Profile: How nuBridges uses Tokens to guard data

Profile: How nuBridges uses Tokens to guard data.

During the RSA Conference this year, The Tech Herald held several meetings and company briefings. Our new 'Profile' series will introduce some of those companies and detail exactly what it is they do. Today’s profile centers on nuBridges, which offers an interesting method for data protection.

When The Tech Herald spoke to Gary Palgon of nuBridges, the expectation was something we are used to when it comes to briefings; namely, the same solutions to the same problems with little to no innovation. Often companies simply tell you they can address a problem with existing technologies and IP (Intellectual Property), but rarely do they actually back that promise up. Think of it as slapping a 'new and improved' sticker on the same old packaging.

We were mistaken. What nuBridges offers, called nuBridges Protect, focuses on PCI compliance by aiming at the data. It wants to protect the data, control access to the data and, even if it's in motion, control how much of the data is exposed. If the data needs to be used in testing, it’s still protected, and there is no gap in the availability, the data is simply there in either the testing environment or production environment.

So what makes nuBridges Protect so special? Did The Tech Herald drink the magic Kool-Aid? The fact that nuBridges can protect data is nothing special, but how the company protects data and its approach to handling the data once it’s protected is unique -- and, in our book, that makes nuBridges a standout.

Businesses know that they need to protect data, and they do protect it, despite what the news reports say. However, they have all this data for a reason and they need to access it. So, this is why they protect data when it moves about online from a Web interface to the backend database. This is why when a terminal sends credit information across the Internet to a processor it is encrypted.

Yet, if that same data needs to be accessed by the billing department, there’s no encryption. This is because that employee possesses a key to view it completely. This is one of the gaps in PCI, internal information does not need protected like it does when it's sent outside the network or into the network. While the newest draft of PCI, which is expected in the near future, addresses this gap, it exists now.

nuBridges Protect covers the bases pretty well. Like other vendors offering levels of PCI-related security, nuBridges will encrypt a company’s data, manage the keys, and allow the data to move off and on to the network encrypted. In addition to this, it also manages the data and protects it as it moves within the network, eliminating that gap mentioned earlier when you look at PCI compliance. Another aspect of the nuBridges offering that stands out from our meeting is Format Preserving Tokenization.

The format preserving process allows a business to secure data without altering the way the data is stored. So if a database has a field designed to hold only credit card numbers, then the company can encrypt that number and keep it the same length. Other solutions require some modifications to the database, as the encrypted data will often demand more space in the table than was originally allowed for.

Format preservation is not something that's brand-spanking new to the market. However, it is still an interesting aspect to data security because of the way it shelters data. The Tokenization process nuBridges offers is actually a module that’s a part of nuBridges Protect. What happens is that the Tokenization module will intercept the data that needs to be protected. After that, there are two steps that take place almost instantly with no other interaction needed. The data to be protected is encrypted and sent to a centralized data vault. At the same time, a Token is made that retains the exact format of the original data, and it is used instead.

The Token and the encrypted data retains a 'strict one-to-one' relationship. Even if keys are rotated, there is only one instance of the encrypted data in the vault. During the rotation cycle, the data doesn’t need to be re-encrypted. Key rotation happens with no downtime, so the Tokens remain legitimate at all times.

The bulk of the Tokenization process is managed by the Token Manager. For example, when 'John in sales' requests a customer's profile, he has no need to see the customer’s credit card information or any personal information other than a name and phone number. So when John calls the customer's record up to his screen, via a CRM in this example, the data needs to be accessed in the central vault, where it resides encrypted. Since John cannot read the information unless it is decrypted, he needs to decrypt the whole file in most cases. Using Tokens, this is no longer the case.

As John starts to access the customer’s record, the application he is using makes a request to the Token Manager and presents the Token itself. The presented Token is validated on various levels, one of which is the level of information someone in sales would need to have access to. Since company policy says sales should only see a name and phone number, the Token Manager uses this policy to seek the Token in the data vault and only decrypt the information that is permitted. After that, the requested customer profile is presented to John’s screen with only the information John has access to. The entire process takes only a few seconds to complete. John now has the access he needs to do his job, and the information is still protected.

If, for some reason during the process of requesting and presenting information to John’s screen, Malware or another threat captured the data, all that's actually captured is the information John sees. This is a good thing, but nuBridges is not an all-in-one company. It can protect your data and help you gain compliance in various areas, not just PCI -- although the company is not a network security solution. This point was made clear in the meeting. nuBridges is but one layer of the overall protection a company would need.

The final aspect to nuBridges Protect is the logging, and by that we mean if it was accessed there is a record of that request. Everything is logged. This can be a curse and a blessing. Anyone who's had to sift through logs knows sometimes it’s more like searching for a needle in a haystack. However, the granular details nuBridges collects can help things along when audit season rolls around or an investigation needs to be launched.

When it comes to platforms, nuBridges Protect will work with IBM mainframe, IBM i, Windows, UNIX and Linux, and databases including Oracle, DB2 and Microsoft SQL server.

All in all, nuBridges has something unique, which is why it caught our attention. Compliance vendors, format preservation, and key management with strong encryption are things almost every company can offer. Yet, once the data is encrypted there are still issues to worry about, such as key loss, which the Key Manager in nuBridges Protect addresses, along with availability of the data while retaining control.

The use of Tokens allows the data to be controlled and protected. The process is simple to apply to any data type, and deployment to an infrastructure is quick, measured in days, not weeks or months. If anything, if you are looking for something to protect data, or just want to see for yourself what nuBridges is up to, check it out.

More information on the company can be viewed by clicking here. Or, if you just want information on nuBridges Protect you can get that by clicking here.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]