Encrypting business-critical and sensitive data.

Why a major European energy provider encrypts all of its customers' business-critical and sensitive data, and how it is done.
 

A major European energy provider is confronted with the challenge of protecting all personal data and all critical digital assets such as business intelligence data, financial planning, power grid statistics, or HR data. The main challenge is that this protection must be guaranteed in a heterogeneous and ever-changing IT landscape with cloud services such as AWS, Azure, and Salesforce.com. as well as numerous on-premise systems and across all of the company’s locations.  

The energy provider chose, also in consideration of the European General Data Protection Regulation (GDPR), for a data security protection strategy whereby all data at rest is to be encrypted, regardless of the storage location. Encryption should be fully automated and transparent for end-users, in all applications that generate, process, or store data, on-premise and in the cloud. Encryption must, of course, be based on robust and proven cryptography.

The Thales CipherTrust suite was chosen as a product, and CRYPTAS got awarded with the implementation. The customer and CRYPTAS established a well-defined approach for the joint roll-out of the data protection strategy, encryption policies, and encryption agents for each project and team.