DPM easyCipher : A Smarter Alternative to Traditional TDE
Transparent Data Encryption
Randronics DPM easyCipher providers Transparent Data Encryption (TDE) lock-box protection to files, folders and databases. Protection is ‘transparent’ as contents are automatically decrypted for authorized users. Like a lock-box, TDE protected objects are either locked or unlocked.
DPM easyCipher is centrally managed, policy-based encryption management solution that allows an organization to standardize its encryption protection by defining and managing encryption policies and applying these policies to any server or laptop where a DPM easyCipher agent has been installed.
DPM easyCipher protects all files and folders on servers or laptops. Server environments protected by DPM easyCipher include database servers, web/app servers and file servers.
Extend or Replace Traditional TDE with DPM easyCipher
When deployed on database servers, DPM easyCipher offers flexible encryption options, allowing organizations to enhance or completely replace database-native Transparent Data Encryption (TDE) solutions:
For Databases with Native TDE
Use DPM easyCipher to extend protection beyond the database, securing sensitive information stored in files, logs, and application servers.
For Databases Without Native TDE
DPM easyCipher provides full encryption for multi-vendor databases and all file types, ensuring comprehensive security across your entire environment.
Why Choose DPM easyCipher Over Traditional Encryption?
- TDE protection for entire server contents. All database types, editions and versions of MS SQL Server, Oracle, MySQL, Postgres, Maria, etc. supported.
- Like database-native TDE, easyCipher protects structured data within databases from unauthorized access.
- Protection also covers DB log files, copies of SQL queries and other materials that may contain echos and traces of the sensitive data contained within the database.
- Copies of sensitive data residing on web/app servers, file servers or laptops are also protected wherever DPM easyCipher agents are deployed,
- DPM easyCipher protects the whole database environment providing additional protection in the event of a compromised DBA or System Admin account.
- Responsibility for encryption management is centralized and out of the hands of DBA teams.
- DPM easyCipher generates and manages encryption keys for all DPM easyCipher agents under its control.
DPM easyCipher: Standalone or Part of the Randtronics DPM Product Suite
For customers with basic TDE encryption requirements, DPM easyCipher is available as standalone solution.
Customers also have the flexibility of combining DPM easyCipher with other components from the Randtronics DPM product suite to address more complex requirements in area of masking, de-identification, key management, assurance to FIPs 140-3 Level 3/4 & EAL 4+/5+:
DPM Product Suite
Enterprise Key Management – deploying DPM easyCipher with DPM easyKey enables organizations to:
- completely isolate encryption key administration from other roles;
- centrally manage keys derived from clusters of multi-vendor HSM (Germany, France, USA, Switzerland, BYO Crypto);
- comply with key use and storage data-sovereignty obligations.
Field-Level Data Protection (FLP) – deploying DPM easyCipher, DPM easyKey and DPM easyData enables organizations to:
- implement fine-grained and sophisticated data-privacy control over database contents – in contrast to the lock-box protection provided by TDE, FLP enables organizations to protect data from authorized users;
- define and control policies to determine how sensitive data-types are presented to different applications and users;
- implement the full range of field-level protections including column-level encryption, tokenization, masking, anoymization over any database or flat-file.