Protect sensitive data and provide selective access depending on users, their roles, and their entitlements
Application-level encryption can be policy-based and geared to specific data protection mandates such as PCI DSS. It can provide targeted protection that is invoked only when necessary. Protection can be tightly managed and supervised with dual controls and other layers of procedural protection that, taken together, support compliance reporting obligations.
Attackers can use development tools, intended for tasks such as application monitoring or debugging, to gain access to encryption keys or simply to turn off application encryption, unlocking information within the application.
Developers adding encryption to applications are often tempted to implement complex cryptographic algorithms themselves. As this practice can introduce unnecessary security flaws, it’s always best to use pre-certified cryptographic implementations for application-level encryption.
While adding encryption to application code has its challenges, these can be minor when compared to the issue of key management. Because inadequate key management can result in stolen or unusable information, developers need to decide whether to include native key management functionality or rely on external key management systems.
Products and services from nCipher can help you deploy application-level data protection for your most sensitive applications. With the flexibility to handle a broad spectrum of applications, from fully automated, high-volume applications to tightly supervised, low-volume, but nevertheless highly sensitive applications, nCipher application encryption solutions deliver data protection and operational efficiency.
nShield hardware security modules (HSMs) create a trusted platform where cryptographic processes can be performed safely and where key material can be protected and managed securely. This trusted layer overcomes the risks inherent in open system software environments in which applications typically execute.
With nShield HSMs, developers and organizations have the best of all possible worlds—the ability to take advantage of proven and pre-certified cryptographic libraries, use native cryptographic offload and acceleration capabilities, and exploit of a wide range of key management tools to deliver a high degree of control and flexibility.
Provide high levels of assurance for cryptographic operations through the use of tamper-resistant hardware. Physically protect higher-level application processes through the unique CodeSafe functionality that enables one to execute sensitive code within the secure execution environment inside the HSM.
Secure a broad range of applications by mapping diverse security policies and processes to a flexible and hardened data protection platform. Accelerate implementation of projects through nCipher’s partnerships with leading vendors, delivering HSMs that are pre-certified to work with a wide range of applications and development platforms.
Take advantage of hardware-based cryptography and maintaining high levels of application performance by offloading cryptographic processes onto the HSM. Simplify compliance reporting through streamlined policy definition to improved auditability of business processes.
The nCipher Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSM appliances, host-embedded HSM cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.
This white paper describes the unique nCipher CodeSafe capability, which enables application code to run within the protected confines of a tamper-resistant nShield Hardware Security Module (HSM). CodeSafe enables users to develop application code to run inside the HSM, providing protection against Advanced Persistent Threats (APTs) as well as insider attacks and hacking. The paper describes the associated toolkit, bundled utilities, and management, and additionally details multiple usage examples where CodeSafe provides high value.
Download
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information… Joe Majka,Chief Security Officer
