Introducing SecuPi 5.0: The Highlights
We are excited to announce that SecuPi’s latest release (version 5.0) is out.
SecuPi 5.0 provides customers with continuous data security posture management and efficient integration automation with new platforms, Password Vaults and Catalogs.
SecuPi SSO and Passwordless, DAM and UEBA for all Direct DB Tools without cost of VDIs/ Remote Desktops – SecuPi SSO and Passwordless for Direct DB tools is a new product offering that provides privileged users the ability to connect from their desktops to production databases without being exposed to service accounts and passwords. Without the need to use VDIs/Remote desktops, or database agents – SecuPi provides a seamless SSO experience to DBAs, DevOps, application and Cloud administrators while always protecting production user/passwords.
New integrations with Trino, Starburst and Denodo – as these tools provide access to sensitive production data using generic service accounts and not using the end-user identity, controlling access on the source data stores is not possible. In addition, Denodo cache would be loaded once a day, serving thousands of end-users by using the cache without running a single request to the data source (making the data source security ineffective). The new SecuPi overlays for Trino, Starburst and Denodo overcome these limitations, allowing to monitor in real-time, de-Identify and control (ABAC) access to individual users. SecuPi implementation requires no changes are required to the configuration of these tools.
Integration with Microsoft MIP/RMS to auto-classify and encrypt reports and extracts – as adoption of Microsoft unstructured data protection suite increases, large regulated customers discover that large volume of reports and extracts require manual classification as they are generated from critical business applications. SecuPi closes this gap by using its application overlay to classify and encrypt reports and data extracts at-source, at creation time. This integration has been deployed at several Swiss customers and now has been GA.
Flexible Type Safe Encryption Formats – SecuPi version 5.0 includes many new Type Safe encryption formats, such as on dates and numbers. The benefit of Type Safe over the Format Preserving (FPE) is presented itself when encrypting a date – with an original date of ‘23-11-2023’, the FPE value can be ‘45-33-0022’ (same format), whereas with the Type Safe encryption the date would be a valid one: ‘10-7-1975’
New ABAC (Attribute Based Access Control) Integrations – new access restrictions driven by privacy, sovereignty, and security requirements for both analytics and operational applications into a centralized ABAC model was a significant undertaking our development team has taken for the last 12 months. Version 5.0 is the result of this work with the completion of our User Attribute Manager, pulling attributes from various sources (user, hierarchy, role, location, data catalog, sensitivity and source to name a few) and using a simple UI, enabling data owners to define policies. These policies and their respective attributes are pushed down to the SecuPi Policy Enforcement Points (PEPs) for execution.
Extending SecuPi PEP support for Elastic, Aerospike and Cassandra – SecuPi has extended its support for Elastic, Aerospike and Cassandra using two main architecture options: (1) Transparent gateways PEP that act as a firewall or (2) Application overlay PEP. Both deployment architectures deliver classification, real-time sensitive activity monitoring, fine-grained access control and FPE encryption. as both approaches have pros and cons – allowing our customers to choose the optimized PEP architecture best suits them.
Want to see SecuPi version 5.0 in action?
