Download presentation
1
XYGATE Data Protection
Optimizing HPE SecureData on NonStop Ken Scudder Sr. Director, Business Development, XYPRO January 2016
2
Agenda Introduction Encryption/tokenization - why?
HPE SecureData on NonStop XYGATE Data Protection Product Ordering and availability
3
HPE and XYPRO partnership
XYPRO - providing solutions on NonStop since 1983 Offers comprehensive suite of security and compliance solutions on NonStop Authentication and access control Audits Compliance monitoring Data Security 2013 AllianceOne partner of the year in the security category XYPRO Technology – All Rights Reserved
4
A framework for NonStop security
While not applicable to all companies, PCI is useful for considering a framework for NonStop security
5
Securing the NonStop XYGATE Access Control (XAC)
XYGATE Data Protection (XDP) XYGATE User Authentication (XUA) XYGATE Merged Audit (XMA) XYGATE Compliance PRO (XSW)
6
XYPRO solutions in HPE price-book
Authentication and access control Monitoring and auditing Data Security XYGATE User Authentication* XYGATE Access Control XYGATE Compliance PRO XYGATE Merged Audit* BASE24 plug-in BASE24-eps plug-in AJB RTS plug-in HLR plug-in XYGATE Data Protection New * Included in the OS Security bundle (J-Series) or the OS (L-Series) XYPRO Technology – All Rights Reserved
7
Security breaches are still making news
Experian breach exposes 15 million T-Mobile customer data (October 2015) 4.6 million Scottrade accounts breached (October 2015) 100 banks hit by $1 Billion cyber attack (February 2015) XYPRO Technology – All Rights Reserved
8
Security breaches are still making news
80 million member records stolen from Anthem BlueCross Blue Shield (February 2015) U.S government breached – data for million employees stolen (July 2015) 30 million customers’ account info stolen from Ashley Madison (August 2015) XYPRO Technology – All Rights Reserved
9
Traditional “Solutions” to Data Encryption
Protecting data at rest is easy, isn’t it? Why are we still seeing these breaches? Two problems Traditional infrastructure solutions do not protect the data consistently throughout the enterprise Implementing traditional encryption solutions is hard! XYPRO has been partnering with Voltage and now HPE Security for over three years to address these issues
10
Major Security Breaches Continue To Occur...
WHY? Impossible to protect against every vulnerability – IT infrastructures will continue to be breached Impossible to keep all data behind a firewall – there is no longer the concept of a “perimeter” The data must be pervasively protected Why has this not happened to date?
11
Problems with Traditional Data Protection
Need to change data structures and applications 8juYE%Uks&dDFa2345^WFLERG AES Fully encrypted data is unusable until decrypted Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a… ? Key management can be a nightmare Requires multiple, piecemeal solutions, which create multiple security gaps
12
Advantages of HPE SecureData Data Protection
Minimal change to data structures and applications 8juYE%Uks&dDFa2345^WFLERG AES FPE Protected data behaves correctly in applications and analytics versus Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a… ? Simplified operations via Stateless Key Management versus Name SS# Salary Address Enroll Date Kwfdv Cqvzgk 100000 2890 Ykzbpoi Clpppn, CA 10/17/2005 Key Database Policy controlled, dynamically generated Keys End-to-end Security within a consistent Data Protection Framework Preserve format, structure and behavior versus
13
HPE SecureData protects data end to end
Threats to Data Traditional IT Infrastructure Security Data Ecosystem Security Gaps HPE SecureData Data-centric Security Data & Applications Credential Compromise Authentication Management Middleware/Network Security gap If you look at the whole IT infrastructure supporting the e-commerce ecosystem, you see multiple points of origin, transport, consumption and storage of data. You have the client devices where the data originates, the applications which process them, the network and middleware where it traverses, the databases, file systems, and storage. In all these places the data is vulnerable to compromise through several means. For example, you protect application access through a authentication, your protect data in transit through encryption using TLS, you encrypt the database and the secondary storage, you protect file systems through encryption and malware scanners. So, you end up applying different means to protect your data and as it transitions from one to another, you data again becomes vulnerable due to multiple security gaps. What’s more, the costs of passing audit and maintaining compliance are becoming more unpredictable – especially in an environment of increasing regulations, outsourcing, Big Data and cloud computing. There is a strong desire to reduce audit scope wherever possible to contain cost. By tokenizing payment card data, the scope of the PCI audit and cardholder data environment is limited because the storage of payment cards is being substituted by tokens. The footprint for attacks shrinks accordingly because token data is useless if stolen. Tokenization has emerged as a powerful technique for removing live data from systems while achieving PCI scope reduction. It is the only comprehensive data protection platform that secures data as it is captured, processed, and stored across a variety of devices, operating systems, databases, mission-critical systems, and applications used by enterprises, merchants, and service providers. HP SecureData Enterprise includes market-leading HP Format-Preserving Encryption (FPE), HP Secure Stateless Tokenization (SST) technology, HP Stateless Key Management, and data masking to address the entire lifecycle of sensitive data as it moves through the enterprise and beyond. It also extends data protection beyond organizational borders, enabling protection of data shared with partners, suppliers, and outsourcers. HP SecureData Enterprise solves the issue of advanced threats attacking data as it is stored, processed and moved across different systems end-to-end, without the need to expose live data in the gaps between or across systems. Traffic Interceptors SSL/TLS/firewalls Security gap SQL injection, Malware Databases Database encryption Data security coverage End-to-end Protection Security gap Malware, Insiders SSL/TLS/firewalls File Systems Security gap Malware, Insiders Disk encryption Storage
14
HPE Data Security – SecureData on NonStop
Simple API – Native to HPE NonStop OSS environment Structured (FPE) and unstructured (“IBSE”) encryption Unstructured data APIs Host SDK – Native to HPE NonStop FPE and SST native capability NonStop and OSS environment support NonStop code 800 (TNS/E) and code 500 (TNS/X) objects Also supports HPE Payments Transaction Decrypt Integration with – C, TAL, COBOL, ASM etc. Both Simple API and Host SDK use HPE SecureData Key Server Secure SSL/TLS for key and policy fetch Stateless, resilient, proven. Smart caching so APIs can operate offline In turn connects to AD, LDAP if required for external authentication HPE SecureData Web Services API can be called over SOAP using SOAP Stack (e.g. OSS gSOAP) SD
15
XDP - powered by HPE SecureData
Format Preserving Encryption and Secure Stateless Tokenization, Optimized for Mission Critical HPE NonStop Environments
16
HPE NonStop Environment
Unique Data Protection Requirements Protect extremely sensitive data and mission-critical applications Support older legacy applications and newer (often ported) applications Support a wide variety of data types including payments and other PII (e.g., SSN, DoB) Support NonStop’s OS personalities and executable types Conform to NonStop fault tolerance fundamentals Be highly performant Be secure and integrate with NonStop’s unique security framework XYPRO Technology – All Rights Reserved
17
XYGATE Data Protection (XDP):
Optimizes HPE SecureData for NonStop environments Enables implementation with no application changes on NonStop Adds support for nowaited/non-blocking encryption/tokenization Increases support for NonStop’s OS personalities and executable types Adds multiple language support: C, TAL, COBOL and Java Adds distributed architecture for fault-tolerance, parallelism and scalability Adds built-in access control and auditing, as with all XYGATE products Adds packaged functionality to support either linking directly to the application or offloading encryption tasks to a dedicated server class process (note: TNS applications can only do the latter) Standards-based: all cryptography is standards based (AES) and publicly validated Industry-proven: used by large payment processors, financial institutions, retailers, and telcos Multi-platform support: HP NonStop, z/OS, Solaris, Windows, Linux, Stratus, AIX, etc. Support for wide variety of data types: payments, other PII (e.g., SSN, DoB) Stateless key management: no keys to store, manage or distribute/replicate Flexible: full/partial encryption, masked, and tokenized data from the same interface Runs natively on NonStop: tokenization and encryption happen natively on NonStop
18
XDP: Implementation Options
Can be implemented in two ways As an intercept library requiring absolutely no changes to the application As an SDK that requires a small amount of programming in the customer’s preferred programing language – provides access to both SimpleAPI and HostSDK
19
XYGATE Data Protection (XDP) High-level Architecture
Intercept Library option: No application changes required Overlays system’s I/O procedures with additional functionality to encrypt/tokenize on the fly Application sees clear data and is unaware that XDP is being used Allows integration with other platforms via HPE SecureData enterprise support All sensitive data is protected in the database XDP configuration files control behavior (such as which files or fields to access and protect) Enscribe/ OSS/ SQL/MP
20
XYGATE Data Protection (XDP) High-level Architecture
SDK option: Lightweight API that can embed directly into NonStop application Enables multi-threaded apps to have non- blocking access to Voltage encryption/tokenization Minimal code changes All sensitive data is protected in the database XDP configuration files control behavior (such as which files or fields to access and protect) Comprehensive data-centric security approach Alternative to I/O blocking that occurs for encryption/tokenization with the intercept technology XYPRO Technology – All Rights Reserved
21
HPE SecureData/XDP Summary
Industry-leading tokenization and encryption solutions Format-preserving Standards-based Multi-platform support Runs natively on NonStop and z/OS Support for wide variety of data types Stateless key management Flexible XYGATE Data Protection Optimizes HPE SecureData for HPE NonStop environments Simplifies HPE SecureData implementation Enhances HPE SecureData functionality Integrates HPE SecureData with NonStop security framework Enhances HPE SecureData fault tolerance and parallelism and scalability Provides NonStop database-specific tools for HPE SecureData
22
Product Availability SecureData and XYGATE Data Protection are orderable today EAP product available now through XYPRO and/or HPE Target GA ship ready date: SecureData: 15 Jan 2016 XDP: 15 Jan 2016
23
XYPRO Technology – All Rights Reserved
Thank you! HPE SecureData and XDP Format-Preserving Encryption (FPE) Secure-Stateless-Tokenization (SST) & XYPRO Technology – All Rights Reserved
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.