SecurDPS

Enterprise wide Tokenization and Encryption

  • What happened to SecurData?

  • Introduction - SecurDPS

    Why should I care?


      • Data breaches can cause severe financial and reputational damages to businesses processing sensitive data.

      • Compliance rules and regulations such as PCI DSS, GDPR, HIPAA as well as national laws require organizations to protect sensitive customer data. Failure to implement these technologies can result in serious fines.

      • Failure to implement strong security measures for your customers will result in loss of business with existing customers and failure to acquire new customers.

      Records Lost Since 2013: 5.3 Billion (5,329,418,398)

      To put this into perspective, that is approximately:

      • 17 times the population of the USA (318,9 Million)
      • 4 times the population of China or India
      • 70 percent of the population of Earth (7.5 Billion)

      Data gathered from public sources and based on breachlevelindex.com - updated 11 Nov 2016

      Live Attack Map

      Interactive map of attacks happening right now at:

      map.norsecorp.com 

      Breaches by Industry since 2013

      Data Breaches since 2013 by Industry

      Breaches by Source since 2013

      Data Breaches since 2013 by Source
    • Description - SecurDPS

      A powerful Tokenization and Encryption Solution for enterprise wide Protection of your sensitive Data

      SecurDPS is an on premise enterprise wide tokenization and encryption solution which provides the technology to successfully protect sensitive data with minimal efforts and in many cases without changing existing applications. SecurDPS allows organizations to take complete control of their sensitive data, lower compliance costs and significantly reduce the impact of data breaches.

      SecurDPS has evolved from comForte's HPE NonStop focused SecurData tokenization solution (SecurData is at the heart of SecurDPS, learn more) which meanwhile has become the most widely used tokenization solution on these mission critical HPE NonStop systems.

      The basis for the SecurDPS product suite is the flexible and sophisticated integration framework which allows introducing additional data protection layers for existing and new applications, in many cases even without changing any code in the respective application.

      These protection layers supported by SecurDPS can range from auditing of which user accessed a specific database record, to fully protecting sensitive elements or files with stateless tokenization or encryption, optionally combined with key protection in Hardware Security Modules (HSMs) and split-knowledge, dual control mechanisms. In addition, SecurDPS can also be seamlessly integrated with enterprise data protection solutions such as HPE SecureData. In combination with another enterprise protection solution, SecurDPS can provide the transparent integration capabilities for the other protection solution.

      In order to provide maximum flexibility, SecurDPS is offered with various modules to allow companies to easily find the optimal solution for their specific protection needs.

      comForte SecurDPS Modules

      Contact us to speak to a product specialist and to discuss how SecurDPS - the Data Protection Suite can help you secure your environment.

      Contact Us 

    • Videos

      Our new enterprise wide Data Protection Suite - SecurDPS
    • Resources

      comForte SecurDPS Infographic

      SecurDPS at a glance

      Infographic PDF

    • Benefits - SecurDPS Framework

      Business Benefit
      Description
      Time and Cost efficient in Implementation
      Transparent integration capabilities reduces efforts and costs for implementation to a minimum. Allows implementing protection in month rather than years and at a fraction of the cost of a solution not able to provide transparent integration.
      Time and Cost efficient in Operation
      SecurDPS is easy to operate and the high performance architecture results in minimal impact on the system and thus negligible impact on cost per transaction. You won’t find a more efficient solution in the market.
      Significantly reduced risk of a costly data breach
      Provides security by design with all capabilities required to achieve data protection without gaps (such as intermediate files in the clear or insecure communication without sufficient application frameworks in place)

      Together with a data protection engine such as comForte’s tokenization engine or HPE SecureData (formerly known as Voltage SecureData) enables comprehensive protection so that files and databases containing sensitive data are of no use to an attacker.
      Future proof
      Highly flexible and scalable. Meets your environment needs today, and is highly flexible and scalable to meet future changes in your envronment or processing needs. Includes support for changing and combining data-protection engines easily avoiding data protection engine vendor lock-in.
      Proven
      Proven solution which has been tested and deployed in production at various sites around the world, from small to very large. Don’t take a risk - your most valuable data deserves nothing less!

    • Architecture - How does it work?

      SecurDPS uses the HPE NonStop platform to run its core framework and all tokenization operations, basically acting in a similar role to a tokenization appliance. Due to its design for security and high availability, reliability and linear scalability, the HPE NonStop provides an optimal platform for the core framework and security sensitive operations like tokenization.

      As depicted in the first diagram, the SecurDPS core on the HPE NonStop platform serves both local applications (e.g. Base24, Connex, etc) as well as other enterprise hosts with tokenization services. Enterprise hosts connect into the SecurDPS core on the NonStop over a secure connection using SSH. In combination with comForte's CSL product, enterprise applications can also use tokenization services via standard webservice protocols such as SOAP or JSON/REST. For more details see the SecurDPS Integration Options.

      comForte's patented highly efficient tokenization algorithm is stateless (aka. vaultless), scales linearly and has been vetted by independent cryptologists who are well recognized experts in the industry. If you want to know more, please see here for details on the Tokenization engine of SecurDPS.

      The actual integration of tokenization and encryption into existing and new applications can be performed in two ways:

      1. Classic approach of using an API
      2. Application transparent integration

      The sophisticated application transparent integration capabilities allow you to introduce the protection layer of tokenization or encryption into existing application without any source code change or even if into 3rd party applications. This saves time, efforts and costs in implementation.

      How does that work? See the detailed explanation of the SecurDPS integration options here

      SecurDPS High Level Architecture
      SecurDPS Enterprise High Level Architecture
    • Features - SecurDPS Framework 

      Features
      Description
      Transparent Integration - In many cases no source code changes required
      The application transparent integration capabilities allow for integration of tokenization and encryption without changing or even having access to the applications' source code.
      Transparent Integration in SecurDPS is currently supported for all use cases on HPE NonStop (including Enscribe, SQL/MP, SQL/MX, IPC) as well as for sequential file processing use cases on Windows, Linux, Unix as they typically happen for settlement operations. Transparent integration into databases on platforms other than HPE NonStop is currently not supported. The database layer is in many cases not the right layer to integrate protection in for non-NonStop systems but instead do the tokenization/detokenization operations closer to the user.
      Contact us if you want to learn more.
      Easy and seamless integration with (Enterprise) Data Protection Solution
      Can easily and seamlessly be integrated with comForte’s tokenization engine or other data protection solution, such as HPE SecureData. In this way enterprise protection solutions which just provide an API can be enhanced with application transparent integration capabilities.
      SecurDPS then provides the glue between the application and the enterprise data protection solution avoiding having to rewrite any application code. The flexible framework of SecurDPS even allows to run tokenization engines at the same time if desired, or, do translation from one tokenization engine to the other. This allows for coping with heterogeneous tokenization environments and efficiency.
      Highly secure architecture
      Strong application process Authentication, Authorization and Auditing of data protection engine access. SecurDPS provides tight control mechanisms to configure which processes can access data very granularly, e.g. based on attributes like object file, process name, user ids, creator ids, and numerous other attributes. It also provides an audit log of all authorized access.
      Online migration support
      Tools for automatic no-downtime data migration as well as support for commonly used manual migration tools (e.g. FUP LOAD on HPE NonStop).
      Identification of sensitive data elements even in complex data structure
      Configurable for sensitive data elements within complex structures, including ISO8583 messages and custom formats.
      Extensible for custom data transformation needs
      A user exit provides support for performing any custom data transformation before or after the sensitive data element is processed by SecurDPS.
      Configurable data transformation to allow protecting any data with 3rd party protection engines
      Configurable transformation between host-specific data formats and formats supported by the protection engine (e.g. EBCDIC, dates).
      Support for interleaving multiple data elements for strong protection of small domain elements
      Supports interleaving of multiple data-elements, e.g. to enables secure protection of small domain data elements, e.g. sex (m/f) with the help of using other data elements as additional input (tweak).
      API for cases where direct control is desired
      Abstract data protection API that can be easily consumed by any HPE NonStop application.
      Leverages HPE NonStop fundamentals
      SecurDPS runs on HPE NonStop systems and leverages the key HPE NonStop fundamentals of reliability, scalability, and availability.
      Interacts seamlessly with Disaster Recovery solutions
      SecurDPS is compatible with data replication tools including those which also employ intercept technology. Any disaster recovery architecture is supported, including Active/Active.
      Highly flexible configuration framework
      SecurDPS is highly configurable and flexible enough to address not only your current, but also your future needs.

    • Spotlight: SecurDPS highlights in more detail

      High performance tokenization with comForte's patented, stateless and independently security validated tokenization engine.

      SecurDPS has been tested and is deployed at various sites running the Connex or Base24/Eps payment application. Specially crafted preconfiguration modules provides easy and proven integration for B24 and Connex.

      SecurDPS can provide multiple protection layers for full protection at the file-level. File level protection for sequential file I/O can even be integrated into existing applications without any source code change required.

      SecurDPS provides the classic integration approach via APIs, however in many cases application change is not even needed due to the application transparent integration capabilities.

      With comForte's Format Preserving Hash (FPH) engine, password files or any other sensitive data elements that do not need to be protected in a reversible way, can be protected securely.

      SecurDPS provides intelligent and transparent logging of access to sensitive data.

    • Related Products

      SecurLib enables the integration of SSL encryption into self-written TCP/IP applications. It also enables database encryption and easy access to cryptographic algorithms.

      Client Server Link (CSL) is a middleware that allows clients on any platform to access Pathway applications running on HPE NonStop servers.

      PANfinder™ is a comprehensive PAN data discovery software solution which scans systems for any unprotected PAN data.