The administrator can access the system, but he cannot manage the keys of the users. The access to the system administration and the access to the key management are completely separated, allowing the full separation of duties.
The DSM can be configured as a multi-tenant device that runs many different virtual DSMs, which are called “domains.” The DSM can enforce strong separation of duties by requiring more than one data security administrator to manage or change key and policy permissions. DSM administration can be broken into three categories: system, domain, and security. In this manner, no one person has complete control over security activities, encryption keys, or administration. In addition, the DSM supports two-factor authentication for administrative access.
Nymphaea offers a flexible and scalable set of solutions that can meet a broad set of use cases, so security teams can protect sensitive data across the organization. Our platform provides capabilities for encrypting and tokenizing data, controlling access, and creating granular security intelligence logs. The platform delivers the comprehensive capabilities that enable you to address the demands of a range of security and privacy mandates, including the Payment Card Industry Data Security Standard (PCI-DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), and regional data protection and privacy laws. With these capabilities, organizations can effectively combat advanced persistent threats (APTs), guard against insider abuse, and establish persistent controls, even when data is stored in an external provider’s infrastructure.