Presentation is loading. Please wait.

Presentation is loading. Please wait.

XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}

Published byVivian Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}"— Presentation transcript:

1 XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}

2 Agenda Introduction to XYPRO Introduction to HP Voltage Data-centric Security Data Protection for the HP NonStop Unique Requirements HP Voltage SecureData Optimization with XYPRO XDP XDP Deployment Options Summary 2 XYPRO Technology – All Rights Reserved

3 About XYPRO Specialists in mission-critical security and compliance Founded in 1983 – over 30 years working with the HP NonStop community XYGATE Merged Audit (XMA) and XYGATE User Authentication (XUA) bundled with NonStop OS We wrote the books on HP NonStop security Partnered with Voltage Security to bring industry-leading tokenization and encryption to HP NonStop community 3 XYPRO Technology – All Rights Reserved

4 XYPRO Solutions Partnership with 4 XYPRO Technology – All Rights Reserved

5 The Effects of Data breaches Shocking Numbers:- 2013 47,000+ Incidents investigated 2014 63,000+ incident investigated 1,367 confirmed data breaches 2015 79,790 Security Incidents last year 2,122 confirmed data breaches 700 Million compromised records Estimated losses of $400 Million

6 2,122 Confirmed Data Breaches in 2014 The forecasted average loss for a breach of 1,000 records is between $52,000.00 and $87,000.00 The Effects of Data breaches

7 Major Security Breaches Continue To Occur... WHY?

8 Multiple Solutions with Multiple Security Gaps Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Data Ecosystem Data Security Coverage Security Gaps

9 Policy controlled, dynamically generated Keys Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a… ? versus 7412 3423 3526 0000 7412 3456 7890 0000 FPE 7412 3456 7890 0000 8juYE%Uks&dDFa2345^WFLERG AES Advantages of HP Security Voltage Data Protection Minimal change to data structures and applications Protected data behaves correctly in applications and analytics Preserve format, structure and behavior versus NameSS#SalaryAddressEnroll Date Kwfdv Cqvzgk161-82-1292100000 2890 Ykzbpoi Clpppn, CA10/17/2005 Key Database versus Simplified operations via Stateless Key Management End-to-end Security within a consistent Data Protection Framework

10 HP Security Voltage Provides This Protection Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromis e Data Ecosystem Data Security Coverage Security Gaps HP Security Voltage Data-centric Security End-to-end Data Protection

11 NonStop Environment: Unique Data Protection Requirements Protect extremely sensitive data and mission-critical applications Support older legacy applications and newer (often ported) applications Support a wide variety of data types including payments and other PII (e.g., SSN, DoB) Support NonStop’s OS personalities and executable types Conform to NonStop fault tolerance fundamentals Be highly performant Be secure and integrate with NonStop’s unique security framework XYPRO Technology – All Rights Reserved

12 XDP - powered by HP Security Voltage Format Preserving Encryption and Secure Stateless Tokenization Optimized for Mission Critical NonStop Environments

13 XYPRO & HP Security Voltage Collaborative design to create the ideal solution XYPRO worked with Voltage side by side to design XDP Open collaboration created the ideal solution for Tokenization “SST” and Format Preserving Encryption “FPE” in the NonStop™ environment. Our partnership allows seamless implementation XDP is part of the XYGATE family and can be integrated with all the XYGATE products to help you meet compliance requirements. Products XDP works with XMA XAC …

14 XYGATE Data Protection (XDP) Optimizes Voltage SecureData for NonStop environments Simplifies Voltage implementation Enhances Voltage functionality Integrates Voltage to NonStop security framework Enhances Voltage fault-tolerance, parallelism and scalability Provides NonStop database-specific tools for Voltage Can be implemented in two ways As an intercept library, requiring absolutely no changes to the application As an SDK that requires a small amount of programming in the customer’s preferred programing language XYPRO Technology – All Rights Reserved

15 XYGATE Data Protection (XDP) Optimize Voltage SecureData for NonStop environments Simplifies Voltage implementation Enables implementation with no application changes on NonStop (Intercept Library option) Provides a unified interface that works with both Voltage APIs to protect both PAN and non-PAN data XYPRO Technology – All Rights Reserved

16 XYGATE Data Protection (XDP) Optimize Voltage SecureData for NonStop environments Enhances Voltage functionality Adds support for nowaited/non-blocking encryption/tokenization (SDK option) Increases support for NonStop’s OS personalities and executable types (i.e., both code 800 and code 100 apps) Adds multiple language support: Java, C, TAL and COBOL XYPRO Technology – All Rights Reserved

17 XYGATE Data Protection (XDP) Optimize Voltage SecureData for NonStop environments Integrates Voltage to NonStop security framework Adds built-in access control, providing fine-grained control over which applications and users can access XDP and Voltage functionality Includes comprehensive auditing, as with all XYGATE products Integrates with XYGATE Merged Audit, which is now part of all NonStop Servers XYPRO Technology – All Rights Reserved

18 XYGATE Data Protection (XDP) Optimize Voltage SecureData for NonStop environments Enhances Voltage fault-tolerance, parallelism and scalability Utilizes Pathway to provide distributed architecture for fault-tolerance, parallelism and scalability Adds packaged functionality to support either linking directly to the application or offloading encryption tasks to a dedicated Pathway serverclass (note: TNS applications can only do the latter) XYPRO Technology – All Rights Reserved

19 XYGATE Data Protection (XDP) Optimize Voltage SecureData for NonStop environments Provides NonStop database-specific tools for Voltage Enables implementation with no application changes on NonStop (Intercept Library option) Adds tool for bulk encryption of ENSCRIBE and SQL/MP files (SQL/MX support is planned) XYPRO Technology – All Rights Reserved

20 Traditional Encryption and Payment Processing 20 PAN:7412 3456 7890 0000 8juYE%UkFa2345^WFLE PAN:XXXX XXXX XXXX 0000 8juYE%UkFa2345^WFLE Live Data Capture – Credit Card Primary Account Number (PAN) Traditional Encryption Requires Database Schema and Application Re-engineering Traditional Key Management adds complexity and cost Requires Decryption of whole encrypted PAN, even if we only need last 4 digits Encrypte d Data Clear Data Payment Authorization Settlement Processes Customer Service Application Logs, Reports & Backups Clear Data Encrypte d Data

21 Data Protection Technologies Format-Preserving Encryption (FPE) Secure Stateless Tokenization (SST) Page-Integrated Encryption (PIE) Protects structured data while maintaining functional and analytic integrity of the data High-performance tokenization without database management headaches Extends end-to-end protection to browser, through and beyond the SSL tunnel Minimizes implementation time while maximizing data value First Name: Gunther Last Name: Robertson PAN: 4564 1234 1234 1234 DOB: 20-07-1966 SSN: 934-72-2356 First Name: Uywjlqo Last Name: Muwruwwbp PAN: 4564 1279 6945 1234 DOB: 18-06-1972 SSN: 298-24-2356 Ija&3k24kQotugDF2390^32 0OWioNu2(*872weWaasIUahjw2%q uiFI ogjsH&a$%2lQpw*#m WUYBw3 Oiuqwriuweuwr%oIUOw1@ Live Data Traditional Encryption Voltage FPE/SST (C) 2014 Voltage Security, Inc. All Rights Reserved 21 XYPRO Technology – All Rights Reserved

22 Data-centric Security and Payment Processing 22 Payment Authorization Settlement Processes 7412 8752 8346 0000 Customer Service Application Logs, Reports & Backups 7412 8752 8346 0000 Live Data Encrypted in Secure Reader end-to- end to Payment Authorization Host SST Tokenized PAN Data used throughout. No Live Data in internal processes or systems Last 4 Digits already available without change Tokenize dData Decrypt & Tokenize Tokenize dData 7412 8752 8346 0000 Tokenized Data PAN: 7412 8724 9002 0000 Tokenize dData

23 XYGATE Data Protection (XDP) Multiple Options for Implementations As an intercept library, requiring absolutely no changes to the application As an SDK that requires a small amount of programming in the customer’s preferred programing language XYPRO Technology – All Rights Reserved

24 XDP Intercept Library No application changes required XDP intercept library functions by overlaying the system’s I/O procedures with additional functionality to encrypt/tokenize on the fly All sensitive data is protected in the database Application sees clear data and is unaware that an intercept library is being used XDP configuration files control behavior (such as which files or fields to access and protect) XYPRO Technology – All Rights Reserved Upstrea m Apps NonStop Applications (e.g., BASE24) XD P XM A Pathway XDP / Voltage Servers HP NonStop SIEM (e.g., HP ArcSight) Key Management Servers Z/ OS Linux Unix Windows Hadoop Etc. Other Systems one time Audit Data Tokenize d/Encrypt ed Data Tokenized /Encrypted Data NonStop Databases Clear Data

25 XDP SDK Lightweight programmatic interface that can embed directly into NonStop application Enables multi-threaded NonStop applications to have non-blocking access to Voltage encryption/tokenization engine Supports multiple programming languages Minimal code changes XYPRO Technology – All Rights Reserved Upstrea m Apps NonStop Applications (e.g., BASE24) XDP SDK XM A Pathway XDP / Voltage Servers HP NonStop SIEM (e.g., HP ArcSight) Key Management Servers Z/ OS Linux Unix Windows Hadoop Etc. Other Systems one time Audit Data Clear Data Tokenized /Encrypted Data NonStop Databases Tokenize d/Encrypt ed Data

26 A Large Latin American Payments Switch Tokenize PAN data stored in Sun-Solaris No Data-structure Changes Quick launch (installing & implementing) Next stage tokenize PAN data in BASE24 (Legacy Payments Application) Data-centric Security – Case studies XYPRO Technology – All Rights Reserved 26

27 A Top 10 Financial Institution PCI scope reduction for HP Nonstop and IBM mainframe Mission-critical core transaction and card issuer systems Voltage tokenization natively on core processing platforms Streamlined PCI compliance, reduced risk of internal and external access Minimal business impact including to complex z/OS Hogan applications Data-centric Security – Case studies XYPRO Technology – All Rights Reserved 27 “Tokenization impact on average auth response time is miniscule”, HP NonStop POS Team member

28 A Large Health Retailer PII scope reduction for HP Nonstop and IBM mainframe Mission-critical medical patient and prescription systems Voltage tokenization natively on core platforms Streamlined PII protection, reduced risk of internal and external access Minimal business impact including to complex z/OS applications Data-centric Security – Case studies XYPRO Technology – All Rights Reserved 28

29 XYPRO/Voltage Advantages Industry-leading Voltage Security tokenization and encryption Standards-based Industry-proven Multi-platform support Runs natively on NonStop XDP optimization of Voltage for NonStop environments No application changes required on NonStop Support for nowaited/non-blocking encryption/tokenization Support for NonStop’s OS personalities and executable types Multiple language support: C, TAL and COBOL Distributed architecture provides fault-tolerance, parallelism and scalability Built-in access control and auditing, as with all XYGATE products XYPRO Technology – All Rights Reserved Support for wide variety of data types Stateless key management Flexible

30 30 XYPRO Technology – All Rights Reserved Format-Preserving Encryption (FPE) Secure-Stateless-Tokenization (SST) & Thank you!

Download ppt "XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}"

Similar presentations

Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
XProtect® Expert 2013 Product presentation

XProtect® Expert 2013 Product presentation
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Introduction to z/OS Basics © 2006 IBM Corporation Chapter 8: Designing and developing applications for z/OS.

Introduction to z/OS Basics © 2006 IBM Corporation Chapter 8: Designing and developing applications for z/OS.
Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.

Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.

WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Lecture The Client/Server Database Environment

Lecture The Client/Server Database Environment
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
The Client/Server Database Environment

The Client/Server Database Environment
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Introduction to the new mainframe © Copyright IBM Corp., 2005. All rights reserved. Chapter 7: Designing and developing applications for z/OS.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 7: Designing and developing applications for z/OS.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.

By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
Microsoft Visual SourceSafe Very popular Mainly used by Windows developers Cornerstone of many development teams Provides essential version control functions.

Microsoft Visual SourceSafe Very popular Mainly used by Windows developers Cornerstone of many development teams Provides essential version control functions.
What is Workflow?  Workflow or Business Process Management (BPM) consists of Processes, States and Actions.  A Process (e.g. Customer Order fulfillment)

What is Workflow?  Workflow or Business Process Management (BPM) consists of Processes, States and Actions.  A Process (e.g. Customer Order fulfillment)

Similar presentations

Ads by Google