Protegrity Database Protector: Database security tool overview

Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.

Protegrity, an enterprise database security solutions vendor headquartered in Stamford, Connecticut, offers products that protect databases, files and applications. The Protegrity Database Protector product works with many popular databases.

Product features

Protegrity Database Protector provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database, but may make some changes to the database schema and/or applications (although minimal). Supported operating systems include Linux, UNIX and Windows, as well as IBM iSeries and zSeries environments.

The policies that enforce controls are stored separately from the database being protected. For compliance purposes, policy control follows a separation of duties model in which only authorized personnel, such as a security administrator, may grant access to certain types of data to certain users.

Administrators use the Protegrity Enterprise Security Administrator (ESA) central console to configure and manage policies, keys, auditing and reporting. Like all leading database security products, the ESA uses a dashboard to display the status of pertinent activities -- systems, deployed policies, and both internal and policy audits. Administrators can also view all data access attempts and any changes to security policies.

The ESA comes with a collection of standard management and compliance reports, and administrators can create custom reports as needed.

The two primary components of Protegrity Database Protector are the Communications Agent and the Policy Enforcement Agent. The Communications Agent runs between the ESA and the Database Protector, and manages policy and audit log communications. The Policy Enforcement Agent, as the name implies, enforces data protection policies.

Protegrity Database Protector uses the AES-256 encryption algorithm to encrypt data.

Tokens -- which appear as replacement values in database views to keep the actual data hidden from unauthorized users -- are optional.

Prospective customers who are comparing database encryption products from several vendors will notice a lack of detailed information on the Protegrity website. At this writing, Protegrity required registration to receive more detailed information about their products.

Pricing and licensing

Protegrity Database Protector is sold for specific databases, including Oracle, SQL Server, DB2 and others. Oracle Database Protector, for example, costs approximately $17,000 annually for a two-year license or $45,000 for a perpetual license.

Protegrity Enterprise Security Administrator, the management console, costs about $32,000 (two-year term) to $84,500 (perpetual) for a single environment.

Support

Standard technical support is available by phone 24×7. Customers can use online chat to discuss support issues and to open a support case, or send questions via email. A support contract is required to use the online support portal to request support and track cases. Compared to other database encryption vendors, Protegrity's online support offerings are fairly slim. 

Next Steps

Part one of this series examines the basics of database security in the enterprise

Part two of this series looks at enterprise deployment scenarios for database security tools

Part three of this series offers nine steps for purchasing database security software

Part four of this series compares the top database security tools in the industry

Dig Deeper on Data security and privacy