Protegrity Secure.Data Now Available for Oracle Database Technology; ``Out-of-the-Box'' Application Transparent Database Encryption Solution Supports Oracle9i Database

Business Wire, July 24, 2002

Business Editors & High Tech Writers

STAMFORD, Conn.--(BUSINESS WIRE)--July 24, 2002

Protegrity(R), Inc. announces the introduction of Secure.Data(TM) for Oracle9i Database on IBM(R) AIX(R) and Microsoft(R) Windows(R) Server 2000 -- an "out-of-the-box" automated database encryption solution with protected key-management software for selectively encrypting and securing enterprise relational database information at the data-item level.

"Oracle is committed to partnering with companies that value security," said Mary Ann Davidson, chief security officer at Oracle. "Partners such as Protegrity that support Oracle database technology and provide added security have proven beneficial to our mutual customers."

Protegrity developed Secure.Data for Oracle(R) database technology to meet the growing corporate, legislative and industry-wide requirements for securing content in databases. Secure.Data's core functionality--designed to seamlessly run within an Oracle environment--provides organizations with a readily deployable comprehensive encryption key-management solution. This key-management solution includes monitored and protected access to encryption keys. The encryption keys, including master keys, can be stored in encrypted form.

"Often forgotten, the protection, audit and segregation of duties for sensitive data at rest within the database level are key elements of security because most data remains at rest in databases for more than 90 percent of its life. A company is vulnerable when its security solutions focus on perimeter and network, and overlook databases," said Pete Lindstrom, director of Security Strategies, Hurwitz Group.

Secure.Data for Oracle9i Database is fully deployable into production environments in just a few days. This database encryption security solution is application transparent, which allows for rapid execution and cost-effective privacy compliance.

Protegrity's Secure.Data automates encryption with an out-of-the-box protected audit function that is based on separation of duties for sensitive data in selected columns of corporate databases. Protegrity's Secure.Data has been penetration tested by Oracle's European Security Practice, Check Point OPSEC certified, and is RSA SecurID ready.

"Protegrity's Secure.Data is a database encryption solution that operates independently and transparently to applications while protecting the privacy of database information against internal and external threats," said Scott C. Nevins, president and CEO of Protegrity.

Protegrity is a leading infrastructure software company for deployment ready "out-of-the-box" encryption solutions that protect the privacy of nonpublic information against both internal (including Data Base Administrator)--and external threats. The automatic and enforced segregation of duties between DBAs and security officers enables centralized management of encryption parameters. Secure.Data encryption provides a system of integrity checks and self-protection of individual modules, user accounts, and database extensions.

The largest and most successful Fortune 500 companies in the commercial and consumer finance, investment banking, healthcare, pharmaceutical, consumer products, and E-Business sectors, including credit card issuers and processors, use Protegrity Secure.Data for securing information, such as: credit cards, financial, compensation, secret formulas and patient records in their databases.

Secure Data is the only third-party data-protection and privacy-enforcement product that works with Oracle database technology, IBM DB2 UDB, Microsoft SQL Server, and Sybase ASE databases. The product operates in distributed environments and across the leading relational databases, including Web and Internet-enabled database applications.

Companies and organizations are now establishing new internal IT audit requirements for protecting against external and internal security threats. The U.S. FBI/Computer Security Institute (CSI) Computer Crime and Security Survey of April 2002 highlights that U.S. companies and government agencies report losing more money from theft of proprietary information than any other type of attack on their computer systems. The average loss for financial fraud of proprietary data is $4.1 million.

Businesses and organizations are being required to implement selective encryption of data in databases because of information-privacy and data-protection legislation, such as mandates for cryptographic protection of stored data, and requirements for securing sensitive data at rest within the database. There are also private industry-wide mandates that require compliance with privacy and security requirements, such as VISA USA Cardholder Information Security Program (CISP) and the U.S. Software and Information Industry Association (SIIA) method of securing credit card and private consumer data in e-business sites.

Protegrity was established in 1996 and is based in Stamford, Connecticut, with its Research and Development and European Regional Sales Office in Sweden. Information about Protegrity's Secure.Data solution for Oracle products, as well as more information about other Secure.Data information-privacy products and services is available by calling 203/326-7200, visiting www.protegrity.com, e-mailing: sales@protegrity.com; faxing 203/326-7250, or writing to: Protegrity, Incorporated, 1177 Summer Street, Stamford, CT, 06905-5529, USA.