Ten Billion Dollar Energy Producer Implements Guardium Solution for SOX Compliance; Achieves ROI of 55 Percent; Case Study by Leading Analyst Firm Demonstrates Strong Security and Compliance Benefits with Solid Financial Return

Business Wire, July 11, 2006

WALTHAM, Mass. -- Guardium, the database security company, today announced that a $10 billion energy producer has successfully implemented its database monitoring, auditing and security solution for Sarbanes-Oxley (SOX) compliance. According to a commissioned case study by Forrester Consulting, the 6,000-employee company needed to quickly improve its financial/ERP database security to comply with a SOX auditing requirement. Guardium's automated approach allowed the energy producer "to avoid the significant increase in labor and capital costs that would have otherwise been required to address the database auditing, reporting, and management oversight process necessary to meet SOX compliance needs."

In particular, the study revealed an ROI of 55 percent and payback in 11 months, demonstrating that Guardium provides a "very quick and cost-effective solution" for addressing the database auditing and reporting aspects of SOX compliance and shows "a solid financial return" compared to developing an in-house solution. The study also notes that Guardium's network-based technology "enabled the customer to improve database security ... without impacting the performance of critical business applications," and concludes that "the company has been very satisfied with the Guardium implementation."

The Guardium solution is being used to centrally audit and protect two data centers holding numerous Oracle and Microsoft databases, running on Sun Solaris and Wintel servers. According to Guardium, the entire solution was implemented in about six weeks, which included a total of 12 days of professional services for planning, training, implementation and customization.

"Forward-thinking organizations are adopting tighter controls not only for compliance, but also for best-practices security, data privacy and change management governance," said Phil Neray, vice president of marketing, Guardium. "With appliance-based solutions that automate critical compliance and IT auditing functions in real-time, businesses can quickly reduce operational risk and enhance availability while simultaneously increasing IT efficiency."

Proactive, Real-Time Database Security for Enterprise Applications

According to the customer interviewed by Forrester for the study, "Guardium was selected based on the ... functionality, scalability, and ease of use it provided." The study states that:

--"The Guardium solution (has already) helped the customer identify and proactively address a security incident ... The real-time alert capability of the system is also being used to address a request by the business to immediately inform specific people of any changes to certain database tables."

--"The development, operations, and security teams can now refer to the Guardium-generated reports when they are addressing database-related issues to determine precisely who is accessing each database, when they are accessing them, and how they are accessing them. This has provided a very efficient alternative to what would have otherwise been very labor-intensive tasks."

--"Examples have included identifying the user who made changes to a database in a case where an application did not keep a detailed audit log and identifying the specific users accessing a database through an application that only provided a generic user ID."

Addressing Auditors' Requirements Without Impacting Performance of Production Applications

The energy producer reports that since installing Guardium SQL Guard(TM), it has passed one internal and one external SOX-related audit. Additional comments relative to auditors' requirements include:

--"The database administration (DBA) and security teams have also found that their interactions with the SOX auditors were simplified ... as a result of the fact that SQL Guard was specifically built to address the data privacy and change control requirements of SOX and other similar regulations."

--"Once the auditors were shown Guardium's capability to monitor and audit database accesses, they were comfortable that it addressed the related needs for SOX compliance."

--"By not having to use the native logging capabilities of its database platforms, the company was able to meet (its) compliance needs without risking the performance and availability of its critical financial/ERP business applications."

In addition to the cost savings highlighted by the 55 percent ROI and payback period of less than a year, the case study notes that this customer "also gained the unintended but valuable additional benefit of improving the efficiency and effectiveness of those responsible for supporting database application development and database security".

How Forrester's TEI Methodology Was Used to Calculate ROI and Payback Period

Forrester's Total Economic Impact(TM) (TEI) is a methodology developed by Forrester Research that helps companies demonstrate, justify and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

The primary benefit the Guardium customer gained from its investment has been its effectiveness in addressing the database auditing and reporting requirements for SOX compliance. An additional byproduct of the solution has been the valuable insight the solution provides regarding database usage, which is being used for improving security, managing performance and troubleshooting problematic applications.