SecuPi leads with an overarching data protection capability, zero-code deployment (no External functions, no coding required to call Encryption API for all data applications).
The SecuPi Data Air-locks ensure that clear-text data is only accessible outside the Cloud data platform and in-country VPC or on-Prem for compliance and data sovereignty laws.
It requires no changes to your code or databases and ensures full Segregation of Duties (SoD) from Cloud account admins (as SecuPi does not impose creating and maintaining thoursands of External Functions/UDFs that can be carelessly or maliciously invoked by the Cloud Admins).
Legacy encryption tool providers followed SecuPi lead into the Data Security Platform (DSP) market. SecuPi is the innovation leader, with a complete data security platform offering, patented Application overlay technology (to circumvent the massive code-changes required to deploy legacy encryption on business applications).
Simple Deployment, Comprehensive Visibility, Unparalleled Protection Capabilities
With SecuPi, a simple, 3-step configuration enables you to get up & running quickly. Our zero-code approach ensures that all the critical workloads in the cloud account are encrypted without having to code thousands of External functions, create views to involve these functions and manage access-grants to restrict access to these views only.
Within days, you can configure SecuPi to your native Cloud applications, direct DB tools, ingestion and analytical platforms gaining real-time visibility that goes broad & deep while providing fine-grained Access Control, Dynamic authorization and de-Identification using FPE and Type Preserving Encryption and tokenization. These overarching capabilities protect your critical data and enforce ever-increasing compliance requirements.
Real-time Data Activity Monitoring and UEBA
Ability to monitor in real-time all access to sensitive data
x
Learn More >>
xdepends on Cloud data source audits , blind when data applications connect with service accounts
Ability to classify and assign risk to sensitive user activity
xLearn More >>
x(only to encrypted columns)
Ability to analyze user activity over time, with self and peer-comparison based on activity risk
xxBlock in real-time suspicious access to sensitive data based on User Behavior Analysis, taking into consideration self and peer comparison over time
x
Learn More >>
xNo ad-hoc preventive controls
Ability to monitor in real-time application user’s access to sensitive data despite the application use of a single service account (connection pool) to connect to the database
Learn More >>
xUsing SecuPi application instrumentation plugin as well as on all access from Denodo/API Gateway/Starburst
Learn More >>
xPartial – requires code changes to application source-code
Ability to add SSO/MFA to direct DB tools such as DBeaver
xxIntegration with Collibra, Alation, Purview, BigID, Informatica data catalogs
xxDynamic Data Masking (Coarse Grained data protection)
Dynamic Masking
Learn More >>
xSecuPi PEP encrypts or Dynamically Masks all columns without having to code external functions
Learn More >>
xhigh implementation cost as External functions are required to every sensitive column
Attribute-Based Access Control (Fine-grained Access Control)
Ability to define data-attributes, user-attributes and context-attributes based policies to restrict access to sensitive data (row, column and cell level) and integrate/import them from all sources.
Learn More >>
xSecuPi can integrate and import from sources such as:
– Data attributes or data tags on tables, columns (including tag inheritance) and rows
– User attributes such as location, citizenship, role, hierarchy, organization/business unit – e.g., integration with Azure AD, Okta via SAML Assertion, Workday employee hierarchy
– Business attributes such as product type, customer category, asset class
Learn More >>
xPartial and incurring high-implementation costs (requires long implementation costs to add all attributes to the data source and creating views to add attributes to every table that requires filtering)
De-Identification (protection of data at-rest)
FPE Encryption, Tokenization
xxKey Management and key rotation support
xxEnsure cleartext data (decryption) is only accessible outside of the Cloud data platform with full Segregation of Duties (SoD) and compliance with Sovereignty laws (decryption can only be performed in-country and not using External functions)
xxPlatform support
Cloud Analytics
xLearn More >>
xusing external functions
Data Applications
xLearn More >>
xwith code changes
