To comply with the Privacy Protection Act, LG Display undertook a project to organize its data platform environment at the enterprise-level. As its first step, they had their systems evaluated by security consultants to understand current state of personal
information retention. The 2012 encryption project was then kicked off with, first, any data deemed unnecessary being deleted, and designated servers which required encryption. For this project, LG Display chose to make use of TDE, a feature built into SQL
Server and thus not requiring use of a third-party solution. Given the intricate nature of the numerous systems involved in storing and safeguarding personal information, bringing in a third-party system would have only aggravated the complexity. With the
decision taken to simplify its systems, LG Display put in place a governing policy to encrypt DB with TDE and make use of the current solution for access control. As a result, LG Display was able to keep changes in the enterprise data platform environment
to a minimum, while increasing the level of encryption and thus bolstering its security. In addition, the company was able to be thoroughly prepared for compliance with Privacy Protection Act before it had come into effect.
“With TDE, we can clearly locate the responsibility and accountability. For instance, we have to call many vendors including DB solution providers when using a third-party solution. With TDE, though, we don't have to call anyone else: we
deal with a single vendor. From the point of view of the company, adopting a new solution means that we have to find extra human resources. However, TDE has enabled us to respond to Privacy Protection Act without increasing personnel as the DB manager is now
able to handle encryption-related work"
-Kang Seongyun, LG Display EA Team-
LG Display prepared fully and in advance for compliance with Privacy Protection Act at the enterprise level. They first began responding to the requirements of the Privacy Protection Act in 2011through implementing a security consulting service. The initial
focus was to establish a standard for systems subject to the Privacy Protection Act as a way to determine the scope of their encryption project.
The consultations around enterprise security uncovered a number of surprises to LG Display, as the systems subject to the Act were far more than expected. After picking from the recommendations appropriate systems, they further sub-selected systems that
actually needed to be encrypted due to unnecessary storage on them of personal information. LG Display worked with experts from various fields such as security, application and development, to delete all non-critical personal information. They then listed
systems which needed to handle personal information for business purposes – and it was these systems which became the subject of the encryption project.
LG Display was then faced with the task of deciding which technology would be the most suitable. This was not easy due to a glut of relevant solutions in the market in the wake of the Privacy Protection Act. LG Display broke the question down into two overarching
approaches. The first approach was to make use of the built-in encryption feature in DB and the second approach was to adopt the encryption solution provided by the domestic security solution providers. They examined the two approaches from all angles from
performance to convenience in maintenance. After much debate, they opted for TDE (Transparent Data Encryption).
“It was difficult to read much into the performance evaluation as it was not easy to set up an objective standard. When it comes to a third-party solution, we were not able to guarantee compatibility unless we adopted a solution provided by a single vendor.
We could have adopted one specific solution, but it would resulted in another thing to manage, diluting accountability in cases of system failure. Considering the complex setup, the rational choice was to use TDE built in DB", said Kang Seongyun, Deputy Head
of LG Display EA Team.
In 2012, LG Display carried forward with the DB encryption project with Microsoft SQL Server as the subject. In promoting this project, LG Display decided to make use of DB built-in features for encryption and audit, while using the current solution for
access control. Though LG Display could have used instances in DB and access control features for the columns in the table, they instead decided to make use of the existing access control tool in order to minimize changes to the enterprise DB platform.
The encryption project promoted in 2012 targeted dozens of system DB. Yet, it was Microsoft SQL Server-based systems which went through DB upgrade as the pre-project phase. As most systems were based on SQL Server 2000, they had to be upgraded in order to
make use of TDE feature. While upgrading the old 2000 version to SQL Server 2012 Enterprise Edition, LG Display carried out DB encryption on a case-by-case basis. What they cared about most in this project was having the departments involved cooperate well
together. “Many departments including security, management and development agreed to work together for this project. In close cooperation, we carried out DB upgrade, tuning and code-level application improvement, as needed”, said Kang Seongyun, Deputy Head.
Microsoft Korea contributed a great deal to this process. LG Display worked with engineers from Microsoft Korea on DB tuning. This was in order to minimize any performance losses that might have been caused by DB encryption. As a result, they were able to
mitigate inconvenience among on-site users after DB encryption.
In early 2013, LG Display completed the encryption of their main systems. They quickly followed this up with the development of their Privacy Protection Act-related status management system and directory service duplexing. As their next project, they plan
to undertake the maintenance of a centralized encryption key management system. This is with a view to performing the operation and management system at enterprise level rather than at unit system-level, given that they have standardized the application standard
for encryption with TDE.
Set enterprise-wide best practice for encryption
In the course of encrypting dozens of system, LG Display was able to establish Best Practice available for further reference when demand rises. This Best Practice is its ‘Patent Management System’, which was chosen for encryption through this project as
it contains highly sensitive information about patent applicants and external users.
This system used to be managed by each department as necessary, rather than by the IT department. Whenever a new requirement arose, the new development had to be carried out, inevitably leading to performance issues cropping up. Plus, with different developers
being assigned to work on every project, rather than one developer having responsibility for the system development, a bottleneck in performance was caused. This was part of the rationale for LG Display’s decision to go ahead with a physical-level upgrade
after the system encryption in 2012.
LG Display upgraded their patent management system DB to SQL Server 2012 Enterprise Edition in the second half of 2012. While doing so, they worked on what users complained about most - the slow speed of the system. The results were better than expected.
For this reason, LG Display members agreed on taking Patent Management System as Best Practice for further systems which also require the personal information on them to be protected.
“The Patent Management System was upgraded at application-level to the extent that it passed DB tuning. This resulted in an unexpected improvement in performance. As this was realized without the need to modify the source code on a large scale, we did not
have to push ahead with the hardware replacement scheduled for 2013. We are now considering carrying out a further project based on what we achieved here”, said Kang Seongyin, Deputy Head.
Clarity over responsibility and accountability
With TDE in SQL Server 2012 Enterprise Edition as the standard encryption technique for compliance with Privacy Protection Act at enterprise-level, LG Display expects to enjoy many benefits from 'this standardization’. Above all, they are now able to have
clarity over responsibility and management.
One thing that LG Display cleared up in establishing the counterstrategy for compliance with Privacy Protection Act was to ‘not have a third-part solution’. Using such solutions whenever a new regulation comes into effect carries the advantage of being able
to help bring a prompt response at the unit business-level. However, from the point of view of the enterprise, there is a disadvantage to having more items on management’s radar. LG Display figured that the most effective way to respond to Privacy Protection
Act is to implement a management and control mechanism at the enterprise level while, at the same time, keeping the management of the existing data platform as simple as it is now.
“With TDE, we can clearly locate the responsibility and accountability. For instance, we have to call many vendors including DB solution providers when using a third-party solution. With TDE, though, we don't have to call anyone else: we deal with a single
vendor. From the point of view of the company, adopting a new solution means that we have to find extra human resources. However, TDE has enabled us to respond to Privacy Protection Act without increasing personnel as the DB manager is now able to handle encryption-related
work", said Kang Seongyun, Deputy Head.
With TDE as the enterprise DB encryption standard, LG Display was able to reap significant cost savings. In line with the version upgrade of the old SQL Server, the cost-saving effect became more practical because they carried out both version upgrades and
encryption, without having to spend extra for adopting a third-part solution. Such cost-saving benefit is expected to increase whenever there is a demand for encryption. For reference, SQL Server 2012 Enterprise Edition offers the in-built functionalities
required for compliance with Privacy Protection Act, including TDE, encryption key and authentication management, together with instance and data base audit.
Establish the standard for DB adoption
Meanwhile, LG Display has established a new DB evaluation standard. Through this project, LG Display was able to understand the status of all DB and figure out what to improve in terms other than security. LG Display plans to apply this new evaluation standard
when planning future DB upgrades or new systems development across its departments. “With this Privacy Protection Act compliance project, we established a management standard for small and medium-sized DB. From now on, we plan to encourage the use of SQL Server
for small DB, rather than Oracle, as SQL Server provides more benefits in terms of maintenance cost”, said Kang Seongyun, Deputy Head.
Microsoft Server Product Portfolio
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at
In Canada, call the Microsoft Canada Information Centre at
Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at
Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about LG Display’s products and services, visit the website at:
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.