XYGATE Data Protection

November 17, 2015

Optimizing HPE SecureData on NonStopPrashanth Kamath U – Sr. Product Manager, HPEAndrew Price – VP Technology, XYPRO

Agenda

– Encryption/tokenization - why?

– HPE SecureData on NonStop

– XYGATE Data Protection

– Product Ordering and availability

2

Security breaches are still making news

– Experian breach exposes 15 millionT-Mobile customer data(October 2015)

– 4.6 million Scottrade accounts breached

(October 2015)

- 100 banks hit by $1 Billion cyber attack

(February 2015)

XYPRO Technology – All Rights Reserved

Security breaches are still making news

– 80 million member records stolen from Anthem BlueCross Blue Shield (February 2015)

– U.S government breached – data for 21.5 million employees stolen (July 2015)

– 30 million customers’ account info stolen from Ashley Madison (August 2015)

XYPRO Technology – All Rights Reserved

Traditional “Solutions” to Data Encryption

– Protecting data at rest is easy, isn’t it? Why are we still seeing these breaches?

– Two problems– Traditional infrastructure solutions do not protect the data consistently throughout the enterprise

– Implementing traditional encryption solutions is hard!

XYPRO has been partnering with Voltage and now HPE Security for over three years to address these issues

Major Security Breaches Continue To Occur...

Major Security Breaches Continue To Occur...

WHY?Impossible to protect against every vulnerability – IT infrastructures will continue to be breached

Impossible to keep all data behind a firewall – there is no longer the concept of a “perimeter”

The data must be pervasively protected

Why has this not happened to date?

Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…?

7412 3456 7890 0000

8juYE%Uks&dDFa2345^WFLERG

AE

S

Problems with Traditional Data Protection

Need to change data structures and applications

Fully encrypted data is unusable until decrypted

Key management can be a nightmare

Requires multiple, piecemeal solutions, which create multiple security gaps

Policy controlled, dynamically generated Keys

Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…?

versus

7412 3423 3526 0000

7412 3456 7890 0000F

PE

7412 3456 7890 0000

8juYE%Uks&dDFa2345^WFLERG

AE

S

Advantages of HPE SecureData Data Protection

Minimal change to data structures and applications

Protected data behaves correctly in applications and analytics

Preserve format, structure and behavior

versus

Name SS# Salary Address Enroll Date

Kwfdv Cqvzgk 161-82-1292 1000002890 Ykzbpoi Clpppn, CA 10/17/2005

Key Database

versus

Simplified operations via Stateless Key Management

End-to-end Security within a consistentData Protection Framework

HPE SecureData protects data end to end

10

Traditional IT Infrastructure Security

Disk encryption

Database encryption

SSL/TLS/firewalls

AuthenticationManagement

Threats toData

Malware,Insiders

SQL injection,Malware

TrafficInterceptors

Malware,Insiders

CredentialCompromise

Security Gaps

HPE SecureData Data-centric Security

SSL/TLS/firewalls

Dat

a se

curi

ty c

ove

rag

e

En

d-t

o-e

nd

Pro

tect

ion

Middleware/Network

Storage

Databases

File Systems

Data & Applications

DataEcosystem

Security gap

Security gap

Security gap

Security gap

HPE Data Security – SecureData on NonStop

• Simple API – Native to HPE NonStop• OSS environment• Structured (FPE) and unstructured (“IBSE”) encryption• Unstructured data APIs

• Host SDK – Native to HPE NonStop• FPE and SST native capability• NonStop and OSS environment support • NonStop code 800 (TNS/E) and code 500 (TNS/X) objects• Also supports HPE Payments Transaction Decrypt • Integration with – C, TAL, COBOL, ASM etc.

• Both Simple API and Host SDK use HPE SecureData Key Server• Secure SSL/TLS for key and policy fetch• Stateless, resilient, proven.• Smart caching so APIs can operate offline • In turn connects to AD, LDAP if required for external authentication

• HPE SecureData Web Services API can be called over SOAP using SOAP Stack (e.g. OSS gSOAP)

11

SD

XDP - powered by HPE SecureData

Format Preserving Encryption and Secure Stateless Tokenization, Optimized for Mission Critical HPE NonStop Environments

XYGATE® Data ProtectionData-Centric Security XDP

HPE NonStop Environment

Unique Data Protection Requirements

– Protect extremely sensitive data and mission-critical applications

– Support older legacy applications and newer (often ported) applications

– Support a wide variety of data types including paymentsand other PII (e.g., SSN, DoB)

– Support NonStop’s OS personalities and executable types

– Conform to NonStop fault tolerance fundamentals

– Be highly performant

– Be secure and integrate with NonStop’s unique security framework

XYPRO Technology – All Rights Reserved

Optimizes HPE SecureData for NonStop environments

– Enables implementation with no application changes on NonStop

– Adds support for nowaited/non-blocking encryption/tokenization

– Increases support for NonStop’s OS personalities and executable types

– Adds multiple language support: C, TAL, COBOL and Java

– Adds distributed architecture for fault-tolerance, parallelism and scalability

– Adds built-in access control and auditing, as with all XYGATE products

– Adds packaged functionality to support either linking directly to the application or offloading encryption tasks to a dedicated server class process (note: TNS applications can only do the latter)

XYGATE Data Protection (XDP):

Can be implemented in two ways

– As an intercept library requiring absolutely no changes to the application– As an SDK that requires a small amount of programming in the customer’s preferred programing

language – provides access to both SimpleAPI and HostSDK

XDP: Implementation Options

XYGATE Data Protection (XDP) High-level Architecture

Intercept Library option:

– No application changes required

– Overlays system’s I/O procedures with additional functionality to encrypt/tokenize on the fly

– Application sees clear data and is unaware that XDP is being used

– Allows integration with other platforms via HPE SecureData enterprise support

– All sensitive data is protected in the database

– XDP configuration files control behavior (such as which files or fields to access and protect)

16

Enscribe/OSS/SQL/MP

XYGATE Data Protection (XDP) High-level Architecture

SDK option:– Lightweight API that can embed directly

into NonStop application

– Enables multi-threaded apps to have non-blocking access to Voltage encryption/tokenization

– Minimal code changes

– All sensitive data is protected in the database

– XDP configuration files control behavior (such as which files or fields to access and protect)

– Comprehensive data-centric security approach

XYPRO Technology – All Rights Reserved

– HPE SecureData– Industry-leading tokenization and encryption

solutions

– Format-preserving

– Standards-based

– Multi-platform support

– Runs natively on NonStop and z/OS

– Support for wide variety of data types

– Stateless key management

– Flexible

HPE SecureData/XDP Summary

– XYGATE Data Protection– Optimizes HPE SecureData for HPE NonStop

environments

– Simplifies HPE SecureData implementation

– Enhances HPE SecureData functionality

– Integrates HPE SecureData with NonStop security framework

– Enhances HPE SecureData fault tolerance and parallelism and scalability

– Provides NonStop database-specific tools for HPE SecureData

Product Availability

– SecureData and XYGATE Data Protection are orderable today

– EAP product available now through XYPRO and/or HPE

– Target GA ship ready date:– SecureData: 15 Jan 2016

– XDP: 15 Jan 2016

19

20

Thank you!

XYPRO Technology – All Rights Reserved

XYGATE® Data ProtectionData-Centric Security XDP

No database or application changes

Enscribe, SQL/MP and SQL/MX support

Multiple data type support

Trueenterprise scalability

Quick Implementation

"Neutralize the Breach"

Format-Preserving Encryption (FPE)

Secure-Stateless-Tokenization (SST)&

HPE SecureData and XDP