Protect payment data, both at rest and in transit, across 80+ applications in a hybrid on-premises and AWS environment.
When this leading provider of technology solutions for the finance sector made a major acquisition, it created a best-in-class company to serve financial institutions and businesses worldwide. Its main aim is to streamline the checkout experience and online payments processing, so customers can easily and safely pay how they want, resulting in fewer abandoned carts and a lot more sales. The company’s senior technology engineer explains why security and data integrity are imperative to the organization’s success: “We process billions of transactions each year, managing very sensitive information such as credit card information and personal identifiable information (PII). We sometimes say there are two types of companies in the world: those who have been breached, and those who don’t know they have been breached. We already relied on Voltage SecureData Payments to protect our payments data on a global scale. The acquisition made our environment more complex, with applications residing in physical datacenters, as well as hosted in AWS cloud Infrastructure as a Service (IaaS).”
Although the company operates a ‘cloud first’ strategy, it is also universally accepted that not all applications suit a cloud environment and this hybrid model is likely to continue well into the future. Voltage’s ability to move existing protected data between on-premises and cloud applications is unprecedented. As an example: data can be encrypted on-premises and moved to a cloud application where it can be decrypted easily and without risk, creating much-needed data resilience. Voltage SecureData Payments by OpenText™(formerly Micro Focus) is used to provide a worldwide tokenization service for merchants to tokenize and detokenize primary account numbers (PANs) using REST calls. It also provides encryption of PII customer data, using either REST calls or API integration, with Voltage SecureData File Processor (SDFP) by OpenText for bulk file encryption and decryption. Over 80 key applications now benefit from Voltage data-centric security, with a target to migrate all applications containing sensitive data to Voltage by 2024.
“As we operate in one of the most heavily regulated industries in the world, our compliance with global data privacy regulations is of paramount importance to us,” says the company’s senior technology engineer. “Because Voltage SecureData persistently protects data, both at rest and in transit, with industry-leading, format-preserving, stateless tokenization and encryption, we are PCI compliant, reducing our audit scope and costs. As we serve global audiences, we also need to be GDPR compliant, and Voltage provides the pseudonymization and anonymization required for this.”
Voltage operates a stateless architecture that enables unlimited growth, eliminating the need to synchronize data between datacenters and databases while guaranteeing high performance. Before Voltage was deployed, data residing on AWS was stored in clear form due to the lack of proper encryption and key management solutions. This clearly posed a security risk. Deploying Voltage SecureData appliances on AWS in different regions and availability zones helps protect sensitive data locally on AWS. Data entered by business users and engineers moves protected via Voltage through a variety of AWS services, such as AWS Kinesis, AWS IoT, and AWS SQS into the AWS cloud environment, consisting of AWS S3, AWS EMR as a managed big data service, AWS Redshift for data warehousing, and AWS Elasticsearch, a popular open source search and analytics engine. EC2 is used for compute, AWS S3 for file storage, and R53 for DNS routing, while Amazon CloudFormation supports infrastructure automation.
Leveraging Voltage throughout, the data can then be decrypted and routed to BI users and data scientists via AWS Glue. AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. To process data at the scale required, the team leverages AWS Lambda for real-time data processing from Amazon S3-stored data.
Even in our new hybrid environment, Voltage gives us the flexibility and scalability we need to take our AWS cloud transformation initiatives to the next level with data protection and privacy by default.
The company’s senior technology engineer concludes: “We are grateful for the decision we made years ago to entrust our data protection to Voltage as it is clear it’s stood the test of time. Even in our new hybrid environment, Voltage gives us the flexibility and scalability we need to take our AWS cloud transformation initiatives to the next level with data protection and privacy by default. We value our partnerships with CyberRes (now OpenText Cybersecurity) and AWS, and are pleased to see ongoing engineering work to ensure that Voltage integrates with AWS offerings.”
Because Voltage SecureData persistently protects data, both at rest and in transit, with industry-leading, format-preserving, stateless tokenization and encryption, we are PCI compliant, reducing our audit scope and costs.
When this leading provider of technology solutions for the finance sector made a major acquisition, it created a best-in-class company to serve financial institutions and businesses worldwide.