About  |  Resource Center  |  News  |  Partners  |  Careers
 
 
  SOLUTIONS
Encryption & Key Mgmt
    Tokenization  
  Managed File Transfer
  B2B Integration Gateway
  PCI DSS Compliance
    HITECH Act Compliance  
    PII Data Protection  
    US State Breach Notification Law Compliance  
  Electronic Data Interchange
  e222 Controlled Substance Ordering System
  Let's Talk
nuBridges
Home  > Solutions  >  Encryption & Key Management
nuBRIDGES PROTECT™ - ADVANCED
ENCRYPTION, TOKENIZATION &
KEY MANAGEMENT SOFTWARE


Perimeter Security is No Longer Enough to Protect
Your Business from Data Leaks and Breaches

nuBridges Protect is an integrated encryption, tokenization, key management and logging solution to protect sensitive data at rest in databases, applications and associated backup storage.  

Even with state-of-the-art network security, sensitive data is still vulnerable in use, at rest and in transit. At nuBridges we see customers starting to change the way they think about data protection – moving the boundary from the network to the data itself.

Whether you need to implement best practices security directives or need to comply with mandates like PCI DSS, HIPAA, GLBA and government security regulations, nuBridges Protect is an ideal choice if you demand:

Award winning nuBridges Protect is proven in production use for business-critical operations. For example, it’s protecting millions of credit card numbers (maybe even yours!) for some of the most prominent retail brands in the industry. It’s protecting customer loyalty information for casinos. Social security numbers for insurance companies. Personal student information for schools.

Two Data Protection Methods

Only nuBridges Protect offers two methods for securing data in applications and databases - both integrated with a centralized key manager - across such a wide variety of enterprise platforms;

Local, field-size-preserving encryption nuBridges Protect encrypts locally at the database or application and stores the cipher text in place of the original value or, if preserving field size is important, stores the cipher text in a local table and replaces the original values with field-size-preserving surrogate values or masked values.  Requires no persistent connection to any centralized services at runtime.
Format Preserving Tokenization™ with central data vault nuBridges Protect generates format-preserving tokens and inserts them in place of the sensitive data, then encrypts the original data and stores the cipher text in a central data vault.  Eliminate cipher text instances throughout the enterprise.

There are benefits to each method that map to typical enterprise use cases.  Only nuBridges Protect offers this flexibility in one integrated solution.

The Power of Encryption and Tokenization

Encryption and tokenization are perfect companions to strong perimeter and firewall protection – even if the bad guys manage to get in, as long as the sensitive data is encrypted or tokenized no matter where it rests (and the keys are inaccessible), it will be useless to them. Encryption and tokenization are also important ways to protect against internal threats, which some estimates put as high as 73% of all breaches – your firewall and perimeter security can’t protect you from internal breaches, but encryption and tokenization can.

Now that encryption is becoming a de-facto strategic weapon in the data protection arsenal, our customers want to standardize on a robust and elegant solution that’s built for the enterprise.

Flexible Data Protection for the Enterprise

With nuBridges Protect you can encrypt or tokenize all types of data including credit card numbers, customer loyalty information, social security numbers, employee compensation, healthcare information, financial data and any other proprietary or personally identifiable information (PII).

nuBridges Protect was designed to provide organizations with multiple ways to protect sensitive data. nuBridges Protect supports field, file and database level encryption and supports 3DES, AES 256 and other algorithms.

With nuBridges Protect, you can easily mask data to make certain information available for authorized users without having to expose the data itself – a typical use of this feature is to mask all but the last 4 digits of a credit card number associated with a retail transaction so that cashiers have just enough information to verify the card when processing a merchandise return – the system exposes only the masked value. Data masking not only helps to ensure the security of your data, but also saves valuable processing resources since you don’t have to decrypt data to allow access to the masked values.

Masking is also an important tool for preventing data leaks via development/test environments. One common issue that is uncovered in security audits is that development and test environments use copies of real data to simulate the production environment. Hashing or full encryption would destroy the structure of the data, compromising development and test activities. Masking is the perfect solution because it preserves the structure of the data, but gives developers no access to sensitive information.

Secure SHA-1 and SHA-2 hashing allows you to continue to perform functions such as fraud prevention analysis without the need to expose encrypted data (interference with fraud prevention analysis is one of the problems with unsophisticated encryption solutions). And nuBridges Protect utilizes a secure hashing methodology which eliminates dictionary attacks that are possible with basic one-way hashing.

nuBridges Protect is one of the industry’s most adaptable data protection solutions and protects data on a wide variety of enterprise platforms including IBM mainframe, IBM i, Windows, UNIX and Linux and databases including Oracle, DB2 and Microsoft SQL server.

Centralized Key Management

The more data you encrypt, the more difficult it becomes to manage proliferating keys effectively. nuBridges Protect is designed to balance two equally important (and opposing) objectives: Keep keys safe from unauthorized exposure and make sure they’re there when you need them for authorized use.

The amount of information that must be encrypted and decrypted is increasing exponentially, leading to a corresponding trajectory in the number of keys to be safely managed throughout a lifecycle that includes many processes:

Generate
Distribute
Archive

Store
Rotate
Retrieve

Backup
Expire
Destroy

These processes must be performed in a manner that is secure, tamper-proof, available and auditable. They must allow for an infinite variety of lifecycle timelines – from seconds to years. And they must support regulation-specific key handling such as that mandated by the PCI DSS, government privacy acts and other industry mandates.

nuBridges Protect includes a centralized key manager that generates, distributes, rotates, revokes and deletes keys to enable encryption and to allow only authorized users to access sensitive data. It rotates keys without requiring you to re-encrypt your data (unlike other solutions, which may require the overhead and risk of re-encryption, and also may require you to bring your database down during re-encryption).

nuBridges Protect also manages keys across disparate platforms and systems. This means that you can centrally manage the encryption keys for nuBridges Protect encryption across all of the different databases, operating systems and devices that you have throughout your organization.

Because the nuBridges Key Manager can track an infinite number of keys, it can handle all backup media encryption without the need to pull tapes and re-encrypt with new keys once old keys have expired. It provides intelligent backup media key management which eliminates the need to manually track keys, and allows you to utilize keys for tapes that have been stored for an extended period of time without having to store the key with the encrypted data (a requirement for PCI DSS compliance, and an important best practice in general).

The Key Manager is used to define and enforce policies that govern who can access keys. This separation of duties between those who manage the keys and those who use the keys (for example, database administrators) is a critical element of good data protection.

Complete Audit Logging

nuBridges Protect includes complete logging so that you always have a record of any activity related to your sensitive data. nuBridges Protect records all encryption, decryption, and key management events, by user and time, so you always know when your sensitive data is accessed and by whom. It also records all unauthorized access attempts to encrypted data and keys. Also, nuBridges Protect signs its audit logs to protect against tampering. All logs are syslog-compliant, so you can easily integrate with your Security Incident and Event Manager (SIEM) package to proactively monitor the security of your data and prevent breaches before they happen.

Rapid, Non-Invasive Implementation

nuBridges Protect can be up and running in no time. All software modules are easily installed; most customers use existing hardware. nuBridges Protect allows you to encrypt or tokenize fields without expanding the field size or altering the structure of your databases - that means no changes to the applications that rely on them!

Since nuBridges utilizes background encryption, it’s not necessary for you to bring down your databases during the initial batch encryption, during ongoing operational encryption or when performing key rotation. That means business-critical databases and applications are always available.

Not only can your systems run uninterrupted while the encryption is being performed, the process is very efficient. For example, one customer recently encrypted 153 million records using nuBridges Protect. The entire process ran during normal daily operations without interrupting a single transaction.

nuBridges Protect elegantly enhances your existing backup processes without disruption. Because nuBridges Protect encrypts your sensitive information at its source, any backup copies of that data are of course stored in encrypted format. When backed-up data needs to be accessed for recovery or audit purposes, information is simply restored from the backup medium and then with proper credentials the correct encryption key is used to decrypt the data. The encryption keys are stored in a ‘key vault’ within the Key Manager and only accessed when required. Keys are always stored separately from the encrypted data on the backup medium – a very important best practice. That means IT can use one consistent backup process for all data – no exceptions for sensitive data - as long as you are encrypting it with nuBridges Protect.

The tokenization features of nuBridges Protect also solve the age-old problem of how to support systems development and testing - now  enterprises can provide developers with tokens that look and act just like production data without exposing any sensitive information at all.

Proven Data Protection for the Enterprise

Contact nuBridges to learn more – we’d be delighted to answer your questions, show you the capabilities of nuBridges Protect, and propose a module set tailored specifically to your business needs and technology ecosystem.

2009 Product Awards
Info Security Products Guide names nuBridges Protect Winner of 2009 Global Excellence in Compliance Solution Award Info Security Products Guide names nuBridges Protect Winner of 2009 ‘Tomorrow’s Technology Today’ Award nuBridges Receives Network Products Guide 2009 Product Innovation Award

 

 

 
Next Steps
A sample of the customers who rely on nuBridges Protect:
  • ADT Security Services
  • AIG Insurance
  • Arcadia Group
  • Bally's Casino
  • Brookstone
  • Cracker Barrel
  • Discount Tire
  • Harrah's
  • Sinclair Oil
  • Timberland 
Resources
Compliance Center
Related Products
 

Learn more about Tokenization

 

 
 
Sharing Data. With Confidence. © 2010 nuBridges, Inc.     Blog   RSS Feeds   Privacy Policy  Site Map  Contact Us