Xygate Data Protection: Optimizing Voltage Security Tokenization and Encryption For HP Nonstop Environments
Xygate Data Protection: Optimizing Voltage Security Tokenization and Encryption For HP Nonstop Environments
• Introduction to XYPRO
• Introduction to HP Voltage Data-centric
Security
• Data Protection for the HP NonStop
• Unique Requirements
• HP Voltage SecureData Optimization
with XYPRO XDP
• XDP Deployment Options
• Summary
5,000,000
0
10m 50m 100m
NUMBER OF RECORDS
Traditional “Solutions” to Data Breaches
• Protecting data at rest is easy, isn’t it? Why are we still seeing these breaches?
• Two problems
• Traditional infrastructure solutions do not protect the data consistently throughout the enterprise
• Implementing traditional encryption solutions is hard!
XYPRO has been partnering with HP Security Voltage for over two years to address
these issues
About HP Security Voltage
WHY?
Major Security Breaches Continue To Occur...
Impossible to protect against every vulnerability –
IT infrastructures will continue to be breached
AES
8juYE%Uks&dDFa2345^WFLERG
? Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…
Key management can be a nightmare
Security Gap
Malware, Storage
Disk Encryption
Insiders
Advantages of HP Security Voltage Data Protection
Minimal change to data structures and applications
FPE
AES
in applications and analytics
8juYE%Uks&dDFa2345^WFLERG 7412 3423 3526 0000
? Ija&3k24kQotugDF2390^320OWioNu2(*872weWaasIUahjw2%quiFIBw3tug^5a…
Simplified operations via Stateless Key Management
versus
Name SS# Salary Address Enroll Date
2890 Ykzbpoi
Kwfdv Cqvzgk 161-82-1292 100000 Clpppn, CA 10/17/2005
End-to-end Security
Preserve format, within
structure
versus andabehavior
consistent
Data Protection Framework Policy controlled,
dynamically generated Keys
Key Database
HP Security Voltage Provides This Protection
Threats to Traditional IT Data Security Gaps HP Security Voltage
Data Infrastructure Security Ecosystem Data-centric Security
Data Protection
Security Gap
End-to-end
Databases
SQL Injection, Database Encryption
Malware
Security Gap
File Systems
Malware, SSL/TLS/Firewalls
Insiders
Security Gap
Malware, Storage
Disk Encryption
Insiders
NonStop Environment:
Unique Data Protection Requirements
• Protect extremely sensitive data and mission-critical applications
• Support older legacy applications and newer (often ported)
applications
• Support a wide variety of data types including payments
and other PII (e.g., SSN, DoB)
• Support NonStop’s OS personalities and executable types
• Conform to NonStop fault tolerance fundamentals
• Be highly performant
• Be secure and integrate with NonStop’s unique security framework
XDP
Data-Centric Security
XDP
Data-Centric Security
PAN:7412 3456 7890 0000 8juYE%UkFa2345^WFLE 8juYE%UkFa2345^WFLE 8juYE%UkFa2345^WFLE PAN:XXXX XXXX XXXX 0000
19
XYGATE®Data Protection
XDP
Data-Centric Security
XYPRO Technology
(C) 2014 – All Rights
Voltage Security, Inc. Reserved
All Rights Reserved 20
XYGATE®Data Protection
Data-centric Security and Payment Processing
XDP
Data-Centric Security
PAN: 7412 8724 9002 0000 7412 8752 8346 0000 7412 8752 8346 0000 7412 8752 8346 0000 7412 8752 8346 0000
21
XYGATE®Data Protection
XDP
Data-Centric Security
XDP
Data-Centric Security
XDP SDK
HP NonStop
• Lightweight programmatic NonStop
NonStop
Databases
interface that can embed directly Clear Applications
Tokenize
into NonStop application Data (e.g.,
BASE24)
d/Encrypt
ed Data
• Enables multi-threaded NonStop
Upstrea
applications to have non-blocking m
XDP
access to Voltage SDK Pathway
Apps
Audit Data
encryption/tokenization engine Tokenized
XDP / /Encrypted
• Supports multiple programming XM Voltage Data
Servers
languages A
one time Other
• Minimal code changes Systems
Z/ OS
Linux
SIEM Key
Unix
(e.g., HP Management
Windows
ArcSight) Servers Hadoop
Etc.
XDP
Data-Centric Security
XDP
Data-Centric Security
“Tokenization impact on average auth response time is miniscule”, HP NonStop POS Team member
XDP
Data-Centric Security
XDP
Data-Centric Security
XYPRO/Voltage Advantages
Format-Preserving Encryption
(FPE)
& Secure-Stateless-Tokenization (SST