Sotero In-Use Data Encryption
Secure data throughout the entire data lifecycle – while in use, in motion, and at rest – for higher levels of data security, and better business outcomes.
Request My DemoUse And Share Data In Its Encrypted State
The Sotero Data Security Platform takes an innovative, holistic approach to data protection by securing the data itself, not just the application, database, or network in which it resides. This unique approach to data security delivers the following advantages over traditional security methods:
All sensitive data is encrypted, including all data fields in all applications, adhering to the AES-256 standard. This includes heterogeneous applications, such as ODBC, RDBMS, and JDBC databases, and applications deployed on premise, in a private cloud, or in a public cloud.
Data is encrypted throughout the entire data lifecycle (data in motion; data in use; data at rest). Because data in use remains encrypted, even when a system breach occurs, data loss is prevented.
Access to unencrypted data is controlled.
Role-based access controls (RBAC) allow you to control which users can see which data, and specify data access at a granular (field) level. This protects data from unauthorized access, even from database administrators at your company or at your cloud provider who have direct access to the system, but do not need to view the underlying data.
Data is encrypted throughout the entire data lifecycle (data in motion; data in use; data at rest). Because data in use remains encrypted, even when a system breach occurs, data loss is prevented.
Access to unencrypted data is controlled.
Role-based access controls (RBAC) allow you to control which users can see which data, and specify data access at a granular (field) level. This protects data from unauthorized access, even from database administrators at your company or at your cloud provider who have direct access to the system, but do not need to view the underlying data.
Governance is provided through a centralized, simple platform. This allows you to manage data security for all your data stores from a single platform and using a single method. This simplifies and improves the success of a security management program.
Anomalies are detected and responded to in real-time. The Sotero Platform not only encrypts the underlying data, but analyzes data requests in real time and blocks suspicious requests.
Anomalies are detected and responded to in real-time. The Sotero Platform not only encrypts the underlying data, but analyzes data requests in real time and blocks suspicious requests.
Sotero Data Security Platform Components
The Sotero Data Security Platform consists of three components:
Sotero KeepEncrypt™ – Data Encryption
The key component of the Sotero Platform, Sotero KeepEncrypt™ ensures that sensitive data is encrypted, even when in use by applications. It provides decrypted data for authorized queries from your application users. KeepEncrypt™ uses three levels of encryption:
deterministic, random and format-preserving.
Sotero Vault – Access Management
For access management and attribute-based controls, Sotero Vault is a highly-secure key management service that uses TLS access control and multiple layers of AES-256 keys to encrypt the data. The Vault holds the data encryption keys (DEKs) used to encrypt the data as well as a master key (or key encryption key, KEK), which is used to encrypt the DEKs themselves. The DEKs are symmetric keys, meaning the same key is used to encrypt and decrypt the data.
The key component of the Sotero Platform, Sotero KeepEncrypt™ ensures that sensitive data is encrypted, even when in use by applications. It provides decrypted data for authorized queries from your application users. KeepEncrypt™ uses three levels of encryption:
deterministic, random and format-preserving.
Sotero Vault – Access Management
For access management and attribute-based controls, Sotero Vault is a highly-secure key management service that uses TLS access control and multiple layers of AES-256 keys to encrypt the data. The Vault holds the data encryption keys (DEKs) used to encrypt the data as well as a master key (or key encryption key, KEK), which is used to encrypt the DEKs themselves. The DEKs are symmetric keys, meaning the same key is used to encrypt and decrypt the data.
Sotero ML Engine – Real-Time Threat Detection
The Sotero ML Engine detects and protects your data from unauthorized use and attempts at retrieving data, and prevents attacks in real-time. The ML Engine evaluates each incoming query against historical patterns of use and can immediately stop a suspicious query before the data is released to the user. The ML Engine can stop an attacker who gains access to the system or an authorized user of the system who behaves in a suspicious manner.
The Sotero ML Engine detects and protects your data from unauthorized use and attempts at retrieving data, and prevents attacks in real-time. The ML Engine evaluates each incoming query against historical patterns of use and can immediately stop a suspicious query before the data is released to the user. The ML Engine can stop an attacker who gains access to the system or an authorized user of the system who behaves in a suspicious manner.
Sotero Data Security Platform Technology Brief
Learn how the Sotero Data Security Platform works, and how companies use Sotero to achieve previously unattainable business outcomes. Download NowWhere the Sotero Platform Resides
With Sotero’s ActiveEncrypt™ technology, the Data Protection Platform can be deployed on premise, in a private cloud, or in the Sotero Cloud, which is a multi-tenant cloud environment. Regardless of its location, the platform logically sits between your applications and your data stores, validating requests for accessing data, and decrypting data for authorized requests.
If Sotero is deployed on your premises, you will receive a key generator utility that enables you to create the keys and store them in your private Sotero Vault. In this scenario, Sotero can never see or access your keys.
If Sotero is deployed on your premises, you will receive a key generator utility that enables you to create the keys and store them in your private Sotero Vault. In this scenario, Sotero can never see or access your keys.
If you are using Sotero in the Sotero cloud, you receive a dedicated namespace within the common Vault, which acts as a vault within a vault.
Protect Sensitive Data With 100% Confidence
Schedule a Demo TodayA Secure Data Sharing Environment
Enable secure data sharing across multiple partners and platforms for faster time-to-value from your data
Organizations often depend on their partners and vendors to fully realize their data’s potential. Doing so securely can be difficult because it relies on mutual trust, a process made more complex because organizations use different tools and techniques, with no common standard. Our revolutionary ActiveEncrypt™ technology allows data in use to remain encrypted throughout the data’s lifecycle.
Sotero gives organizations the ability to build a data sharing environment that is compliant with HIPAA, GDPR, PCI-DSS, PHI, and more; with rich Phonetic and Levenshtein distance algorithms fuzzy and exact matching capabilities, including complex matching on encrypted data.
Sotero enables organizations to build a platform where data can be co-mingled, matched, and shared without the need to send plain text data into an environment. Additionally, high volume, multi-tenancy data can be processed with ease. Using Sotero and shared keys, clients and vendors can unlock the potential of data without it ever being exposed.
Sotero gives organizations the ability to build a data sharing environment that is compliant with HIPAA, GDPR, PCI-DSS, PHI, and more; with rich Phonetic and Levenshtein distance algorithms fuzzy and exact matching capabilities, including complex matching on encrypted data.
Sotero enables organizations to build a platform where data can be co-mingled, matched, and shared without the need to send plain text data into an environment. Additionally, high volume, multi-tenancy data can be processed with ease. Using Sotero and shared keys, clients and vendors can unlock the potential of data without it ever being exposed.
Data Matching Components
Similarity Token Generation To look for matches in two or more datasets, the matching capability uses similarity token generation.
Phonetic and Levenshtein Algorithms
Includes phonetic and Levenshtein distance algorithms to find matches.
Exact and Fuzzy Matches
By allowing for both exact and “fuzzy” matches, these techniques can find more matches than other methods.
Similarity Token Generation To look for matches in two or more datasets, the matching capability uses similarity token generation.
Phonetic and Levenshtein Algorithms
Includes phonetic and Levenshtein distance algorithms to find matches.
Exact and Fuzzy Matches
By allowing for both exact and “fuzzy” matches, these techniques can find more matches than other methods.