Nymphaea Encryption Architecture
Nymphaea Transparent Encryption is composed by the DSM (central station) and an agent that runs on the file system or at the volume level of a server. The agent is available for a wide range of systems, Microsoft, Linux, UNIX, SAP, SQL, Oracle, etc., and can be used in physical, virtual, cloud and big data, regardless of the underlying storage technology. The key and policy management occurs on the DSM. The transparent encryption agents are distributed in all servers where you need to apply encryption / separation of duties / access control, whether physical or virtual. As a result, our solution provides scalability and eliminates bottlenecks and latencies that affect proxy-based solutions. In addition, you can use acceleration hardware-based encryption products, such as Intel AES-NI and SPARC Niagara, to further improve encryption performance. Normally there is only a an average of 3-5% of additional workloads to enable it, therefore insignificant as regards to the encryption normal’complexity. Last but not least is the fact that the whole process is very simple to manage and configure, avoiding investing in long times and high costs, in order to train the technical staff to manage it.
Why Nymphaea Encryption
Nymphaea Encryption Components
Nymphaea Transparent Encryption offers these distinctive capabilities:
- Non-intrusive implementation: By leveraging the solution’s transparent approach, your organization can implement encryption, without having to make changes to your applications, infrastructure, or business practices.
- Broad environment support. The solution can be deployed quickly and easily and can be used in physical, virtual, cloud, and big data environments. Vormetric Transparent Encryption offers support for file systems and storage architectures and it supports a broad range of operating systems, including Microsoft Windows, Linux, Oracle Solaris, IBM AIX, and HP-UX.
- Scale: Nymphaea Transparent Encryption features agents that are distributed across the server infrastructure. As a result, the product delivers scalability and eliminates the bottlenecks and latency that plague proxy-based solutions. Tens of thousands of agents can be quickly deployed and easily managed across a company, enabling support of many different use cases.
- High Performance: Our Transparent Encryption offers maximum utilization of native hardware encryption capabilities, such as Intel AES-NI, AMD AES-NI, and SPARC encryption, to minimize computational costs and deliver optimal performance.
- Privileged user access controls: In addition to encryption and key management, the agent can enforce very granular, privileged user access policies, enabling protection of data from misuse by privileged users and APT attacks. Granular policies can be applied by user (including for administrators with root privileges), process, file type, time of day, and other parameters. Enforcement options are also very detailed; they can be used to control not only whether users can access clear-text data, but which file system commands are available.
- Strong encryption: Nymphaea Transparent Encryption only employs robust, standard-based encryption protocols, such as Advanced Encryption Standard (AES) for data encryption and elliptic curve cryptography (ECC) for key exchange. The agent is FIPS 140-2 Level 1 validated.
- Flexible, streamlined administration: All policy and key administration is done through the Data Security Manager, which offers a Web-based management interface that makes policy creation easy. Administrators can also work with CLI- or API-based interfaces. Policies can be as granular as required for different business purposes. To facilitate development and to test access policies before they go into production, Nymphaea Transparent Encryption features a “learn mode.” Learn mode makes it easy for policy administrators to test the policies by only creating logs and not enforcing data access controls. In this way, new policies can be tested and tuned before enforcement begins. Learn mode is also very useful to form a baseline of access patterns of sensitive data.
Nymphaea Transparent Encryption is an encryption solution, access control and separation of duties complete, provides capabilities for data-at-rest encryption, to control privileged user access, and security intelligence with detailed audit logs and policy through fully configurable and customizable system . With our solution, you can protect structured and unstructured data files, including local data on physical systems, databases of all kinds of different platforms, operating systems, virtual infrastructures, big data, and cloud environments. The uniqueness of the solution lies in the fact that, using the transparent technology, your organization can implement encryption without having to make any changes to applications, practices, and existing methodolgies (procedural, and operational), at the end without changing in any way the flow management and implementation’process. Unlike other encryption solutions, the protection does not terminate when the encryption key is applied.
Nymphaea encryption is a complete solution of security and control access: it check the criteria that protect against unauthorized access by users of all levels and / or group and system processes, ensuring tighter controls on any type of usersor unauthorized process, independently from the level of permission / role / group of a single user or process. Moreover, every action is logged providing a detailed audit control system. With these capabilities, you can ensure continued protection and control of data.