Brazil’s General Data Protection Law (LGPD) requires best practice in data security for personal data and notes that personal data that has been anonymized is no longer considered to be within the scope of the law, if it cannot easily be returned to its original state by those who might obtain it.
Best practice for data security always includes:
- Encryption or tokenization of the data
- Protection and management of the keys used to encrypt the data
- Control of user access to the data
- Logging of data access events
Thales eSecurity has years of experience helping organizations implement these best practices, which will be necessary to comply with LGDP.
Encryption and Tokenization
Encryption of Data at Rest: Vormetric Transparent Encryption
Thales eSecurity’s Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.
Vormetric Tokenization with Dynamic Masking
Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates, such as LGPD. The solution delivers capabilities for database tokenization and dynamic display security. Enterprises can efficiently address their objectives for securing and pseudonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.
Vormetric Application Encryption
Vormetric Application Encryption delivers key management, signing, and encryption services enabling comprehensive protection of files, database fields, big data selections, or data in platform-as-a-service (PaaS) environments. The solution is FIPS 140-2 Level-1 certified, based on the PKCS#11 standard and fully documented with a range of practical, use-case based extensions to the standard. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution, with development options including a comprehensive, traditional software development kit for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.
Encryption Key Management: Vormetric Integrated Key Management
Thales eSecurity’s Vormetric Integrated Key Management unifies and centralizes encryption key management on premises and provides secure key management for data storage solutions. Cloud Key Management products include the CipherTrust Cloud Key Manager for centralized multi-cloud key life cycle visibility and management with FIPS-140-2 secure key storage, and Cloud Bring Your Own Key.
User Access Control: Vormetric Data Security Manager
Thales eSecurity’s Vormetric Data Security Manager enables the organization to limit user access privileges to information systems that contain sensitive Information.
Database Access Logging: Security Intelligence Logs
The Vormetric Platform’s Security Intelligence Logs let your organization identify unauthorized access attempts and to build baselines of authorized user access patterns. Vormetric Security Intelligence integrates with leading security information and event management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data needed to build behavioral patterns required for identification of suspicious use by authorized users, as well as training opportunities.