforementioned week for a code change, since Encryptionizer requires no application changes. Indeed, the company now saves one to two weeks on delivery, allowing for more rapid deployment. Furthermore, encryption has become a valuable part of C Sharp Sports’ unique offering to prospective clients. Encrypting athlete data—the customers’ essential IP—is a high priority among their customers, and C Sharp Sports offers what they need.
Currently, C Sharp Sports does business in many regions across the globe. They are also in talks with Qatar to utilize their platform for the FIFA World Cup in 2022. With their business on an upward trajectory, C Sharp Sports is fully equipped to be the next MVP for sports organizations everywhere.
For over 20 years, NetLib Security has been a leader in cost-effective data encryption solutions that can be easily deployed in a few steps to satisfy a pressing need quickly, and with confidence. The company’s flagship product, Encryptionizer, encrypts stored data right out of the box, with virtually no impact on performance and directly assists with compliance requirements. NetLib Security solutions are ideally suited to the small to mid-sized enterprises (SMEs) with constrained IT departments who need to protect stored data on their Windows servers and connected devices.
Like any other responsible data steward, MIMICS, a financial software firm, focuses its resources on protecting client data by encrypting databases, managing access and safeguarding intellectual property.
From the Gramm-Leach-Bliley Act of 1999 to the GDPR of 2018, ensuring security and providing transparency have been key parts of the company’s objective.
In this case study, follow the partnership between MIMICS and NetLib Security as they work together to ensure they secure sensitive customer data and achieve compliance with data protection standards.
Since 1976, MIMICS, a financial software firm, has been providing its customers across the vertical with a variety of solutions designed to enhance their operations. Today, this includes more than fifty products used by banks, insurance companies and many others.
Like any organization that handles sensitive data, MIMICS, as well as its clients, has had to take steps to secure its databases. Beyond encrypting the databases, MIMICS’s mission critical priorities include: protecting SQL access levels, preventing data manipulation, restricting database access throughout the company, and safeguarding its intellectual property.
Most recently, Europe’s General Data Protection Regulation (GDPR) has prompted numerous companies globally to take steps to comply with new privacy standards. With failure to secure the data of European residents resulting in penalties of up to either $20 million USD, or 4% of an entity’s annual global revenue, these initiatives have been prioritized. However, other laws that far predate GDPR affected the financial vertical. According to MIMICS President and CEO, Lincoln Wildgrube, “the most significant regulation was the Gramm-Leach-Bliley Act of 1999, which required security and transparency from financial institutions handling private data.” Providing compliance for their clients thus became an important part of the company’s objective.
They considered Microsoft’s built-in SQL TDE (Transparent Data Encryption) option, but ultimately decided a third-party encryption solution was preferable. After a past experience involving a client attempting to reverse engineer one of their software modules, MIMICS had concerns that SQL experts at a future customer organization or external entity may leverage their familiarity with SQL in order to try to illicitly access the data.
In 2007, MIMICS replaced its existing encryption product with NetLib Security’s Encryptionizer because they wanted a product that was cost effective, secure and easy to implement. A solution that could be deployed smoothly and uniformly for their clients across SQL Express, Standard and Enterprise would make their jobs much easier.
“Where software vendors, such as MIMICS, are concerned we allow them to encrypt their customers’ sensitive data, whether financial or medical,” said Neil Weicher, CTO and Founder of NetLib Security. “But, just as important we help the vendors to protect their own intellectual property.”
MIMICS has been growing its relationship with NetLib Security as it bundles Encryptionizer with a number of its solutions. The company finds itself saving around three hours on average per installation, and once installed, according to Wildgrube, “it just works.” Moreover, he states, in 2017 around 35% of the firm’s new sales involved SQL Server and NetLib Security, a figure he expects to continue to grow. All told, MIMICS has encrypted over 547 million records with NetLib Security, and over $100 billion worth of open positions. Since first deploying the software, MIMICS is confident in stating that they have avoided any data breaches or instances of reverse engineering of their own products, while helping their customers achieve compliance with data protection standards. NetLib Security and MIMICS plan to continue their partnership with an eye towards meeting even more of MIMICS’s needs while increasing their ROI.