Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/24/2010
08:47 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NuBridges Extends Tokenization Technology

Protect Token Manager adds support for new data security architecture; enables simultaneous tokenization by multiple data centers

WASHINGTON, DC — June 21, 2010 — nuBridges continues its leadership in the on-premise tokenization technology market, announcing today at the Gartner Security & Risk Management Summit 2010 nuBridges Token Manager Release 2.0. The newest version of nuBridges’ Format Preserving Tokenization™ solution includes support for a new architectural model, coordinated tokenization by multiple data centers simultaneously, and even greater protection and configuration flexibility for personally identifiable information (PII) and protected health information (PHI), helping enterprises comply with U.S. and international privacy laws.

“Integrated encryption and tokenization solutions have proven their value in protecting cardholder data and reducing PCI compliance exposure,” said John Pescatore, Gartner Vice President and Research Fellow. “By extending these capabilities to secure other types of sensitive data, enterprises can make major steps forward in protecting the business against targeted attacks.”

nuBridges offers a variety of solutions for protecting data at rest and data in transit.

“Since we introduced our tokenization solution in April 2009, we’ve been intent to provide the best and most comprehensive data security solution in the market, and also to ensure that it meets our customers’ needs for flexibility and non-invasiveness across multiple use cases and environments,” said Gary Palgon, nuBridges Vice President of Product Management. “nuBridges Protect Token Manager 2.0 builds upon our ‘always protected’ vision to allow our customers to protect sensitive data wherever it originates, travels or is stored, and to stay ahead of industry data security mandates and privacy laws.”

Token Manager Accepts Encrypted Data nuBridges Protect now offers the ability for sensitive data to be encrypted at the point of capture (for example Payment Entry Device or Point of Sale system), then securely transmitted to the centralized Token Manager that, in turn, tokenizes the data so that a highly configurable, meaningless token can be used in all downstream systems. This eliminates the risk of data exposure during transit from point of capture to the Token Manager. It also supports a “store and forward” approach at encryption endpoints that is ideal for scenarios where endpoints are vulnerable to network disruption, such as remote retail operations.

Tokenization by Multiple Data Centers Token Manager 2.0 also enables tokens to be generated in multiple data center locations simultaneously. Many extended enterprises have several operational and disaster-recovery data centers that need to generate and share tokens. This new capability of Token Manager 2.0 provides:

  • Scalability: Serving tokens from multiple data centers assures performance and reliability for geographically-dispersed, high-volume operations.
  • Disaster Recover/High Availability: In the event a primary data center becomes unavailable, a disaster recover site can be instantly brought into service without the risk of a token collision.
  • Centralized Key Management: The ability to centrally administer keys and other security functions is preserved.

    More Configuration Options for PII, PHI Use Cases

    For some use cases, it is important to maintain referential integrity across all tokens – assuring that a unique data value such as a credit card number or national ID number will always have the same token value. This allows enterprises to run reports and analytics on tokens without having to expose the underlying sensitive data to unauthorized users. Referential integrity is typically important to organizations that are using tokenization as part of their Payment Card Data Security Standard (PCI DSS) compliance strategy. Referential integrity has always been a feature of nuBridges Protect Token Manager.

    As use of nuBridges Protect Token Manager expands to other use cases, however, it is sometimes desirable to break that one-to-one relationship. Token Manager 2.0 provides enterprises with the ability to “turn off” referential integrity and/or format preservation, and configure the tokenization in a variety of ways. This is ideal for non-unique PII such as date of birth, salaries, and zip and postal codes, patterns of which can potentially reveal private information about individuals or groups. A simple example of this is salary information, where if two employees earn the same salary and therefore have the same token, having knowledge of one person’s salary (and token) would expose the other person’s salary. Breaking referential integrity is needed to preserve the privacy of both employees.

    More about nuBridges Protect Token Manager nuBridges Protect Token Manager is part of nuBridges Protect, the industry’s first data security software solution to combine a new variation of tokenization—Format Preserving Tokenization—with strong local encryption, centralized encryption key management and logging in one platform-agnostic package. nuBridges Protect is designed for organizations that need to protect payment card numbers as well as volumes of personally identifiable information (PII) and protected health information (PHI) from theft and accidental loss, while reducing complexity and simplifying compliance management for data security standards and privacy laws.

    nuBridges Protect Token Manager 2.0 is planned for general availability in July 2010. For more information on tokenization, please visit http://www.nubridges.com/resources/tokenization/.

    About nuBridges nuBridges provides technology solutions for extended enterprises that share sensitive data across applications, departments and organizations, and face complex security and compliance mandates. Its data encryption, data tokenization, key management, managed file transfer and EDI solutions help customers get information from point A to point B; do it safely; and prove compliance. Proven in production, nuBridges software and services scale across heterogeneous enterprise environments, including legacy systems, and offer unified visibility for improved analysis, decision support and administrative efficiency. nuBridges solutions and support have established a new standard of quality for the industry, and are trusted by the world’s most demanding organizations to exchange and protect billions of payment card transactions, personal data records and business-critical file transfers. More information is available at www.nubridges.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Edge-DRsplash-10-edge-articles
    7 Old IT Things Every New InfoSec Pro Should Know
    Joan Goodchild, Staff Editor,  4/20/2021
    News
    Cloud-Native Businesses Struggle With Security
    Robert Lemos, Contributing Writer,  5/6/2021
    Commentary
    Defending Against Web Scraping Attacks
    Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-36289
    PUBLISHED: 2021-05-12
    Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
    CVE-2021-32606
    PUBLISHED: 2021-05-11
    In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
    CVE-2021-3504
    PUBLISHED: 2021-05-11
    A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
    CVE-2021-20309
    PUBLISHED: 2021-05-11
    A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
    CVE-2021-20310
    PUBLISHED: 2021-05-11
    A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...