Your Key to Cloud Data Protection

eperi Gateway

Thorough Data Protection without Compromises

The eperi Gateway is the basis for all eperi Data Protection Solutions. With more than 14 years in the market, the eperi Gateway is used by several hundred enterprises and organizations to encrypt and pseudonymize sensitive data – in the cloud and on premises.

Comprehensive Key Management

The eperi Gateway encrypts all sensitive data before it is transmitted to a business application to be processed and stored. The cryptographic keys used to encrypt and decrypt the information remain solely with the customer’s enterprise and are being managed separately from data and systems to be protected.

The eperi Gateway solves a key problem of cloud data protection: Everyone with access to the cryptographic keys also has access to sensitive data in plain text – including external administrators. To ensure that enterprise data is unintelligible for non-authorized users, encryption solutions have to be combined with an internal key management.

Quick Installation

Implementing data encryption has never been this easy, thanks to the eperi Gateway: as a transparent proxy, it can be easily integrated into existing systems. Business applications and IT systems remain unchanged.

This also applies to enterprise processes and end user workflows. The eperi Gateway allows authorized users to work with encrypted data without affecting important functionalities like search or sorting. End users do not experience any difference – which saves you retraining costs and simplifies the change process.

Internally, a strict separation of duties ensures that only a small group of security administrators manages cryptographic keys. An enterprise should never hand over their key management to an external organization – be it software developers, cryptography providers, cloud application vendors or data centers.

External administrators still have to be able to manage enterprise data, however reading access should not be granted. The eperi Gateway solves this problem without affecting administrator processes like backups or migration.

Centralized Platform – Flexible with Templates

The eperi Gateway uses a unique template architecture which makes configuring data protection policies for sensitive data in cloud or business applications easier than ever before. With our available pre-configured templates, eperi Cloud Data Protection solutions provide out-of-the-box support for widespread cloud services such as Office 365, Salesforce, ServiceNow and database management software like MariaDB. Additional templates for other cloud services and special on premises applications are easy to create.

This makes the eperi Gateway THE centralized encryption solution for all enterprise and cloud applications.

eperi Gateway – Benefits

Open Source Basis

Encryption solutions must rely on proven standard encryption algorithms to be secure. In addition, these algorithms must be properly and completely implemented to prevent any backdoors. Ideally, this is implemented in a transparent way so the solution can be evaluated by everyone.

The core of the eperi Gateway is the Open Source component secRT (“Security Runtime”). It was jointly developed by eperi and the German Federal Office for Information Security (BSI) and has been evaluated by the latter.

secRT is constructed according to SOA principles and based on open standards. It can be integrated in every system environment. Regardless of platform or system, it allows an easy implementation and execution of security applications. Everyone who wants to evaluate secRT can download it freely from the eperi resource library.

Regulatory Compliance

Certain data protection regulations demand data encryption across all life cycle stages: when stored (at Rest), when processed (in Use) and when transmitted (in Transit). In addition, several laws demand the use of pseudonymization and encryption. The most recent example is the EU General Data Protection Regulation (GDPR). It explicitly demands the pseudonymization of personally identifiable data (PII) when it is processed and stored.

Learn more >>

Using Advanced Encryption Methods

The eperi Gateway uses proven encryption algorithms like AES-256 and RSA-2048, but also allows users to exchange them for preferred ones. It also supports the tokenization of data. This means the eperi Gateway creates replacement data for sensitive information that is identical in format but only contains random characters. Applications can process this information just like unencrypted data. This ensures that software workflows remain functional when processing and storing the uncritical replacement data.

The actual sensitive information with its replacement values is stored in a table within the eperi Gateway. This separates the information from third parties, like data processors and cloud providers, who have no access to it.

Optimized Performance

Every encryption and decryption process requires valuable computing resources and time. The more data needs to be processed, the more performance-friendly the encryption solution has to be. With more than 10 years of development, the eperi Gateway offers highly optimized data security with a minimum impact on performance.

One of its secrets: on the field level, users are free to choose which data is encrypted and how. Generally, only 5 – 10 % of all enterprise data is sensitive information. With the eperi Gateway, enterprises are able to only encrypt truly sensitive data and minimize the impact their data security has on the system’s performance. Additional performance-optimizing features, such as intelligent caching, are also supported. The eperi Gateway can also be used in combination with HSMs and hardware acceleration.

eperi Gateway – Best Practices

GDPR Compliance

The eperi Gateway allows enterprises to easily and comprehensively comply with central GDPR requirements regarding the processing and storing of personally identifiable information (PII). Furthermore, it reduces the risk of incurring data breach penalties for enterprises that use third party data processors or cloud providers.

Learn more >>

Data Residency and Cloud Applications

One of the most important questions enterprises moving to cloud-based IT have to ask is: Where is my data being stored and processed – and is it readable? The eperi Gateway helps you control exactly where your information is accessible in plain text – and by whom.

Learn more >>

Data Protection for CASB Solution

Cloud Access Security Brokers (CASB) offer comprehensive security, but their data encryption solutions are often lacking. In this case, the eperi Gateway can provide the needed additional high-quality encryption.

Learn more >>