RSA Data Protection Manager

RSA Data Protection Manager combines tokenization with enciphering — two popular tools on the basis of applications with advanced management of tags and keys for providing a comprehensive protection of data. Such combination of means of protecting of data and methods of management of keys guarantees the strengthened data protection. At the same time due to consolidation of levels of management current expenses decrease by security. Protecting data in a source, in the application in which they are created or used, the product RSA helps to provide transparent data protection for all its lifecycle.

RSA Data Protection Manager (the former name RSA Key Manager) protects data at the time of their input and provides the most detailed level of control over confidential information. This solution uses the following technologies:

• tokenization: replacement of confidential information with the substituting value, or value of a tag, for protection of such data, as credit card numbers, bank account numbers, social security numbers and the other information identifying the personality;
• enciphering of the application: use of enciphering and management of strong keys for data protection at the time of their input;
• corporate management by keys: key management of enciphering of the enterprise by their integration into different technologies of data encryption at their storage (disk arrays, the magnetic tape, etc.).

RSA Data Protection Manager integrates tokenization of RSA with enciphering at the level of applications, combining two most often used technologies in one product. Enciphering traditionally is considered a preferable method of ensuring data protection in applications, and tokenization (substitution or masking of data as it is called still) — one of the best methods of cost reduction connected with achievement of normative and legal compliance.

RSA Data Protection Manager is urged to expand possibilities of the organizations for tokenization use. To protect data of payment cards, RSA integrated the technology of tokenization with services of such partners as First Data Corporation and VeriFone. However tokenization can provide protection not only payment systems, it can be applied also in other industries: when providing financial services (data protection, identifying the personality, social security numbers) and in health care (protection confidential information of medical records).

The tokenized data save an original format that limits influence of this technology on the application when preserving the high level of protection. Besides, tags are capable to save some part of initial data (for example, the last four digits of the social security number) so tags can potentially use other applications, even without getting access to real information.

Possibilities of RSA on implementation of this hybrid approach of enciphering and tokenization allow clients to kill two hares — to get qualitative advantages which enciphering, and functional advantages of tokenization gives.

New abilities to manage keys and tags for their lifecycle, providing is strict separations of responsibility, protection of the central storage of objects and maintenance of detailed access rights to the application also helps customers to reduce operating costs. For example, they can set specific rules of rotation of keys for different parts of the infrastructure (every month for point-of-sale terminals and times a year for disk arrays) to observe regulatory requirements without essential labor costs. Besides, the same server is used both for media control of the application, and for data encryption on the hard drive and in disk arrays that excludes the overheads connected with key management in the separate systems.