Thomas Gloerfeld l Dec 19, 2022 7:05:47 PM l News

Data-centric Security by comforte on IBM z

Wiesbaden, Germany – 23 November 2022 – Applications and data in the enterprise are so transient now, changing and moving rapidly, one moment in the cloud and the other in the data centre. Traditional controls that come with modern cloud platforms tend to be from a prior generation of data-at-rest, data-in-motion access controls, and perimeter-based protections.

Unfortunately, these models have proven incompatible with the new types of threats we see. When you combine the adoption of new technologies, hyper-agile processes, and increased volumes of data, these more traditional controls fail to secure your data.

Protecting sensitive data at its earliest point of entry into your systems, and reducing the need to expose the data afterwards, facilitates your business operating within and complying with regulations, all while effectively managing risks.

Implementing data-centric security requires a platform that not only offers protection methods fitting your specific use cases but also allows you to identify, assess, and classify data sets and perform data analytics across all of them. A data-centric solution must enable you to integrate into your enterprise applications and existing data security infrastructure.

SecurDPS – the solution

SecurDPS is a scalable and fault-tolerant enterprise tokenization solution. It allows organizations to achieve end-to-end data protection, lower compliance costs and significantly reduce the impact and liability of data breaches.

Comforte’s patented tokenization algorithm provides linearly scalable, high-performance tokenization. The algorithm is stateless, vaultless, and collision-free. The tokenization table holds a large set of random numbers gathered during the initialisation of the system. Once started, the static tokenization table is then loaded entirely into memory. All tokenization operations happen purely in memory and CPU without disk IO.

SecurDPS allows configuring any number of tokenization strategies. A strategy controls how a sensitive data element is protected. Properties of a strategy include the tokenization table, algorithm attributes, the token format (e.g., how many leading and trailing characters are left in the clear), a distinguish method (i.e., how plain values can be distinguished from tokens), and more. Format-preserving tokens can be generated for Credit Card Numbers, Social Security Numbers, and other personally identifiable information such as names or email addresses.

The comforte tokenization approach and algorithm have been vetted by independent cryptologists and are also one of the reference schemes for static table-driven tokenization in the ANSI X9.119-2 tokenization standard (C.3.3.2).

Once an organization starts implementing data protection measures, the actual encryption or tokenization of sensitive data is pretty straightforward. The complexity related to integrating data protection services into Enterprise Applications is the real key to determining the time and effort it takes to achieve a fully protected state. This factor must be considered thoroughly as it determines the cost and risk associated with any data protection project.

Comforte identified this key challenge very early on and has designed its data protection suite to make integration as easy as possible. SecurDPS comes with sophisticated out-of-the-box integration capabilities enabling the implementation of data protection without any change to the application in a fully transparent fashion. Project time is shortened by leveraging the integration capabilities. Service interruptions due to development and deployment activities can typically be avoided. Additionally, the suite provides a comprehensive Software Development Kit (SDK) designed and documented with the crucial goals of maximizing developer productivity and ease of use.

SecurDPS has built-in audit and analysis capabilities to help different IT or security stakeholders to make the right decisions. The captured metadata creates a solid audit trail and allows stakeholders to gain real-time insights into critical questions around data protection in the enterprise.

SecurDPS for IBM z

Comforte SecurDPS Enterprise for IBM z contains components for offering data protection on an IBM mainframe. A Protection Cluster is centrally managed by a component called Management Console (MC) or Management Node (MN). This component is part of the SecurDPS Enterprise Protection Cluster. The Management Node must be running before SecurDPS Enterprise for IBM z can provide protection services to enterprise applications running on the IBM mainframe. The SecurDPS protection services on IBM z are provided by SecurDPS Protection Nodes (PN). At least one PN must be configured, but it is possible to start any number of PNs.

IBM zSystems technology is built to build the future of cyber resiliency. Designed to meet the needs of the most regulated industries, IBM z technology can help protect today’s data from “harvest now, decrypt later” quantum attacks, help you automate and simplify compliance audit readiness to lower cost and risk, and enables you to plan and proactively mitigate the impact of disasters.

SecurDPS on IBM zSystems technology is the perfect combination of hardware and software to implement an innovative, agile, and scalable data-centric security solution that protects your most mission-critical and sensitive data.
Share this:  LinkedIn XING Email

Learn more about the data security platform on IBM z:

Learn more

Related posts