Tricryption® Financial Solution Highlights

Securing Financial Data Outside the Institution:
Regulators demand that financial data and Personally Identifiable Information (PII) be maintained securely during use, back-up and storage off-site. In use, the financial data and PII regularly extends beyond the ability of the financial organization to protect it. The exception being when data centric encryption is used. As financial enterprises become more complex and extended, the capability of perimeter and transmission security systems to protect data becomes exposed to threats including intentional compromise and human error.

Tricryption® applied to sensitive data enables financial institutions to control access at the data level and insure that they maintain persistent and continuing access management throughout the data’s lifecycle. The ability of the solution to integrate with existing security infrastructures, its transparent use, and the granular key control and access management make Tricryption® a valued addition to the set of security capabilities in an enterprise.

Protecting Against Insider Threat:
The trusted insider is the biggest threat to any secured operational environment. When deployed with the recommended options and configurations, the Tricryption® system minimizes risks typically associated with a local system administrator. These local administrators need motive, Opportunity, and Means. A disgruntled system admin, or one facing dismissal might provide the motive. Being on the inside provides the opportunity. Having an administrative role definitely provides the means. The tough issue surrounds securing sensitive information from administrators without hindering day to day operations or disallowing necessary access.

Through Tricryption’s® automated encryption capabilities, trusted insider information access may be limited. The use of transparent encryption, mandatory home directory storage and templates within a system deployment insures internal users comply with company the data protection policies. When coupled with the separation of duties prescribed by the default installation options, trusted insiders may perform duties (i.e. make directory creates, file backups or user rights changes) typically associated with their jobs, without access to the information inside the files themselves.

Granular Access Management– At the Data Level:
All financial systems that use and process sensitive and private data require access controls to allow only authorized access to either their data or data appropriate for their use. The trick is where to apply the controls and at what level of granularity. Infrastructure centric controls restrict access to data by restricting access via gateways (passwords, guards, etc...). Data centric controls block access by altering the data itself and not allowing decipherment without access to keys. Encryption transfers the access control from the data to the keys. The perimeter of the keys is but a fraction of the data’s perimeter, thus making it easier to manage and tougher to penetrate. The data in encrypted format may extend virtually anywhere with no threat of compromise due to its inability to be deciphered without key access. The keys may be protected and extended as required to those who are authenticated and authorized for access.

Tricryption® solutions are designed to support transparent encryption and key control of data, files, and executables. Through use of centralized, scalable and distributable key servers, the Tricryption® solution controls key (and therefore data/file/executable) access to and within the encryption clients. Our solutions support up to one key per data entity or file. Access is an attribute of each data entity or file that a key is assigned to. Access is as secure as it needs to be with implementation options including key granularity, authentication steps, and access management limits. Add the robust logging, reporting and monitoring supportability of the system, and Tricryption® clearly becomes a best-of-breed solution for the financial industry.