Database security products: A buyer's guide
A collection of articles that takes you from defining technology needs to purchasing options
HP acquired Voltage Security in April 2015, rebranding the platform as "HP Security Voltage." The product is a data encryption and key generation solution that includes tokenization for protecting sensitive business data. The HP Security Voltage platform includes lots of products, such as HP SecureData Enterprise, HP SecureData Hadoop, HP SecureData Payments and so on. This article focuses on HP SecureData Enterprise, which includes HP Format-Preserving Encryption (FPE), HP Secure Stateless Tokenization (SST) technology, HP Stateless Key Management, and data masking.
HP SecureData Enterprise is a scalable product that encrypts both structured and unstructured data, tokenizes data to prevent viewing by unauthorized users, meets PCI DSS compliance requirements, and provides analytics.
The center of HP SecureData Enterprise is the Voltage SecureData Management Console, which provides centralized policy management and reporting for all Voltage SecureData systems. Another component, the Voltage Key Management Server, manages the encryption keys. Policy-controlled application programming interfaces enable native encryption and tokenization on many different platforms, from security information and event managers to Hadoop to cloud environments.
The platform employs a unique process called HP Stateless Key Management, which means keys are generated on demand, according to policy stipulations, after users are authenticated and authorized. Keys can be regenerated as needed. The use of stateless key management reduces administrative overhead and costs by eliminating the key store -- there's no need to store, keep track of and back up every key that's been issued. Plus, an administrator can link HP Stateless Key Management to an organization's identity management system to enforce role-based access to data at the field level.
FPE is based on Advanced Encryption Standard. FPE encrypts data without altering the database schema, but does make minimal changes to applications that need to view cleartext data. (In many cases, only a single line of code is modified.)
HP SecureData Enterprise's key management, reporting and logging processes help customers meet compliance with PCI DSS, Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley Act, as well as state, national and European data privacy regulations.
HP SecureData Enterprise is compatible with nearly any type of database, including Oracle, DB2, MySQL, Sybase, Microsoft SQL and Microsoft Azure SQL, among others. It supports a wide variety of operating systems and platforms, including Windows, Linux, AIX, Solaris, HP-UX, HP NonStop, Stratus VOS, IBM z/OS, Amazon Web Services, Microsoft Azure, Teradata, Hadoop and many cloud environments.
Organizations that implement HP SecureData Enterprise can expect to have full end-to-end data protection in 60 days or less.
Pricing and licensing
Prospective customers must contact an HP sales representative for pricing and licensing information.
HP offers Standard and Premium support for all HP Security Voltage products. Standard support includes access to the solutions portal and online help requests, the online knowledge base, email support, business hours phone support, four-hour response time and a help desk package.
Premium support includes the same features as Standard support, but with 24x7 phone support and a two-hour response time.