Perimeter Security is no Longer Enough to Protect Your
Business from Data Leaks and Breaches

nuBridges Protect is an integrated encryption, key management and logging solution to protect sensitive data at rest in database fields, files and applications. 

Even with state-of-the-art network security, sensitive data is still vulnerable in use, at rest and in transit. At nuBridges we see customers starting to change the way they think about data protection – moving the boundary from the network to the data itself.

Whether you need to implement best practices security directives or need to comply with mandates like PCI DSS, HIPAA and government privacy acts, nuBridges Protect is an ideal choice if you demand:

• Flexible encryption of any data type on a variety of enterprise platforms
• Centralized key management
• Complete audit logging
• Rapid, non-invasive implementation, easy CPU-based price model
• High-performance, high-availability architecture

nuBridges Protect is proven in production use for business-critical operations. For example, it’s protecting millions of credit card numbers (maybe even yours!) for some of the most prominent retail brands in the industry. It’s protecting customer loyalty information for casinos. Social security numbers for insurance companies. Personal student information for schools.

Encryption is a perfect companion to strong perimeter and firewall protection – even if the bad guys manage to get in, as long as the sensitive data is encrypted no matter where it rests (and the keys are inaccessible), it will be useless to them. Encryption is also one of the most important ways to protect against internal threats, which some estimates put as high as 73% of all breaches – your firewall and perimeter security can’t protect you from internal breaches, but encryption can.

Now that encryption is becoming a de-facto strategic weapon in the data protection arsenal, our customers want to standardize on a robust and elegant solution that’s built for the enterprise.

With nuBridges Protect you can encrypt all types of data including credit card numbers, customer loyalty information, social security numbers, employee compensation, healthcare information, financial data and any other proprietary or personally identifiable information (PII).

nuBridges Protect was designed to provide organizations with multiple ways to protect sensitive data. nuBridges Protect supports field, file and database level encryption and supports 3DES, AES 256 and other algorithms.

With nuBridges Protect, you can easily mask data to make certain information available for authorized users without having to expose the data itself – a typical use of this feature is to mask all but the last 4 digits of a credit card number associated with a retail transaction so that cashiers have just enough information to verify the card when processing a merchandise return – the system exposes only the masked value. Data masking not only helps to ensure the security of your data, but also saves valuable processing resources since you don’t have to decrypt data to allow access to the masked values.

Masking is also an important tool for preventing data leaks via development/test environments. One common issue that is uncovered in security audits is that development and test environments use copies of real data to simulate the production environment. Hashing or full encryption would destroy the structure of the data, compromising development and test activities. Masking is the perfect solution because it preserves the structure of the data, but gives developers no access to sensitive information.

Secure SHA-1 and SHA-2 hashing allows you to continue to perform functions such as fraud prevention analysis without the need to expose encrypted data (interference with fraud prevention analysis is one of the problems with unsophisticated encryption solutions). And nuBridges Protect utilizes a secure hashing methodology which eliminates dictionary attacks that are possible with basic one-way hashing.

nuBridges Protect is one of the industry’s most adaptable data protection solutions and protects data on a wide variety of enterprise platforms including IBM mainframe, IBM i, Windows, UNIX and Linux, and databases including Oracle, DB2 and Microsoft SQL server.

The more data you encrypt, the more difficult it becomes to manage proliferating keys effectively. nuBridges Protect is designed to balance two equally important (and opposing) objectives: Keep keys safe from unauthorized exposure and make sure they’re there when you need them for authorized use.

The amount of information that must be encrypted and decrypted is increasing exponentially, leading to a corresponding trajectory in the number of keys to be safely managed throughout a lifecycle that includes many processes:

These processes must be performed in a manner that is secure, tamper-proof, available and auditable. They must allow for an infinite variety of lifecycle timelines – from seconds to years. And they must support regulation-specific key handling such as that mandated by the PCI DSS, government privacy acts and other industry mandates.

nuBridges Protect includes a centralized key manager that generates, distributes, rotates, revokes and deletes keys to enable encryption and to allow only authorized users to access sensitive data. It rotates keys without requiring you to re-encrypt your data (unlike other solutions, which may require the overhead and risk of re-encryption, and also may require you to bring your database down during re-encryption).

nuBridges Protect also manages keys across disparate platforms and systems. This means that you can centrally manage the encryption keys for nuBridges Protect encryption across all of the different databases, operating systems and devices that you have throughout your organization.

Because the nuBridges Key Manager can track an infinite number of keys, it can handle all backup media encryption without the need to pull tapes and re-encrypt with new keys once old keys have expired. It provides intelligent backup media key management which eliminates the need to manually track keys, and allows you to utilize keys for tapes that have been stored for an extended period of time without having to store the key with the encrypted data (a requirement for PCI DSS compliance, and an important best practice in general).

The Key Manager is used to define and enforce policies that govern who can access keys. This separation of duties between those who manage the keys and those who use the keys (for example, database administrators) is a critical element of good data protection.

nuBridges Protect includes complete logging so that you always have a record of any activity related to your sensitive data. nuBridges Protect records all encryption, decryption, and key management events, by user and time, so you always know when your sensitive data is accessed and by whom. It also records all unauthorized access attempts to encrypted data and keys. Also, nuBridges Protect signs its audit logs to protect against tampering. All logs are syslog-compliant, so you can easily integrate with your Security Incident and Event Manager (SIEM) package to proactively monitor the security of your data and prevent breaches before they happen.

nuBridges Protect can be up and running in no time. All software modules are easily installed; most customers use existing hardware. Using a sophisticated system of tokens, nuBridges Protect allows you to encrypt fields without expanding the field size or altering the structure of your databases - that means no changes to the applications that rely on them!

Since nuBridges utilizes background encryption, it’s not necessary for you to bring down your databases during the initial batch encryption, during ongoing operational encryption or when performing key rotation. That means business-critical databases and applications are always available.

Not only can your systems run uninterrupted while the encryption is being performed, the process is very efficient. For example, one customer recently encrypted 153 million records using nuBridges Protect. The entire process ran during normal daily operations without interrupting a single transaction.

nuBridges Protect elegantly enhances your existing backup processes without disruption. Because nuBridges Protect encrypts your sensitive information at its source, any backup copies of that data are of course stored in encrypted format. When backed-up data needs to be accessed for recovery or audit purposes, information is simply restored from the backup medium and then with proper credentials the correct encryption key is used to decrypt the data. The encryption keys are stored in a ‘key vault’ within the Key Manager and only accessed when required. Keys are always stored separately from the encrypted data on the backup medium – a very important best practice. That means IT can use one consistent backup process for all data – no exceptions for sensitive data - as long as you are encrypting it with nuBridges Protect.

nuBridges Protect employs a hub and spoke architecture for distributed key management. Encryption and decryption nodes (e.g. nuBridges software modules installed locally at the encryption/decryption endpoints) may exist at any point within the enterprise ecosystem. Key management is administered centrally, but does not require a persistent connection.

Once the spoke components are active, all encryption and decryption of data is performed locally, thus minimizing the risk of a network or single component failure having a large impact on the overall data security operation. In other words, nuBridges Protect requires no persistent connection between the centralized administration modules and the encryption/decryption endpoints, resulting in the industry’s most reliable and available data protection solution.

Contact nuBridges to learn more – we’d be delighted to answer your questions, show you the capabilities of nuBridges Protect, and propose a module set tailored specifically to your business needs and technology ecosystem.