Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/24/2010
08:47 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NuBridges Extends Tokenization Technology

Protect Token Manager adds support for new data security architecture; enables simultaneous tokenization by multiple data centers

WASHINGTON, DC — June 21, 2010 — nuBridges continues its leadership in the on-premise tokenization technology market, announcing today at the Gartner Security & Risk Management Summit 2010 nuBridges Token Manager Release 2.0. The newest version of nuBridges’ Format Preserving Tokenization™ solution includes support for a new architectural model, coordinated tokenization by multiple data centers simultaneously, and even greater protection and configuration flexibility for personally identifiable information (PII) and protected health information (PHI), helping enterprises comply with U.S. and international privacy laws.

“Integrated encryption and tokenization solutions have proven their value in protecting cardholder data and reducing PCI compliance exposure,” said John Pescatore, Gartner Vice President and Research Fellow. “By extending these capabilities to secure other types of sensitive data, enterprises can make major steps forward in protecting the business against targeted attacks.”

nuBridges offers a variety of solutions for protecting data at rest and data in transit.

“Since we introduced our tokenization solution in April 2009, we’ve been intent to provide the best and most comprehensive data security solution in the market, and also to ensure that it meets our customers’ needs for flexibility and non-invasiveness across multiple use cases and environments,” said Gary Palgon, nuBridges Vice President of Product Management. “nuBridges Protect Token Manager 2.0 builds upon our ‘always protected’ vision to allow our customers to protect sensitive data wherever it originates, travels or is stored, and to stay ahead of industry data security mandates and privacy laws.”

Token Manager Accepts Encrypted Data nuBridges Protect now offers the ability for sensitive data to be encrypted at the point of capture (for example Payment Entry Device or Point of Sale system), then securely transmitted to the centralized Token Manager that, in turn, tokenizes the data so that a highly configurable, meaningless token can be used in all downstream systems. This eliminates the risk of data exposure during transit from point of capture to the Token Manager. It also supports a “store and forward” approach at encryption endpoints that is ideal for scenarios where endpoints are vulnerable to network disruption, such as remote retail operations.

Tokenization by Multiple Data Centers Token Manager 2.0 also enables tokens to be generated in multiple data center locations simultaneously. Many extended enterprises have several operational and disaster-recovery data centers that need to generate and share tokens. This new capability of Token Manager 2.0 provides:

  • Scalability: Serving tokens from multiple data centers assures performance and reliability for geographically-dispersed, high-volume operations.
  • Disaster Recover/High Availability: In the event a primary data center becomes unavailable, a disaster recover site can be instantly brought into service without the risk of a token collision.
  • Centralized Key Management: The ability to centrally administer keys and other security functions is preserved.

    More Configuration Options for PII, PHI Use Cases

    For some use cases, it is important to maintain referential integrity across all tokens – assuring that a unique data value such as a credit card number or national ID number will always have the same token value. This allows enterprises to run reports and analytics on tokens without having to expose the underlying sensitive data to unauthorized users. Referential integrity is typically important to organizations that are using tokenization as part of their Payment Card Data Security Standard (PCI DSS) compliance strategy. Referential integrity has always been a feature of nuBridges Protect Token Manager.

    As use of nuBridges Protect Token Manager expands to other use cases, however, it is sometimes desirable to break that one-to-one relationship. Token Manager 2.0 provides enterprises with the ability to “turn off” referential integrity and/or format preservation, and configure the tokenization in a variety of ways. This is ideal for non-unique PII such as date of birth, salaries, and zip and postal codes, patterns of which can potentially reveal private information about individuals or groups. A simple example of this is salary information, where if two employees earn the same salary and therefore have the same token, having knowledge of one person’s salary (and token) would expose the other person’s salary. Breaking referential integrity is needed to preserve the privacy of both employees.

    More about nuBridges Protect Token Manager nuBridges Protect Token Manager is part of nuBridges Protect, the industry’s first data security software solution to combine a new variation of tokenization—Format Preserving Tokenization—with strong local encryption, centralized encryption key management and logging in one platform-agnostic package. nuBridges Protect is designed for organizations that need to protect payment card numbers as well as volumes of personally identifiable information (PII) and protected health information (PHI) from theft and accidental loss, while reducing complexity and simplifying compliance management for data security standards and privacy laws.

    nuBridges Protect Token Manager 2.0 is planned for general availability in July 2010. For more information on tokenization, please visit http://www.nubridges.com/resources/tokenization/.

    About nuBridges nuBridges provides technology solutions for extended enterprises that share sensitive data across applications, departments and organizations, and face complex security and compliance mandates. Its data encryption, data tokenization, key management, managed file transfer and EDI solutions help customers get information from point A to point B; do it safely; and prove compliance. Proven in production, nuBridges software and services scale across heterogeneous enterprise environments, including legacy systems, and offer unified visibility for improved analysis, decision support and administrative efficiency. nuBridges solutions and support have established a new standard of quality for the industry, and are trusted by the world’s most demanding organizations to exchange and protect billions of payment card transactions, personal data records and business-critical file transfers. More information is available at www.nubridges.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/28/2020
    The Problem with Artificial Intelligence in Security
    Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
    10 iOS Security Tips to Lock Down Your iPhone
    Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13693
    PUBLISHED: 2020-05-29
    An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
    CVE-2020-13173
    PUBLISHED: 2020-05-28
    Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
    CVE-2019-6342
    PUBLISHED: 2020-05-28
    An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
    CVE-2020-11082
    PUBLISHED: 2020-05-28
    In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
    CVE-2020-5357
    PUBLISHED: 2020-05-28
    Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...