Can data protection harmonize DevOps and Security?

Saving software developers the time and trouble of being both cryptography experts and managers of encryption keys is actually possible! But why integrate data protection into applications? Because protecting data in an app, immediately upon creation or first receipt, can deliver the highest level of data security. Now that we’ve handled why, let’s think about how to enable developers to protect data passing through their apps. First, there are a lot of programming languages and operating environments (OS’s, middleware), so, a solution has to match the most possible languages with the simplest possible APIs and be supported with any many possible operating environments, too. Second, the solution must be flexible enough to encrypt nearly any type of data passing through an application. Third, the solution has to be both cloud- and on-premises-friendly, with support for emerging cloud-native architectures. Fourth, the solution must be compatible with existing environments!

Architecture

CipherTrust Application Data Protection delivers on the promise of DevSecOps. Developers enjoy language bindings appropriate to their projects. Operations can leverage choices among Crypto Service Providers that run on a wide range of operating systems. The product includes many operational features that enhance performance and availability to ensure that security imposes a minimal to zero impact on business operations. And for the security team, it operates with CipherTrust Manager, providing an architecture that centralizes encryption keys for applications. Enhanced separation of duties is provided with granular controls on both key users and key operational use.

Benefits

Centralized key management

Centralized key management enables developers to add security to applications, free from complex and risky alternative key management stores.

Accelerate Secure Application Development

With APIs for both PKCS#11 and KMIP and bindings for Java, C/C++, .NET and REST, more developers gain a faster start and can leverage the solution for more data protection use cases.

Leverage the cloud with utmost security

Architecture is both IaaS- and PaaS friendly, with keys that cloud administrators cannot access.

Offload crypto processing from application hosts

Leveraging CipherTrust Manager power cryptographic performance, simple configuration tells the archtecture to encrypt there, saving application server CPU cycles.

Features

Broad Key Support

The solution offers both symmetric and asymmetric keys to cover a vast range of use cases.

Many Architecture Choices

The solution offers development flexibility, provided with a range of architecture and API choices. Developers can choose RESTful APIs to limit deployment footprint, leveraging both key management and crypto operations occurring on CipherTrust Manager. In addition, installable development libraries and APIs are available. Finally, another lightweight deployment option is to install the encryption and key management libraries on a web server and access them from an application server using SOAP or REST APIs.

Automated Key Rotation

CipherTrust Application Data Protection features built-in, automated key rotation, and offers a wide range of cryptographic operations including encryption, decryption, digital signing and verification, secure hash algorithms (SHA), and hash-based message authentication code (HMAC).

Rich Ecosystem of Solutions

CipherTrust Application Data Protection provides key management and/or encryption services for a formidable ecosystem of solutions including Linux Unified Key Management (LUCKS) and key management for Transparent Database Encryption (TDE) vendors including Oracle, Microsoft SQL Server, and HashiCorp Vault, among many others.

Specifications

Development Libraries and APIs

  • Java, C/C++, .NET
  • XML open interface, KMIP standard
  • Web services: SOAP and REST

Encryption Algorithms

  • Including 3DES, AES-256, SHA-256, SHA-384, SHA-512, RSA-1024, RSA-2048, RSA-3072, RSA-4096

Web Application Servers

  • Apache Tomcat, IBM WebSphere, JBoss, Microsoft IIS, Oracle WebLogic, SAP NetWeaver, Sun ONE, and more

Cloud and Virtual Infrastructures

  • Works with all major cloud platforms, including AWS, Azure, IBM Cloud, Google and VMware

Supported Platforms for ICAPI Provider

  • Red Hat Enterprise Linux 5.4 and above
  • Microsoft Windows 2003, 2008 R2, and 7 in both 32-bit and 64-bit