Turkish Personal Data Protection Law (KVKK) and PCI DSS regulatory compliance
Flexible integration enables end-to-end data-centric protection for improved corporate data security
Sophisticated data discovery highlights sensitive data within just days
Improved business processes and data management workflows

Challenge

Comply with global data privacy regulations while streamlining data management workflows and processes to improve visibility.

Details

Mission to protect sensitive data at rest and in transfer

This organization wanted to go further than just protect its customers’ and employees’ personal information as is required by KVKK, the Turkish equivalent of GDPR. It needed the flexibility to secure other sensitive data and wanted to comply with global Payment Card Industry Data Security Standard (PCI DSS) regulations, even though that is not a requirement within its industry. The company’s Chief Information Security Officer explains further: “Our customer data moves between various business-critical systems, and we need to ensure protection for data that is both at rest and in transfer. This is not an easy goal to accomplish, and we talked to our partner Plainex Technology, which specializes in delivering integrated solutions.”

Hikmet Kılıç, Managing Partner at Plainex Technology, picks up the story: “We feel that data protection must begin with data discovery, because when an organization understands where its sensitive data resides and how it is structured, it can start to look at the issue of data protection. We are a proud CyberRes (now Cybersecurity part of OpenText™) partner and knew what to recommend for this scenario. The combination of Voltage Structured Data Manager (SDM) and [Voltage] SecureData would cover data discovery, data maintenance including redundant data deletion, and data protection. A successful Proof-of-Concept (POC) confirmed the potential for our client and saw the start of the project.”

Voltage SecureData is designed to protect data through encryption wherever it flows in an IT environment. This guarantees data privacy and drives business value through secure data use. SDM discovers, analyzes, and classifies data in both relational and NoSQL databases. It automates risk mitigation and manages the lifecycle of sensitive data. A data-centric approach is necessary when data moves around. This can make it difficult to keep referential integrity, and this is exactly where SecureData shines.

Effective Voltage SDM and Voltage SecureData integration enables end-to-end data protection

Hikmet Kılıç discusses the implementation process: “Our customer leverages various databases and the in-built Voltage SecureData Format-Preserving Encryption (FPE) meant that we did not have to modify any database fields. Using FPE, the encrypted and clear data are treated the same at a database level. We do not require clear data during transfer between systems, and with Voltage SecureData we can specify exactly to whom and where the clear data must be accessible. Because Voltage SecureData takes a datacentric approach, its protection extends beyond just credit card data, which enabled us to secure any other sensitive data in our client’s technology landscape, boosting the overall corporate security.”

The bedrock of Cybersecurity by OpenText is to provide flexibility where possible. This made it easy for Plainex Technology to integrate data-centric protection with all business-critical applications in use. Although this client does not currently leverage Voltage SecureData by OpenText for data analytics purposes, it is aware of the opportunities here and has plans to extend Voltage SecureData to its team of data scientists and provide access to the part of the data they require for their analysis.

Meanwhile, Voltage SDM by OpenText was unleashed on thousands of tables containing many terabytes of data residing in Oracle, SQL, and MySQL databases. Within mere days, Voltage SDM provided a comprehensive overview of sensitive data, including user-friendly dashboards for data owners to review and action. The client plans to leverage Voltage SDM for data quality purposes, with the increased data visibility giving them the chance to manage orphan tables and data as appropriate, to plug any potential security gaps. Out-of-the-box Voltage SDM data dictionaries eased the addition of new data types. The client also hopes to use Voltage SDM for data archiving purposes to make more optimum use of data storage facilities.

Plainex Technology took the time to understand our requirements and came up with the right solution for us. The combination of Voltage SDM and Voltage SecureData gave us much-improved data structure visibility as well as the data protection that we needed.

最高情報セキュリティ責任者
Leading Services and Facilities Management Company

Global data privacy compliance and improved business processes

“Our number one priority was compliance with global data privacy requirements,” comments the Chief Information Security Officer. “While we started the project to achieve this, we also wanted to take the opportunity to improve our business processes and data management workflows. Plainex Technology took the time to understand our requirements and came up with the right solution for us. The combination of Voltage SDM and Voltage SecureData gave us much-improved data structure visibility as well as the data protection that we needed.”

Hikmet Kılıç concludes: “Leveraging Voltage SDM and Voltage SecureData, our client now enjoys KVKK and PCI DSS compliance. We added value by data minimization and system integration so that all data benefits from consistent corporate-level data security. Our focus on data-centric protection with support from the CyberRes (now Cybersecurity part of OpenText) team and top management support from our customer were the main success factors in this project.”

Because Voltage SecureData takes a data-centric approach, its protection extends beyond just credit card data, which enabled us to secure any other sensitive data in our client’s technology landscape, boosting the overall corporate security.

Hikmet Kılıç
Managing Partner, Plainex Technology

About Leading Services and Facilities Management Company

This organization wanted to go further than just protect its customers’ and employees’ personal information as is required by KVKK, the Turkish equivalent of GDPR.