TECH CHOICES

Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

by Noel Yuhanna with Randy Hener, Kimberly Q. Dowling, and Lindsey Hogan August 8, 2005

Key Findings From The Forrester Wave: Database Encryption Solutions, Q3 2005

EXECUT I V E S U M MA RY
Ingrian Networks was the surprise in our evaluation of database encryption solutions. While Ingrian is strong in application encryption, it did well to nish where it did in the current oering category. Ingrian oers a unique appliance-based data encryption solution to address both data-at-rest and datain-motion for applications and databases. Ingrians DataSecure solution showed well-balanced position in most of the areas that we evaluated, especially in hardware crypto, role separation, and custom APIs. But DataSecure lacked pluggable-crypto and was the most expensive product on our list. Customers looking for an end-to-end encryption solution, will nd Ingrian solution to be a good t. INGRIAN NETWORKS IS BEST SUITED FOR LARGE, MULTIPLE DEPLOYMENTS Ingrian is a privately held startup that has led for 11 patents pertaining to database encryption, and recently raised $15.4 million in D Series funds, with Menlo Ventures as the lead investor. Ingrian has more than 112 customers worldwide using various products, and a reported growth rate of 136% during the previous four quarters. Ingrians DataSecure is an innovative solution comprised of a hardware appliance and a software connector that is installed on a database or application server that interfaces with the appliance. The solution allows a user to encrypt/decrypt data using various encryption algorithms, and stores keys in a specialized chip set within the DataSecure appliance which oers enhanced security. Forrester evaluated Ingrians current oering and strategy for database encryption solution against approximately 100 criteria (see Figure 1). Overall, the product has strong support for custom APIs for encrypting/decrypting data at the application and database level, granular role separation capability, centralized key storage and administration, integration with hardware crypto, but lacks support for multibyte character sets, Cipher-block chaining (CFB), and output feedback (OFB) encryption modes, and can be expensive. This means that the product is an especially good t for buyers who:

Want centralized keys management to deliver granular role separation. Ingrian tops our list

when it comes to hardware-based appliance solution, which allows enterprises to stores keys separate from the database. Having keys separated from the data helps achieve granular role separation, where database administrators (DBAs) do not have control of encryption keys. Also, if someone steals the database les, they will be of no use, because the encryption keys are in the appliance and are usually kept apart from the database server.

Headquarters Forrester Research, Inc., 400 Technology Square, Cambridge, MA 02139 USA Tel: +1 617/613-6000 Fax: +1 617/613-5000 www.forrester.com

Tech Choices | Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

Want end-to-end encryption to protect data at all levels. Ingrian oers a exible, multitier

integration solution that can be integrated in heterogeneous environments and deployed at the application, network, and database layers. Enterprises that want data encryption at all levels, will nd the Ingrian solution to be a good t.

To see how Ingrian Networks stacks up against six other competitors, see the Forrester Wave evaluation of the database encryption solutions market.1

August 8, 2005

2005, Forrester Research, Inc. Reproduction Prohibited

Tech Choices | Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

Figure 1 Ingrian Networks DataSecure Evaluation Overview

CURRENT OFFERING Levels of encryption Ingrian supports column-level database encryption with support for various data types. It supports primary and foreign key encryption and encryption of indexed columns. However, Ingrian does not support table-level, database-level, and schema- and code-level encryption. Ingrian oers the exibility to add new algorithms, but does not oer pluggable-crypto. Security policies can be managed centrally or via the Web interface. There are APIs for customization that include support for Java Cryptography Extension (JCE), MS CAPI/MS .Net, PKCS#11 (C/C++), as well as XML interface. It oers a set of access control lists for separation of roles and security policies to control access to encrypted data. Ingrian can store keys only in the DataSecure appliance; keys can be generated either programmatically or through an XML interface. It supports split-key using smart cards in the FIPS solution to split the master key. Ingrian can have multiple databases storing the keys on the same appliance and therefore, oers centralized keys management. Ingrian supports several platforms, including z/OS and OS/400, and is integrated with hardware crypto. It supports integration with LDAP and Microsoft Active Directory (AD). Ingrian supports network-level encryption through the SSL protocol and integrates with DBMS schema, creating additional objects. Supports Oracle, DB2, and SQL Server DBMSes. The Ingrian solution generally requires no application changes, but in some cases, such as range queries, complex table joins, etc., some degree of application change will be necessary. The Ingrian solution also allows for complete encryption/decryption at any application level. Ingrian solution setup is done centrally through a Web interface. It supports equality searches and range scans, but the performance impact depends on the customer's environment. Ingrian oers a solution to improve performance by bypassing Ingrian's triggers/view solution when necessary. For equi-joins, Ingrian requires a complete decryption before joining the tables. Ingrian oers a bulk loader solution, which can be used to encrypt/decrypt large amounts of data quickly.
Source: Forrester Research, Inc.

Encryption options

Encryption keys management

Integration

Usability

August 8, 2005

2005, Forrester Research, Inc. Reproduction Prohibited

Tech Choices | Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

Figure 2 Ingrian Networks DataSecure Evaluation Overview (cont.)

STRATEGY Product strategy Ingrian has a good road map that focuses not just on database encryption, but also on network and application-level encryption. It continues to extend support for all kinds of DBMSes, including data warehouses and legacy databases. Ingrians solution is exible enough to integrate with other technologies, and also oers a complete end-to-end encryption solution. Ingrian's senior management is very focused and committed in expanding the security solution. It continues to do aggressive marketing to expand the market. Ingrian recently raised $15.4 million in D series funds, with Menlo Ventures as the lead investor. Ingrian has a strong ability to execute in most areas and continues to expand its customer base. Ingrian's solution is costly, compared with nonappliance-based encryption solutions. Typical deployments costs run over $120K.

Corporate strategy

Cost

MARKET PRESENCE Installed base Ingrian has 112 customers from all product lines, with 43 customers on the current version of the product. Forty-nine customers have bought or upgraded the platform during the past four quarters. Ingrian did not disclose any customer references. Ingrian did not disclose. Ingrian claims its revenue growth has increased 136% over the previous four quarters. Ingrian claims that there are two systems integrators that have completed three or more deployments of the encryption solution in the past 18 months. Ingrian oers both Web-based and in-person class training to all customers and partners. It has ve systems engineers to assist with deployments and a professional services sta of three. Ingrian has 31 dedicated engineers and an employee count of 54. Ingrian has 18 resellers worldwide, but does not have ISVs that bundle its solution. Ingrian has oces in the US and UK.

Revenue Revenue growth Systems integrator

Services

Employees Technology partners International presence

Source: Forrester Research, Inc.

August 8, 2005

2005, Forrester Research, Inc. Reproduction Prohibited

Tech Choices | Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

Go online to download additional in-depth data and scores for this vendor and other vendors included in this Forrester Wave evaluation.

SUPPLEMENTAL MATERIAL Online Resource The underlying spreadsheet for Figure 1 is available online. The spreadsheet includes more detailed data and scores for this vendor. This detailed data and scores for this vendor are also available online through an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Forrester Wave Methodology We conduct primary research to develop a list of vendors that meet our criteria to be evaluated in this market. From that initial pool of vendors, we narrow our nal list to those presented here. We choose these vendors based on: 1) product t; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that dont t the scope of our evaluation. After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualications through a combination of questionnaires, demos, and discussions with client references. We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor oerings and strategies. We set default weightings to reect our analysis of the needs of large user companies and/or other scenarios as outlined in this document and then score the vendors based on a clearly dened scale. These default weightings are intended only as a starting point, and readers are encouraged to adapt the weighting to t their individual needs through the Excel-based tool. The nal scores generate the graphical depiction of the market based on current oering, strategy, and market presence. Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve.

August 8, 2005

2005, Forrester Research, Inc. Reproduction Prohibited

Tech Choices | Database Encryption Solutions Scorecard Summary: Ingrian Networks DataSecure

ENDNOTES
1

In the past two years, the need for database-level encryption has grown signicantly, mainly because of regulatory requirements, and enterprises taking stronger measures to protect data as more intrusions occur across the globe. To assess the state of the database encryption market and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top database encryption vendors across approximately 100 criteria. The result: Protegrity and Ingrian Networks provide the strongest options in the third-party vendor category, and Oracle leads the DBMS vendors pack. Included in this report is an interactive vendor comparison tool that provides detailed product evaluations and customizable rankings. See the August 8, 2005, Tech Choices The Forrester Wave: Database Encryption Solutions, Q3 2005.

Forrester Research (Nasdaq: FORR) is an independent technology and market research company that provides pragmatic and forward-thinking advice about technologys impact on business and consumers. For 22 years, Forrester has been a thought leader and trusted advisor, helping global clients lead in their markets through its research, consulting, events, and peer-to-peer executive programs. For more information, visit www.forrester.com. 2005, Forrester Research, Inc. All rights reserved. Forrester, Forrester Oval Program, Forrester Wave, WholeView 2, Technographics, and TechRankings are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Forrester clients may make one attributed copy or slide of each gure contained herein. Additional reproduction is strictly prohibited. For additional reproduction rights and usage information, go to www.forrester. com. Information is based on best available resources. Opinions reect judgment at the time and are subject to change. To purchase reprints of this document, please email resourcecenter@forrester.com. 37354