Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/24/2010
08:47 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NuBridges Extends Tokenization Technology

Protect Token Manager adds support for new data security architecture; enables simultaneous tokenization by multiple data centers

WASHINGTON, DC — June 21, 2010 — nuBridges continues its leadership in the on-premise tokenization technology market, announcing today at the Gartner Security & Risk Management Summit 2010 nuBridges Token Manager Release 2.0. The newest version of nuBridges’ Format Preserving Tokenization™ solution includes support for a new architectural model, coordinated tokenization by multiple data centers simultaneously, and even greater protection and configuration flexibility for personally identifiable information (PII) and protected health information (PHI), helping enterprises comply with U.S. and international privacy laws.

“Integrated encryption and tokenization solutions have proven their value in protecting cardholder data and reducing PCI compliance exposure,” said John Pescatore, Gartner Vice President and Research Fellow. “By extending these capabilities to secure other types of sensitive data, enterprises can make major steps forward in protecting the business against targeted attacks.”

nuBridges offers a variety of solutions for protecting data at rest and data in transit.

“Since we introduced our tokenization solution in April 2009, we’ve been intent to provide the best and most comprehensive data security solution in the market, and also to ensure that it meets our customers’ needs for flexibility and non-invasiveness across multiple use cases and environments,” said Gary Palgon, nuBridges Vice President of Product Management. “nuBridges Protect Token Manager 2.0 builds upon our ‘always protected’ vision to allow our customers to protect sensitive data wherever it originates, travels or is stored, and to stay ahead of industry data security mandates and privacy laws.”

Token Manager Accepts Encrypted Data nuBridges Protect now offers the ability for sensitive data to be encrypted at the point of capture (for example Payment Entry Device or Point of Sale system), then securely transmitted to the centralized Token Manager that, in turn, tokenizes the data so that a highly configurable, meaningless token can be used in all downstream systems. This eliminates the risk of data exposure during transit from point of capture to the Token Manager. It also supports a “store and forward” approach at encryption endpoints that is ideal for scenarios where endpoints are vulnerable to network disruption, such as remote retail operations.

Tokenization by Multiple Data Centers Token Manager 2.0 also enables tokens to be generated in multiple data center locations simultaneously. Many extended enterprises have several operational and disaster-recovery data centers that need to generate and share tokens. This new capability of Token Manager 2.0 provides:

  • Scalability: Serving tokens from multiple data centers assures performance and reliability for geographically-dispersed, high-volume operations.
  • Disaster Recover/High Availability: In the event a primary data center becomes unavailable, a disaster recover site can be instantly brought into service without the risk of a token collision.
  • Centralized Key Management: The ability to centrally administer keys and other security functions is preserved.

    More Configuration Options for PII, PHI Use Cases

    For some use cases, it is important to maintain referential integrity across all tokens – assuring that a unique data value such as a credit card number or national ID number will always have the same token value. This allows enterprises to run reports and analytics on tokens without having to expose the underlying sensitive data to unauthorized users. Referential integrity is typically important to organizations that are using tokenization as part of their Payment Card Data Security Standard (PCI DSS) compliance strategy. Referential integrity has always been a feature of nuBridges Protect Token Manager.

    As use of nuBridges Protect Token Manager expands to other use cases, however, it is sometimes desirable to break that one-to-one relationship. Token Manager 2.0 provides enterprises with the ability to “turn off” referential integrity and/or format preservation, and configure the tokenization in a variety of ways. This is ideal for non-unique PII such as date of birth, salaries, and zip and postal codes, patterns of which can potentially reveal private information about individuals or groups. A simple example of this is salary information, where if two employees earn the same salary and therefore have the same token, having knowledge of one person’s salary (and token) would expose the other person’s salary. Breaking referential integrity is needed to preserve the privacy of both employees.

    More about nuBridges Protect Token Manager nuBridges Protect Token Manager is part of nuBridges Protect, the industry’s first data security software solution to combine a new variation of tokenization—Format Preserving Tokenization—with strong local encryption, centralized encryption key management and logging in one platform-agnostic package. nuBridges Protect is designed for organizations that need to protect payment card numbers as well as volumes of personally identifiable information (PII) and protected health information (PHI) from theft and accidental loss, while reducing complexity and simplifying compliance management for data security standards and privacy laws.

    nuBridges Protect Token Manager 2.0 is planned for general availability in July 2010. For more information on tokenization, please visit http://www.nubridges.com/resources/tokenization/.

    About nuBridges nuBridges provides technology solutions for extended enterprises that share sensitive data across applications, departments and organizations, and face complex security and compliance mandates. Its data encryption, data tokenization, key management, managed file transfer and EDI solutions help customers get information from point A to point B; do it safely; and prove compliance. Proven in production, nuBridges software and services scale across heterogeneous enterprise environments, including legacy systems, and offer unified visibility for improved analysis, decision support and administrative efficiency. nuBridges solutions and support have established a new standard of quality for the industry, and are trusted by the world’s most demanding organizations to exchange and protect billions of payment card transactions, personal data records and business-critical file transfers. More information is available at www.nubridges.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
    Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
    DevSecOps: The Answer to the Cloud Security Skills Gap
    Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
    Attackers' Costs Increasing as Businesses Focus on Security
    Robert Lemos, Contributing Writer,  11/15/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2012-1001
    PUBLISHED: 2019-11-21
    Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
    CVE-2014-8356
    PUBLISHED: 2019-11-21
    The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
    CVE-2015-3140
    PUBLISHED: 2019-11-21
    Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
    CVE-2019-19207
    PUBLISHED: 2019-11-21
    rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
    CVE-2019-19203
    PUBLISHED: 2019-11-21
    An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.