XYGATE Data Protection November 17, 2015 Optimizing HPE SecureData on NonStop Prashanth Kamath U –...
-
Upload
chastity-clark -
Category
Documents
-
view
219 -
download
4
Transcript of XYGATE Data Protection November 17, 2015 Optimizing HPE SecureData on NonStop Prashanth Kamath U –...
XYGATE Data Protection
November 17, 2015
Optimizing HPE SecureData on NonStopPrashanth Kamath U – Sr. Product Manager, HPEAndrew Price – VP Technology, XYPRO
Agenda
– Encryption/tokenization - why?
– HPE SecureData on NonStop
– XYGATE Data Protection
– Product Ordering and availability
2
Security breaches are still making news
– Experian breach exposes 15 millionT-Mobile customer data(October 2015)
– 4.6 million Scottrade accounts breached
(October 2015)
- 100 banks hit by $1 Billion cyber attack
(February 2015)
XYPRO Technology – All Rights Reserved
Security breaches are still making news
– 80 million member records stolen from Anthem BlueCross Blue Shield (February 2015)
– U.S government breached – data for 21.5 million employees stolen (July 2015)
– 30 million customers’ account info stolen from Ashley Madison (August 2015)
XYPRO Technology – All Rights Reserved
Traditional “Solutions” to Data Encryption
– Protecting data at rest is easy, isn’t it? Why are we still seeing these breaches?
– Two problems– Traditional infrastructure solutions do not protect the data consistently throughout the enterprise
– Implementing traditional encryption solutions is hard!
XYPRO has been partnering with Voltage and now HPE Security for over three years to address these issues
Major Security Breaches Continue To Occur...
Major Security Breaches Continue To Occur...
WHY?Impossible to protect against every vulnerability – IT infrastructures will continue to be breached
Impossible to keep all data behind a firewall – there is no longer the concept of a “perimeter”
The data must be pervasively protected
Why has this not happened to date?
Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…?
7412 3456 7890 0000
8juYE%Uks&dDFa2345^WFLERG
AE
S
Problems with Traditional Data Protection
Need to change data structures and applications
Fully encrypted data is unusable until decrypted
Key management can be a nightmare
Requires multiple, piecemeal solutions, which create multiple security gaps
Policy controlled, dynamically generated Keys
Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…?
versus
7412 3423 3526 0000
7412 3456 7890 0000F
PE
7412 3456 7890 0000
8juYE%Uks&dDFa2345^WFLERG
AE
S
Advantages of HPE SecureData Data Protection
Minimal change to data structures and applications
Protected data behaves correctly in applications and analytics
Preserve format, structure and behavior
versus
Name SS# Salary Address Enroll Date
Kwfdv Cqvzgk 161-82-1292 1000002890 Ykzbpoi Clpppn, CA 10/17/2005
Key Database
versus
Simplified operations via Stateless Key Management
End-to-end Security within a consistentData Protection Framework
HPE SecureData protects data end to end
10
Traditional IT Infrastructure Security
Disk encryption
Database encryption
SSL/TLS/firewalls
AuthenticationManagement
Threats toData
Malware,Insiders
SQL injection,Malware
TrafficInterceptors
Malware,Insiders
CredentialCompromise
Security Gaps
HPE SecureData Data-centric Security
SSL/TLS/firewalls
Dat
a se
curi
ty c
ove
rag
e
En
d-t
o-e
nd
Pro
tect
ion
Middleware/Network
Storage
Databases
File Systems
Data & Applications
DataEcosystem
Security gap
Security gap
Security gap
Security gap
HPE Data Security – SecureData on NonStop
• Simple API – Native to HPE NonStop• OSS environment• Structured (FPE) and unstructured (“IBSE”) encryption• Unstructured data APIs
• Host SDK – Native to HPE NonStop• FPE and SST native capability• NonStop and OSS environment support • NonStop code 800 (TNS/E) and code 500 (TNS/X) objects• Also supports HPE Payments Transaction Decrypt • Integration with – C, TAL, COBOL, ASM etc.
• Both Simple API and Host SDK use HPE SecureData Key Server• Secure SSL/TLS for key and policy fetch• Stateless, resilient, proven.• Smart caching so APIs can operate offline • In turn connects to AD, LDAP if required for external authentication
• HPE SecureData Web Services API can be called over SOAP using SOAP Stack (e.g. OSS gSOAP)
11
SD
XDP - powered by HPE SecureData
Format Preserving Encryption and Secure Stateless Tokenization, Optimized for Mission Critical HPE NonStop Environments
XYGATE® Data ProtectionData-Centric Security XDP
HPE NonStop Environment
Unique Data Protection Requirements
– Protect extremely sensitive data and mission-critical applications
– Support older legacy applications and newer (often ported) applications
– Support a wide variety of data types including paymentsand other PII (e.g., SSN, DoB)
– Support NonStop’s OS personalities and executable types
– Conform to NonStop fault tolerance fundamentals
– Be highly performant
– Be secure and integrate with NonStop’s unique security framework
XYPRO Technology – All Rights Reserved
Optimizes HPE SecureData for NonStop environments
– Enables implementation with no application changes on NonStop
– Adds support for nowaited/non-blocking encryption/tokenization
– Increases support for NonStop’s OS personalities and executable types
– Adds multiple language support: C, TAL, COBOL and Java
– Adds distributed architecture for fault-tolerance, parallelism and scalability
– Adds built-in access control and auditing, as with all XYGATE products
– Adds packaged functionality to support either linking directly to the application or offloading encryption tasks to a dedicated server class process (note: TNS applications can only do the latter)
XYGATE Data Protection (XDP):
Can be implemented in two ways
– As an intercept library requiring absolutely no changes to the application– As an SDK that requires a small amount of programming in the customer’s preferred programing
language – provides access to both SimpleAPI and HostSDK
XDP: Implementation Options
XYGATE Data Protection (XDP) High-level Architecture
Intercept Library option:
– No application changes required
– Overlays system’s I/O procedures with additional functionality to encrypt/tokenize on the fly
– Application sees clear data and is unaware that XDP is being used
– Allows integration with other platforms via HPE SecureData enterprise support
– All sensitive data is protected in the database
– XDP configuration files control behavior (such as which files or fields to access and protect)
16
Enscribe/OSS/SQL/MP
XYGATE Data Protection (XDP) High-level Architecture
SDK option:– Lightweight API that can embed directly
into NonStop application
– Enables multi-threaded apps to have non-blocking access to Voltage encryption/tokenization
– Minimal code changes
– All sensitive data is protected in the database
– XDP configuration files control behavior (such as which files or fields to access and protect)
– Comprehensive data-centric security approach
XYPRO Technology – All Rights Reserved
– HPE SecureData– Industry-leading tokenization and encryption
solutions
– Format-preserving
– Standards-based
– Multi-platform support
– Runs natively on NonStop and z/OS
– Support for wide variety of data types
– Stateless key management
– Flexible
HPE SecureData/XDP Summary
– XYGATE Data Protection– Optimizes HPE SecureData for HPE NonStop
environments
– Simplifies HPE SecureData implementation
– Enhances HPE SecureData functionality
– Integrates HPE SecureData with NonStop security framework
– Enhances HPE SecureData fault tolerance and parallelism and scalability
– Provides NonStop database-specific tools for HPE SecureData
Product Availability
– SecureData and XYGATE Data Protection are orderable today
– EAP product available now through XYPRO and/or HPE
– Target GA ship ready date:– SecureData: 15 Jan 2016
– XDP: 15 Jan 2016
19
20
Thank you!
XYPRO Technology – All Rights Reserved
XYGATE® Data ProtectionData-Centric Security XDP
No database or application changes
Enscribe, SQL/MP and SQL/MX support
Multiple data type support
Trueenterprise scalability
Quick Implementation
"Neutralize the Breach"
Format-Preserving Encryption (FPE)
Secure-Stateless-Tokenization (SST)&
HPE SecureData and XDP