Ulf Mattsson

Old Greenwich, CT, United States

About Ulf


I am a founder and the Chief Technology Officer of Protegrity in Stamford, CT. I created the architecture of the Protegrity database security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class EB 11 (Individual of Extraordinary Ability, after endorsement by IBM Research in 2004).

I am the inventor of more than 15 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.

I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security and a member of ANSI X9. Leading journals and professions magazines, including IEEE Xplore, ISACA and IBM Journals, have published more than 100 of my in-depth professional articles and papers. I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems, Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden.

Specialties:IT Architecture, IT Security, Data Encryption, Key Management,Databases, PCI DSS.


English, Swedish

Areas of Expertise

Security, Compliance, Regulations, PCI DSS, ANSI X9, privacy, Encryption, Tokenization, Databases

An idea worth spreading

Encryption will not be a long term approach to data security

I'm passionate about

Family, encryption, tennis, golf and sailing

Talk to me about

Why will encryption not be a long term approach to data security?

People don't know I'm good at

Finding talent for new technolgy

My TED story

Finding new ways of solving data security and privacy problems

Comments & conversations

Ulf Mattsson
Posted over 1 year ago
How Data Security Tips the Scales in Privilege vs. Protection
I'd like to add that more flexible options, such as some forms of masking or tokenization, can also provide different levels of security that either generalize the data or expose certain parts of sensitive data without revealing it completely. However, these fine-grained data security options also require proper privilege management. Step one in this process is usually assigning a security-specific role or team in the organization, if they don’t already have one. Isolating security policy administration to a security team can provide a separation of duties between users or system administrators from security privilege assignments. The security team must develop a comprehensive data security policy, preferably one that can be centrally managed and administrated across the enterprise, in line with the needs and expectations of the operations of the business, and the roles contained therein. Often the simpler way of assigning policy privileges, or authority to access sensitive data, is by specifying the few people who have access, rather than those who don’t. Finding a data security vendor that can provide easy policy management with push-button configuration can go a long way to assisting you in implementing this process. While access controls remain an integral function in data security and privilege management, organizations now need to get down to the data level in order to avoid either inhibiting business processes or opening the door to a data breach.
Ulf Mattsson
Posted over 1 year ago
Beyond encryption for Big Data. Encryption is no longer secure. What is the the new way to protect data?
The good news is that some leading companies are finding new ways to bridge the gap between security regulations, privacy and compliance, yet still be able to provide powerful analysis and data insight to achieve the power behind a big data environment. I recently read an interesting study from Aberdeen Group about security-related incidents. The study revealed that “Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users”. The name of the study is “Tokenization Gets Traction”. Aberdeen has also seen “a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data”. Ulf Mattsson, CTO Protegrity