With sensitive customer information now being collected from multiple channels and multiple apps from multiple vendors, the process of protecting data in use, data in motion and data at rest is becoming increasingly complex.
The two most common approaches to protecting confidential data are the use of hardware or software keys with some level of encryption, or OS-provided encryption that is account/credentials based. Each of these approaches has its drawbacks.
If you have multiple applications from multiple vendors, each is typically providing their own key management and encryption methods. You have to manage a messy patchwork of solutions, and handle the decryption-encryption hand-off between applications and your central system. Each of these hand-offs becomes a point of data security vulnerability.
Alternatively, OS-provided encryption is hostage to the credentials of the accounts under which the applications run. Any system is vulnerable to the extent the credentials can be compromised, but more so with OS protection because the account used to control encryption is also the account under which the application runs. This means that typical application maintenance would have the confidential information exposed in the clear.
A better way to maintain retail IT system security is to combine the best of both approaches and use an OS-level encryption that uses a single key management system that is totally independent of the applications themselves and the individual account/user credentials.
Using this approach, applications communicate with each other and your central system using a common set of encrypted data. That means there is no need to do any migration from one vendor-supplied encryption method to another. Furthermore, none of the information is ever in the clear, because the OS-level encryption is not account/user-credentials based.
RedIron provides this optimal solution to large and mid-size retailers with a Fast-Start App we’ve developed called 2Encrypt and our proprietary SOA middleware layer called RI Broker.
2Encrypt provides enterprise-wide OS-level encryption using a single key. All of your individual applications and your central system communicate with each other in encrypted form. Information can travel throughout the enterprise without being decrypted at any point. That means data is never in the clear, and cannot be viewed by anyone who has access to any specific account/credentials.
RI Broker uses a modular approach to integration which enables our 2Encrypt App to be added with plug-and-play ease. Since there is no hardcoding involved, there is no risk of disruption to your IT architecture.
To learn more about how RI Broker can simplify omnichannel integrations like 2Encrypt, we invite you to download a complimentary copy of our whitepaper, “Plug & play integration for the retail ecosystem”, by clicking here.