Protegrity Data Security Platform

Transcription

1

2 Protegrity Data Security Platform The Protegrity Data Security Platform design is based on a hub and spoke deployment architecture. The Enterprise Security Administrator (ESA) enables the authorized Security Officer to determine and set a unique enterprise wide Data Security Policy, and is the management tool (console) for the central control over policy, keys, and reporting. The Policy set in ESA is deployed to protection points distributed throughout the enterprise where data is acquired, used and stored and where the Policy is enforced by Protegrity Data Protectors. The complexity of business processes and the technologies that support these processes impose many challenges when applying data protection solutions. Delivering a broad interoperability with various databases, operating systems and platforms is essential for Protegrity Data Security Platform to successfully solve critical and complex enterprise data protection challenges. Protegrity s Data Security Platform evolution is a result of many years of experience in delivering data protection solutions to large enterprises. The Protegrity Data Security Platform provides many levels of flexibility including the following; Wide breadth of platform coverage; Extensive interoperability with a large variety of databases, operating systems and platforms. Flexibility in data protection approaches: The availability of different Data Protectors (Database Protector, Application Protector, and File Protector) that provide many options for enforcing the Data Security Policy in a complex enterprise environment. Flexibility in protection methods: Availability of a variety of protection methods for making data unreadable and/or accessible. The Protegrity Data Security Platform is the umbrella name for the complete Protegrity product. Its two major sub-systems; The Enterprise Security Administrator (ESA) and Data Protection System (DPS) are described below. Figure 1: Major Protegrity Data Security Platform components. Enterprise Security Administrator (ESA) Data Security Policy The foundation for protecting sensitive data in the enterprise is the unique Data Security Policy(s) each corporate and institutional customer determines based on its special needs and circumstances. The purpose of the Policy is to enable the Security Officer to determine and specify the following rules; What sensitive data shall be protected? Where in the enterprise shall the Policy be enforced, Who shall have access to the sensitive data, When (day/time)shall access to the sensitive data be available, How will the sensitive data shall be protected, and Audit record of who has touched what data when. Page 2

3 These rules consist of a set of protection attributes that are specified for each type or category of data element. An example of a data element is credit card number or social security number. These protection attributes are stored in a security catalog or database that is separate from the database where the data being protected is residing. The name given to the collection of rules stored in the catalog is the Data Security Policy. The method used to protect data in a database with the use of the security catalogue is protected by the U.S. Patent No. 6,321,201. Once the Policy is determined and set in ESA, the Policy will be deployed to the distributed data protection points within the enterprise for enforcement. Separation of Duties The term Separation of Duties refers to the separation or segregation of those who have control over the Policy (including granting access to sensitive data) from those who work with sensitive data and who may or may not need access to sensitive data. Security Officers control access to sensitive data by controlling the Protegrity Data Security Policy. Security Officers can prevent technologists such as DBAs, programmers, or system engineers from seeing the sensitive data in the clear. They also prevent the technologists from granting sensitive data access to others. This will not however, prevent DBA s, programmers and/or system engineers from performing their jobs of administering different aspects of the enterprise IT, data flows and data environments. Key Management The Protegrity Data Security Platform provides comprehensive Enterprise Key Management capabilities including all core key management functions (create, distribute, use, change, audit, archive, and dispose of symmetric cryptographic keys). Key Management is incorporated into the fabric of the Policy as a part of the data security plumbing and is incorporated in Policy creation and maintenance tasks performed by the Security Officer. This minimizes the number of key custodians needed and provides an easy to use model for managing keys. Reporting When data protection is doing its job, it will be unnoticed. Users having Policy based privileges to view sensitive data will have it available to them and those without access rights will be denied. Business processes will continue to run, and data will move from business process to business process across heterogeneous enterprise environments. Reporting is the tool used to verify that sensitive data is being protected. Reporting is necessary to enable Security Officers to sign-off the effectiveness of internal controls, and to enable compliance assessors to certify compliance with applicable legal and regulatory requirements such as PCI, PII and HIPAA. Properly functioning reporting has also a potential to reduce audit costs. Audit logs capture authorized and unauthorised attempts to access sensitive data at all protection points where data protection products are deployed. This level of granularity is critical to answering who touched what data when ; an important requirement for PCI and HIPAA. The level of protection is determined by the Security Officer, and in support of separation of duties, only the Security Officer can control the level of audit logs to be captured. The Protegrity reporting system also collects audit logs on all changes made to policies by Security Officers. Everyone, including the Security Officer must be made accountable. Page 3

4 Data Protection System (DPS) Data Protectors at Protection Points Providing a comprehensive enterprise solution strategy requires a collaborative set of data protection products (Data Protectors) that can be combined to protect sensitive data end to end; from the point of creation to the point of archive or purging. Protegrity s Data Security Platform and more specifically its Data Protection System (DPS) include the following data protection products; Database Protector, Application Protector, and File Protector. These products provide a diverse set of functions needed to protect sensitive data across the complex heterogeneous environments existing in the enterprise. These Data Protectors are used to enforce the enterprise Data Security Policy as set in by the Security Officer from ESA. Database Protector The Database Protector performs column level data protection in accordance with the protection rules define in the Data Security Policy set by the Security Officer in ESA. This product delivers transparency (little or no modifications) to applications that use the database being protected. The method used in database protection is protected by the U.S. Patent No. 6,321,201. Security Officers use the protection attributes to define the proper specific data protection method (making data unreadable) and to control what type of access to the sensitive data is given to the various groups of users. For example, DBA s will not be able to view sensitive data that has been encrypted in clear text, but they will be able to continue to perform their duties administering and optimizing the database. File Protector As files move through the enterprise, they are typically dropped into folders by one process and are picked up from the folder by another process without human intervention. Protegrity s File Protector employs a highly transparent approach to protecting files that are used throughout the enterprise data flow. Use of File Protector is transparent in two primary aspects; The process of dropping the files into the protected folder does not have to change. The process that picks up the protected file from the folder will be given or delegated the credentials needed to gain access to the protected files. This is done without having to change the process. System engineers who are responsible for maintaining and administering enterprise systems through which files traverse will not have access to sensitive data in the clear. The Security Officer has the control of authorizing access to sensitive data through the Policy. Application Protector The Application Protector provides a simple Application Programming Interface (API) that can be integrated with existing applications to protect sensitive data. It adds a level of flexibility beyond the Database Protector and File Protector that is sometimes required when a solution is needed for a complex enterprise data environment. The Application Protector strongly supports separation of duties. Even though a developer can use API functions to encrypt or to decrypt sensitive data, the developer never controls the data encryption key, the crypto algorithm, or the access control to sensitive data in clear. The Security Officer is in control of this and defines it in a Data Security Policy. Page 4

5 Data Protection through Tokenization Protegrity s scalable and distributed tokenization solution enables enterprises holding PCI, PHI, and PII information to replace sensitive data with high-performance tokens and manage them consistently across complex environments. Tokenization reduces the cost of data protection, and in the case of PCI compliance, minimizes the scope of assessments. Many enterprises today are especially excited about tokenization, and it is easy to understand why. Tokenization is the process of replacing sensitive data with an inert value that has no worth to a thief while retaining certain characteristics of the original data that minimizes impact to operational systems. Tokenization substantially lowers the bar for implementing data security due to its simplicity and transparency. When PCI compliance is a requirement, then tokenizing sensitive data is a good way to reduce compliance scope and cost. Performance and Scalability The high-speed performance of Protegrity Token Server provides fast creation of new data tokens and quick recovery of the original data when needed. A recent performance study benchmarked Protegrity s token creation in the range of 200,000 tokens per second from a single commodity Token Server. Scaling the solution to very large token volumes is as simple as adding commodity boxes to run the Protegrity Token Server. You can optionally deploy a load balancer of your choosing in front of the Token Servers to ensure that you get the most out of each server. The additional processing horsepower equates directly to higher tokenization throughput. Flexible Deployment; Distributed or Centralized Tokenization For geographically distributed environments, Token Servers can easily be deployed as independent, remote Token Servers to tokenize in close proximity to where the data resides. Moving tokenization close to the data significantly reduces the latency of token operations as compared to tokenization solutions from other vendors. Each independently functioning Token Server has the ability to generate the same token for the same piece of original data, and vice versa. Distributed tokenization will operate without the need to synchronize or replicate between servers. Distributed tokenization enables the deployment of a single, unified solution across data collection, processing, and storage locations that may be distributed across the globe. There is no need to worry about the possibility of data tokens colliding (and creating duplicate values), even for very large quantities of tokens. On the other hand, the Token Server can also be deployed in a central topology as is done with most token servers today. Having the choice to deliver distributed or centralized tokenization solution enables optimization of performance and security. Page 5

6 Purpose-built Token Servers Delivering tokenization for specific functions is made possible due to the ease with which Token Servers can be deployed and distributed. For example, tokenizing payment transactions can be segregated from tokenization of healthcare related information. This allows for more control over different security and performance requirements that may be impose by different business processes or industries. Multiple Token Types and Formats The Token Server delivers flexibility on the number of token types that can be created and how tokens are created. Multiple token formats are supported including numeric, alphanumeric, and masked tokens. Tokens can be created with masks that bleed part of the original data through. This can be useful when applications expect to use only certain marts of the sensitive data for business processing. Platform Approach The Protegrity Tokenization solution benefits greatly from being part of the larger Protegrity Data Security Platform. The platform provides Protegrity Data Protectors that can deliver tokenization capabilities on a diverse set of operating systems and database. All Data Protectors enforce the Protegrity Data Security Policy and collect granular enforcement audit logs that are used in compliance and forensic reports. Two distinct protectors that expose tokenization as a data protection method include: The Protegrity Application Protector (API) The Database Protector (including the Database Protector for Teradata). Risk Adjusted Data Protection Having more than a single data protection choice is important to delivering the flexibility needed to apply the right protection. The most secure data protection method, strong encryption, should not be considered the only approach. The most valuable and most exposed data, data that has the highest risk of being stolen, will require strong encryption, while other categories of data may not need as strong protection, but access to such data may still require close monitoring. Having many data protection choices under one policy and being able to apply different degree of protection depending on the sensitivity of the data enables the corporation to do Risk Adjusted Data Protection in a manner optimized for the Security Officers needs, resources, industry and regulatory requirements and for any other unique circumstances of the corporation. Protegrity supports the following data protection methods; Monitoring with no encryption Hashing Format Controlling Encryption Strong Encryption Tokenization Additionally, masking can be used to protect sensitive data by exposing in clear for example last four digits of a credit card number to an authorized users of the data while rest of the digits are kept unreadable. Page 6

7 Protecting Data in a Heterogeneous Enterprise Databases and Operating Systems Today s enterprise holds a variety of hardware, operating systems and database platforms that must collaborate to support business processes. All these may be of their respective latest version, but they may in some occasions even include environments and versions no longer supported by the vendor or third parties. Databases: Large enterprises utilize many different databases from different vendors. Common databases include Oracle, DB2. SQL Server, Informix, and Sybase. Operating Systems: Large enterprises utilize many different operating systems from different vendors. Common operating systems include Linux, UNIX, Windows, and operating systems on mainframes such as z/os and on the AS/400. Data Warehouse Platforms: Many large enterprises use Teradata Data Warehouse platforms for their Data Warehouse needs. Protegrity data protection solutions started from protecting sensitive data in DB2 databases on the mainframe. Expansion into standard databases such as Oracle, SQL Server, and DB2 on non-mainframe platforms took off as compliance requirements such as PCI become a requirement. Over the years, Protegrity Data Security Platform has grown to support the heterogeneity inherent in all large enterprises. Protegrity currently offers solutions for; Most generations of the leading databases such as Oracle, DB2, SQL Server, and Informix, and the high performing Teradata data warehouse. Most generations of the most common operating platforms including Windows, UNIX, Linux, AS/400, and the IBM mainframe supporting the z/os operating system. With the complex and often legacy driven infrastructure of today s large scale enterprise, any enterprise data security solution must be able to be interoperable with and work in a large variety of operating platforms from legacy platforms to the most current versions of these platforms. Key Management Point Solutions As enterprises build their operational systems over time, software vendors concerned with protecting data in their applications deliver security built into the applications. These systems create their own keys to protect their own data. Sometimes the keys are well protected and sometimes not. These are point solutions. The reality is that data moving through the enterprise moves from one data repository to another and from one business function to another, across many different types of systems and applications supported by different vendors. The movement of data across point solutions having silo key management and audit function can become extremely complex and consistent enforcement is impossible. The Protegrity Data Protection Platform delivers a consistent key management function across the enterprise. Security Officers administer key management via the data protection policy set in Protegrity Enterprise Security Administrator across the enterprise, across disparate systems. The Protegrity Data Protectors can be used to integrate to applications and databases throughout the data flow and deliver a unified and consistent security function supporting policy based protection rules enforcement, auditing, and reporting. Page 7

8 Putting it all Together: Protecting the Enterprise The typical enterprise data flow is depicted in Figure 2. Whether it is from retail, banking, financial services, healthcare or manufacturing, data is often collected at many collection points that are widely distributed and disconnected. These collection points can take the form of the web (e-commerce), point-of-sale terminals, branch office kiosks, hand-held devices collecting credit card data (in stores, airplanes and elsewhere), and many others. These distributed collection points are not as secure as the corporate IT center with its extensive firewalls and various types of perimeter and internal security, both physical and software based. On-site technical support is minimal and they are often not connected to the corporate IT with persistent connections. Instead they depend on nightly batch jobs to get data to the corporate IT center for processing. The sheer number, the distributed nature, and the exposure of these collection points pose a challenge for data protection. Collection File Protection, API Crypto Libraries Goal: protect sensitive data on the collection point and as it flows to Aggregation Aggregation Database Protection, API Crypto Libraries, File Protection Goal: change Security Zone, protect sensitive data at aggregation, distribute operational systems on different zones Operations Database Protection, API Crypto Libraries, File Protection Goal: protect sensitive data in different security zones, and different business applications and technologies. Analysis Database Protection Goal: High performance column level protection is required for these large analytical systems. Storage Database Protection, File Protection, API Crypto Libraries Goal: Archive protected systems with the ability to restore. Figure 2: Flow of corporate data and protection options. Data often travels to a central aggregation point at the corporate IT center. The massive amount of data funnelling into the aggregation points can easily slow down the business process. In retail, the longer the data takes to reach the settlement process, the slower they will get paid for their transactions. The typical challenge at the aggregation point is meeting Service Level Agreements (SLAs) that have been set to ensure business flow. Data leaving the aggregation point can often flow to several operational systems simultaneously. Corporate IT has built these operational systems over time. The strategy may have been based on a best-of-class strategy or there may have been home grown systems used to complement off-the-shelf systems. They may use state-of-the-art technology side by side with legacy technology. Bottom line is that the challenging characteristic of these operational systems is a highly mixed and heterogeneous set of systems that were not built with a particular attention on data security. Page 8

9 Analysis systems are often large data warehouses that are fed from many disparate sources. Enterprise Data Warehouses (EDWs) are used by many companies and can get extremely large. They often use special parallel databases to deliver the speed needed to sift through massive amounts of data required for analysis. To pick up trends, analysis requires year s worth of data which contains a gold mine of sensitive data. Data marts are often created and they propagate the sensitive data in an uncontrolled manor beyond the core EDW. Due to the massive amount of sensitive data and the exposure from the number of people that use it for analysis, the EDW is often the place to start data protection initiatives. While the archiving step appears to be the end of the enterprise data lifecycle, it can turn into the beginning. There are many reasons why companies must archive operational data for years after the transactions have been settled. Sometimes, these records must be brought back from archive. While bringing back archived data after 5 years may pose its own challenges, consider the additional impact of bringing back encrypted data. Protegrity understands these challenges and the outcome of many years of delivering end-to-end enterprise data protection solutions is the Protegrity Data Security Platform. Combined with extensive data protection methods, flexible data protection approaches policy management, key management, and robust reporting; all under one roof differentiate the Protegrity Data Security Platform from any other product in the market. About Protegrity Protegrity is the leading global security software company providing high performance, infinitely scalable, end-to-end data security solutions. Protegrity customers centrally develop, manage and control data security policy that protects sensitive information across the enterprise in databases, applications and file systems from the point of acquisition to deletion. Protegrity s solutions give corporations the ability to implement a variety of data protection methods, including strong encryption, tokenization, masking and monitoring to ensure the protection of their sensitive data and enable compliance for PCI-DSS, HIPAA and other data security requirements. Protegrity s award winning software products and innovative technology are backed by 12 industry patents, all of which differentiate the Protegrity Data Security Platform from point solutions. Protegrity employees are security technology specialists with deep industry expertise in data security approaches and techniques, including key management, forensics reporting and security policy definition and management. Protegrity has more than 200 enterprise customers worldwide who use its comprehensive data security solutions to fulfill their obligations to protect their sensitive data, brand, and business reputation. Protegrity is headquartered in Stamford, Connecticut USA. For more information visit or call Copyright 2010 Protegrity Corporation. All rights reserved. Protegrity and the Protegrity logo, are trademarks of Protegrity Corporation. 10/2010 Page 9