Transparent Data Protection
At the 2016 NonStop Technical Boot Camp in November, HPE Security – Data Security introduced the new HPE SecureData Transparent Data Protection solution to the market. HPE SecureData Transparent Data Protection for HPE NonStop is XYPRO’s XYGATE Data Protection (XDP)—engineered and deeply integrated with HPE SecureData Enterprise to add new high value data protection features and benefits for the HPE NonStop customer community. HPE SecureData Transparent Data Protection for HPE NonStop delivers nowaited/non-blocking encryption and tokenization with high performance, standards-recognized Hyper Format-Preserving Encryption (HPE FPE) and Hyper Secure Stateless Tokenization (HPE SST), engineered in a seamless integration for data-centric protection that is easy to configure, install, use, and maintain.
A transparent data protection solution is often the only way to retrofit data protection into existing applications. Data is protected on ingress/egress to the application without requiring any application changes. As such, it is also the easiest data protection solution to implement and deploy. The implementation consists of 3 major steps:
- Designing the appropriate data protection model
- Defining the level of access that each application will have to different types of data
- Configuring the transparent data protection solution.
On the HPE Nonstop server, transparent data protection is commonly implemented through I/O intercept libraries. The HPE SecureData Transparent Data Protection solution enables and facilitates enterprise wide data protection.
HPE SecureData Transparent Data protection meets these challenges with the following technologies:
- Stateless key management which allows the elimination of key vaults.
- Standards based format-preserving encryption.
- Standards based stateless tokenization.
- Enterprise-wide protection format enforcement.
- State-of-the art HPE Nonstop transparent data protection using I/O Intercept.
HPE NonStop Transparent Data Protection Using I/O Intercepts
HPE SecureData Transparent Data Protection for HPE NonStop is illustrated in this figure.
XDP was designed and engineered to integrate seamlessly with HPE SecureData and allows for simple, comprehensive data protection with minimal impact on your applications and databases.
XDP’s transparent data protection:
- Allows HPE SecureData implementation with no application changes
- Supports both Guardian and OSS
- Supports all types of HPE NonStop executable, from older non-native (code 100), to newer native (code 800 and 500) types
- Adds multiple language support, including TAL, COBOL, C and Java
- Provides a distributed architecture and packaged functionality out of the box
- Includes comprehensive access control and auditing, including integration with XYGATE Merged Audit, and HPE ArcSight
- Provides nowaited/non-blocking encryption/tokenization
Within HPE SecureData Transparent Data Protection, the XDP intercept seamlessly provides both HPE SecureData Payments and HPE SecureData Enterprise functionality. This deep integration includes configurability of various fine-tuning mechanisms, such as:
- Persistent and non-persistent caching which enables various HPE Nonstop standalone modes in case of failures, at cold-start, or for performance reasons;
- Entropy-source selection for use in SSL and otherwise;
- Use of payments and enterprise formats;
- Field-level authorization group mapping to different HPE SecureData crypto districts with distinct authentication/authorization rules;
- Field-level protection mapping to protection servers.
The intercept itself supports various modes of the Enscribe native hierarchical database as well as SQL databases with sensitivity to peculiarities of in place-substitution of the role of various record filed values.
Transparent data protection closes the data protection gap in cases where API level protection is not an option. It also provides the fastest and easiest data protection integration for many use cases.
HPE SecureData Transparent Data Protection is unique in its ability to provide a surprising simple, complete data-centric solution for any size system or enterprise.
[Watch for the upcoming issue of the Connection Magazine for the full article on this topic, authored by Branislav Meandzija, Technology Leader, HPE Security – Data Security and Andrew Price, VP Technology, XYPRO.
You may also be interested in this blog on XYPRO.com.]