Data Security in the Insurance Industry - Cyphre

8 downloads 131 Views 9MB Size Report
With large amounts of private information crossing internal and external. SECURING ... share and bolster reputation ...
SECURING SENSITIVE CUSTOMER DATA IN THE CLOUD Enterprise-class data encryption for securing critical customer information anytime, anywhere.

Data Security in the Insurance Industry The insurance industry is a rich target for cybercriminals due to the fact that data stored and transferred among insurance-related companies contains personal, financial, and health information. Stolen information fetches almost $500 per record on the black market, compared to a dollar or less for a credit card number1. Cyphre’s Enterprise Data Protection Suite with advanced BlackTIE® companies the necessary security to nullify cyberattacks and strengthen trusted relationship with customers. The insurance industry relies upon Big Data and Cloud Computing as a and growing its customer base. With large amounts of private information crossing internal and external

networks, insurance companies must data protection posture. Cyphre provides the necessary data protection solution to secure insurance information with the use of BlackTIE® encryption, which protects previously vulnerable encryption keys, rendering any hijacked keys useless to hackers. In 2015, Anthem was a victim of a data breach and 80 million highly-sensitive patient health records were exposed. If the data had been encrypted with BlackTIE® technology, the use of protected encryption keys would have rendered any information unusable and individuals and the reputation of the company. By implementing a data protection solution, such as the Cyphre Enterprise Data Protection Suite with BlackTIE®, insurance companies can protect valuable company and client data from the inevitable event of a breach.

Benefits of Cyphre Enterprise Data Protection Suite:

1

Marketable benefit to build market share and bolster reputation

Compliance with federal, state, and industry regulations

Heightened privacy strengthens customer trust

Mitigation of cost and liability concerns

Extension of security policies broadens data protection radius

Flexible deployment models: public/private cloud, on-premise

BlackTIE® Features Unassailable Protection Cyphre’s BlackTIE® augments vulnerable single encryption keys with hardware-encrypted Black Keys to render hijacked keys useless, thus nullifying potential threats.

Productivity & Collaboration BlackTIE® operates transparently and is invisible to the end user for a seamless user experience. Its heightened security does not hinder the ability of businesses and their employees to be productive, nor does it limit collaboration.

Key-Per-File Protection Rather than using a single encryption key to protect files, BlackTIE® uses a unique key for each individual file as an extra layer of security.

Key Management Many enterprises wish for their IT departments to manage their keys; BlackTIE® allows the option for total control of encryption keys.

http://www.npr.org/sections/alltechconsidered/2015/02/13/385901377/the-black-market-for-stolen-health-care-data

BlackTIE® Encryption Architecture Cyphre Key Management System

Collaboration/Sharing Application:

Identity Access Management AD/LDAP

Cyphre Encryption Gateway, Webserver/TLS, Redis Data Cache

OpenSSL with CryptoDev extension Cyphre Security Engine

BlackTIE® Key Protection, Encryption, & Management

CryptoDev API SEC4.0 Driver: AES, ECDH, Black Keys, TRNG Hardened Linux OS

BT-1 Appliance:

SEC 4.0 Security Engine

- OTPMK and KEKs - SecureBoot HW Boot Image authentication - True Random Number Generator

Data in Transit [Protected]

Data at Rest [Protected] Amazon, Box, ...

BlackTIE® Technology Cyphre’s BlackTIE® encryption technology protects the privacy of clients’ information through the use of Black Keys. These hardware-encrypted keys add an extra layer of security on top of standard TLS encryption. This approach guarantees that only those systems with verifiable keys can view files. Unlike software-only encryption, Black Keys are never readable in plaintext, nor are they exposed in memory. Even if a threat event occurs and an attacker rendered completely unusable. Further, Cyphre does not require a threat to be detected in order to instantiate protection. The nature of Cyphre’s blackened keys ensures that they are unusable and indecipherable at all times.

About Cyphre Headquartered in Austin, Texas, Cyphre cloud encryption technology provides the highest level of security for cloud data. Period. Collaboration services, Secure IoT Integration and the Enterprise Cloud Encryption Gateway. www.cyphre.com

Copyright © 2017 Cyphre

@getcyphre

Cyphre

/getcyphre

More information at www.cyphre.com

REV 8/17