Case Study I - EUR 30m Offshore Initiative
Our client, a major financial organisation, came to PSE Data Security with a Legal and Compliance issue that was a showstopper for their 30 million euro offshore cost saving project.
Due in part to government(s) legisalation but largely to company privacy directives, the bank account numbers od their customers and employees, which were stored in their fiancial and HRMS systems, had to be treated as provate data and could not be viewed outside the borders of the customers home country.
Therefore, a support resource working in India was only allowed to see those account numbers of the company's customers who also resided in India. Resources based in Poland were not allowed to see the account numbers of customers based in the United States. Resources based in the United Kingdom were not allowed to see the account numbers of customers residing in Switzerland.
Our client had been searching for a solution via major consultancies, software and hardware vendors with the following directives:
- budget of maximum Eur 200K
- whole database encryption was not in scope
- no additional hardware budget
- 6 week critical timeframe
PSE was approached following an initial customer reference and provided the solution under budget and within the tight timeframe.
Description of Solution
PSE implemented PSEencyption with the performance option and (client provided) algorythm wrapper. These were hooked into the database encryption routines.
Data was encrypted on the fly on a per record basis whenever the requestor IP range, machine name, and location (from the HR system) of the user did not match the country of residence of the customer whose data was being viewed.
A performance hit of 15% was recorded as a direct consequence of the encryption. Post tuning this hit was reduced to 4%.
The offshore initiative went ahead saving the company an estimated 30M per year.