Secure Data at rest with “Proxy Data”

ProxyFort

Securing Data at Rest

Enterprises are required to protect all consumer data at various stages such as in transit, at rest, or during testing, and to meet Payment Card Industry (PCI) mandates. There are several ways of securing this data and meeting PCI requirements, all of which are time consuming, difficult and expensive. Arcot’s ProxyFort offers a simpler solution – replace all sensitive data with “proxy data”. Proxy data is data that retains the format and structure of the original data, but is completely separated from the real sensitive data. ProxyFort achieves this transformation using patent pending techniques that ensure security and high performance. All data is cryptographically transformed using a format preserving encryption (FPE) algorithm and application specific keys. Only ProxyFort has access to the keys and can decrypt it. ProxyFort adds an extra layer of protection against hackers and even against accidental exposure.

Key Features and Benefits:

• Uses special encryption to preserve data format – Makes data appear legitimate but data can only be decrypted with access to the correct keys.
  
  
• Highly secure – Encryption keys can be stored in a Hardware Security Module (HSM) or in software. You can customize one key for the whole enterprise or one key for each application.
  
  
• Customizable or prebuilt encryption templates – Allows users to protect data based on their specific requirements. Users can choose from predefined templates for credit card numbers, SSN, birth date, etc., or they can define their own template.
  
  
• High performance – Performance is not limited by data size. Each data element is encrypted/decrypted through a simple transformation.
  
  
• “Polices” the perimeter – Divides the perimeter into clear and encrypted zones. The clear zone is where data must appear unencrypted, and the encrypted zone is where real data is stored and processed. ProxyFort inserts agents between the clear and encrypted zones which convert data as required.
  
  
• Hosted service or on-premise software – Can be hosted at Arcot’s PCI compliant, SAS70 certified data center offering high availability, redundancy and disaster recovery; or can be delivered on premise in software form offering high performance and scalability.
  
  
• Many use cases – Can encrypt/decrypt a single data element through web service API, an array of data elements, an entire database through a user friendly tool, and data within text files.

ProxyFort perimeter divides clear zones (where data must appear unencrypted) and encrypted zones (where data is stored and processed).