Data Warehouse Protectors
Learn about the Data Warehouse Protectors.
This page discusses about the Protegrity Data Warehouse Protector. It also provides detailed information, features, deployment process, and architecture for the Protegrity Data Warehouse Protector.
The Protegrity Data Warehouse Protector is an advanced security solution designed to protect sensitive data at the column level. This enables you to secure your data, while still permitting access to authorized users. Additionally, the Data Warehouse Protector integrates seamlessly with existing database systems using the User-Defined Functions for an enhanced security.
Protegrity provides Data Warehouse Protector support for the Teradata Data Warehouse platform.
Features of the Data Warehouse Protector
The Protegrity Data Warehouse Protector uses vaultless tokenization and central policy control for access management and secures sensitive data at rest in data warehouses like Teradata, Exadata etc.
The data is protected from internal and external threats, and users and business processes can continue to utilize the secured data.
Protegrity protects the data using encryption and tokenization methods. In tokenization, the data is converted to similar looking inert data known as tokens where the data format and type can be preserved. These tokens can be detokenized back to the original values whenever required. Depending on the user access rights and the policies set using Policy Management in ESA, this data is unprotected.
The Protegrity Data Warehouse Protector provides the following features:
Provides fine grained field-level protection using role-based administration with a centralized security policy.
Provides Protegrity Format Preserving Encryption (FPE) method for structured data. The following data types are supported:
Numeric (0-9)
Alpha (a-z, A-Z)
Alpha-Numeric (0-9, a-z, A-Z)
Credit Card (0-9)
Unicode Basic Latin and Latin-1 Supplement Alpha
Unicode Basic Latin and Latin-1 Supplement Alpha-Numeric
Provides logging and viewing data access activities and real-time alerts with a centralized monitoring system.
Ensures minimal overhead for processing secured data, with minimal consumption of resources, threads and processes, and network bandwidth.
Deploying the Data Warehouse Protectors
Deploying the Protegrity Data Warehouse Protector involves the following key steps:
- The customer installs and initializes the required Data Warehouse Protector.
- The configurations that are required for the initialization process, are passed to the protector by using the
config.inifile. - The RP Agent synchronizes with the RP Proxy or ESA at regular intervals and checks for any changes in the policy. If there is a change in policy, then the RP Agent downloads the updated policy package over a TLS channel and stores in the shared memory.
- The protector synchronizes with the shared memory using the
cadencevalue set in theconfig.inifile. Any updates in the policy are fetched in the policy package. The policy is available in the shared memory and the policy package is available in the process memory. The updated policy package is read from the process memory and is used to perform the data security operations, such as, protect and unprotect. - The Audit logs from the Data Warehouse Protector are forwarded to the Audit Store using the Log Forwarder. The Audit logs generated by the RP Agent are forwarded to the Audit Store using the Log Forwarder.
The following are the two main components of Data Warehouse Protector:
Log Forwarder
The Log Forwarder is a log processing tool that collects the data security operation logs from the Data Warehouse Protector and forwards them to the Audit Store (Insight) in the ESA.
Resilient Package Agent
The RPAgent synchronizes with the RPProxy or ESA at regular intervals of 60 seconds and checks for any changes in the policy. If there is a change in policy, then it downloads the updated policy package over a TLS channel and stores in the shared memory.
Feedback
Was this page helpful?