Many organizations start building Cyber Security programs via extensive technology spending and invest a great deal of time and energy selecting the best security solutions to mitigate risk and achieve compliance. Often this is supplemented by hiring staff with varying backgrounds and skill sets. While this bottom-up approach to developing a capability can be effective over the longer term, most often it results in significant overspend both on technology solutions, vendors/solution providers, and staff.
A data-centric data protection approach calls for de-identifying the data as close to its source as possible, replacing the sensitive data elements with usable, yet de-identified, equivalents that retain their format, behavior and meaning. This protected form of the data can then be used in subsequent applications, analytic engines, data transfers and data stores. In order words, the data de-identification process removes or obscures any personally identifiable information from enterprise data so that should a data breach occur, the “data” obtained by the perpetrator(s) will be useless. This approach effectively neutralizes data breaches.
HPE Security – Data Security provides high-quality, innovative products that deliver encryption, tokenization and masking capabilities that eliminate barriers that have made traditional encryption costly and difficult to manage.
HPE Security – Data SecurityData-Centric Technologies:
- HPE Format-Preserving Encryption (HPE FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers. HPE FPE makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address. It uses a published encryption method with an existing, proven algorithm to encrypt data in a way that does not alter the data format. The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work. HPE FPE is a mode of AES, recognized by NIST (see NIST SP-800-38G).
- HPE Secure Stateless Tokenization (HPE SST) is an advanced, patent-pending data security technology that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data, with significant Payment Card Industry Data Security Standard (PCI DSS) audit scope reduction. HPE SST technology dramatically improves speed, scalability, security and manageability over conventional and first-generation tokenization solutions. And it does so while eliminating the need to build and maintain token databases and all of the cost and complexity that goes along with such traditional token databases.
- HPE Page-Integrated Encryption (HPE PIE) encrypts sensitive user data in the browser and allows that data to travel encrypted through intermediate application tiers. Unlike traditional TLS/SSL encryption, this keeps user data private as it travels through load balancers and web application stacks, only decrypting that data when it reaches secured inner host systems. PIE encrypts data with host-supplied single use keys, making a breach of a user browser session useless for decrypting any other data in the system.
- HPE Identity-Based Encryption (IBE) takes a breakthrough approach to the problem of encryption key management. HPE IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy driven basis, facilitating granular control over access to information in real time.
These technologies can be used individually or in combination to provide highly scalable, high performance data de-identification that is standards based and that has been proven effective in many demanding real-world situations.