nCipher secures sensitive data for Russia’s leading energy provider
August 2008 by Marc Jacob
nCipher plc has announced that RAO United Energy System (UES) of Russia, one of the largest energy producers in the world, has secured its Corporate Information Depository with a solution based on nCipher’s netHSM, network-attached hardware security module and RSA Database Security Manager. The Corporate Information Depository holds critical information from personal records to sensitive commercial data that is vital to the Russian national infrastructure.
Today, RAO UES of Russia provides 70% of electricity generation and around one-third of heat delivery to the Russian population. To integrate the IT operations of all of its major business divisions and processes, the organisation has created a large-scale information depository where important company data is stored in a database management system.
Unauthorised access, loss, theft or deliberate tampering with this information could lead not only to extremely high commercial losses, but potentially result in administrative penalties and criminal liabilities for the officials responsible for keeping the corporate data secure.
In order to eliminate threats from insiders and outsiders alike, the Information Security Division of RAO UES of Russia has deployed the nCipher netHSM solution, which enables granular access control to the data for its administrative personnel, while posing no restrictions on their job functions.
This is achieved through the use of the RSA Database Security Manager, which can transparently encrypt selected database columns in combination with the external netHSM hardware module that stores and manages the cryptographic keys to decrypt the information. It also controls access to these keys on a per-user basis.
"The main challenge of protecting information in our Corporate Information Depository was the lack of control over the access of database administrators to the data," says Andrei Kazachkov, Chief Expert for the Information Security Division of the Department of Economic Security and Regime, Corporate Centre of RAO UES of Russia. "Disloyal administrators could easily copy information from the database to removable media like a USB flash drive and then trade, publish or otherwise illegally use its content without being traced. The integrated solution, based on nCipher’s netHSM and RSA Database Security Manager, protects against data leakage or tampering as a result of malicious activities from any type of end user and - most importantly - database administrators. All operations with the data stored and accessed are logged and kept securely for further audit, analysis and investigation."