DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 22, 2023
Today, Skyflow, the data privacy vault company, unveiled Skyflow GPT Privacy Vault, a robust privacy solution that enables organizations to safely and securely leverage the full power of large language models such as GPT.
Companies are rushing to adopt AI, whether to increase productivity, enhance decision-making powered by data-driven insights, or to improve customer experience. However, privacy concerns hinder organizations from fully embracing AI. The Skyflow GPT Privacy Vault can provide enterprises with unparalleled data protection throughout the entire lifecycle of GPT models, and offers a comprehensive range of features tailored to meet the evolving needs of enterprises:
Data Privacy and Security: Skyflow GPT Privacy Vault establishes a secure environment for sensitive data, protecting it from unauthorized access, breaches, and data leaks.
Granular Data Control: Organizations can maintain strict control over sensitive data, ensuring that only authorized individuals or entities can access specific data sets or functionalities within GPT systems.
Privacy-Preserving AI: Sensitive data is redacted and anonymized during data collection, model training, and interactions, enabling organizations to maximize AI capabilities without compromising privacy.
Compliance and Regulatory Requirements: With Skyflow GPT Privacy Vault, global companies can leverage AI while complying with data residency requirements, such as GDPR, LGPD, and others.
Here’s how organizations can leverage Skyflow GPT Privacy Vault:
Data Collection and Preparation: Redact or tokenize sensitive information as it flows through GPT without lessening the value of the output. Skyflow’s proprietary polymorphic encryption technique enables the model to seamlessly handle protected data as if it were plaintext.
Model Training: Safely train GPT models on content where sensitive data is redacted and anonymized. Robust multi-party training is also available, so that two or more entities can share anonymized datasets and safely use AI to unlock substantial insights.
Interaction with GPT Models: De-identify sensitive data during interactions with GPT models, ensuring that privacy is preserved throughout the entire user interaction process.
Secure Deployment and Integration: Seamlessly integrate Skyflow GPT Privacy Vault into existing data infrastructures to add a robust layer of data protection. Skyflow GPT Privacy Vault will protect all sensitive data flowing into GPT models and only reveal sensitive information to authorized parties once it has been processed by the model and returned.
Skyflow GPT Privacy Vault delivers significant value across industries. Here are two specific use cases:
Pharmaceutical Research: Pharmaceutical companies rely on Skyflow GPT Privacy Vault to protect sensitive data throughout the drug development lifecycle. It ensures the privacy and security of clinical trial data, safeguards proprietary research and intellectual property, and enables secure collaborations with external partners. Additionally, it supports personalized medicine initiatives by preserving the privacy of genetic data.
Online Travel Booking: Online travel booking companies utilize Skyflow GPT Privacy Vault to protect customer data while leveraging AI models for personalized recommendations and enhanced customer experiences. It allows them to anonymize and protect personally identifiable information (PII) and payment data, ensuring compliance with privacy regulations while delivering superior travel experiences.
“Generative AI can be a powerful tool for teams to maximize their output and scale their products. But the risk of a sensitive data leak is high, and with other providers, the cost of deploying a private GPT can be 10x what it is in a shared environment,” said Anshu Sharma, co-founder and CEO of Skyflow. “Skyflow can offer world-class data privacy throughout the lifecycle of GPT models, seamlessly and affordably.”
The Global Partner in Cybersecurity and Privacy at Infosys, Joseph Williams, said, "Companies are eager to adopt ChatGPT and other generative AI platforms but they need to solve for privacy and regulatory compliance. Like we laid out in our seminal paper on the future of privacy engineering, data privacy vault architecture is a right way to go about this."
Read more about Skyflow for GPT here.
Skyflow is a data privacy vault company built to radically simplify how companies isolate, protect and govern their customers’ most sensitive data. With its global network of data privacy vaults, Skyflow helps companies meet complex data localization requirements. Skyflow customers span verticals like fintech, retail, travel, and healthcare. Skyflow is headquartered in Palo Alto, California and was founded in 2019. For more information, visit www.skyflow.com or follow on Twitter and LinkedIn.
PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Prnewswire | May 09, 2023
Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine.
Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them.
"In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek.
Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform.
According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place.
A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours.
"For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis.
"Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive."
Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Businesswire | April 18, 2023
Imperva, Inc., (@Imperva) the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. (@Fortanix), the Data Security company powered by Confidential Computing, announce that they have signed a partnership agreement, and have each joined the other’s strategic partner program.
This partnership brings together two of the most innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide the ability to manage the entire data security workflow for customers ensuring data privacy and compliance.
Imperva now offers Fortanix Data Security Manager (DSM), a highly scalable data security platform that delivers unified cryptographic and privacy services such as encryption, tokenization, dynamic data masking (DDM), secrets management, and enterprise key management. The solution works across multiple cloud service providers (CSPs) and provides an “easy button” to secure over 100 services. Fortanix DSM is simple to deploy and is offered in two editions — on-premises and a cloud-based SaaS solution — providing data security controls with both backed by FIPS 140-2 Level 3 certification.
"We’re thrilled to partner with Imperva and take a best-in-class solution to the market together,” says Anand Kashyap, CEO of Fortanix. “With Imperva’s data discovery and classification capabilities and the Fortanix Data Security Manager SaaS and multicloud offering, customers have an end-to-end solution for securing workloads across the entire Data Lifecycle. This solution will help customers accelerate their data journey to the cloud while meeting the highest level of compliance.”
Imperva Data Security Fabric (DSF) is a robust and scalable hybrid, multicloud platform for data discovery and classification, activity monitoring, access controls, security analytics, threat detection, and compliance reporting. Imperva DSF provides protection for unstructured, semi-, and structured data — both on-premises and in the cloud.
Organizations continue to seek the most efficient and effective data security solutions to address multiple use cases such as sensitive data protection, insider threat detection, and data risk management. They must also meet compliance and privacy requirements while operating diverse ecosystems at scale and consolidating legacy tools, all without impacting the speed and agility of the application development team to achieve the highest level of ROI.
With the combined strength of Imperva DSF and Fortanix DSM, this data security partnership will benefit organizations that find their traditional controls are no longer sufficient as they move data workloads and applications to the cloud. These data security solutions address data security and privacy regulations such as GDPR, CCPA, PCI DSS, and HIPAA by employing methods to help protect and control data confidentiality, data integrity, and data access across the hybrid multicloud environment.
“With the unprecedented explosion of data over recent decades and every day, unknown sensitive data might be anywhere — potentially exposed, and unsecured. But with this new partnership between Imperva and Fortanix, companies can now discover, classify, and secure their data using encryption and tokenization wherever it resides,” says Dan Neault, SVP and GM of Data Security at Imperva. “Using the intelligence and flexibility of Imperva DSF combined with the power of the Fortanix DSM, finding sensitive data and taking the right steps to secure it is now easier than ever.”
Additionally, Imperva is now able to provide customers with Fortanix DSM via the Imperva End-User License Agreement (EULA) providing streamlined procurement via a single vendor for sales, implementation, training, support, and services.
Building a complete cybersecurity technology ecosystem dedicated to data security and compliance
The Imperva Technology Alliance Program (TAP) enables technology companies, security vendors, and cloud service providers to co-market, sell, and integrate their products and platforms with the award-winning Imperva cybersecurity portfolio to create solutions that deliver added value for customers and generate revenue growth for TAP partners.
Imperva DSF continues to deliver more value to customers through these alliances. Additionally, Fortanix also supports the Imperva Web Application Firewall (WAF) by being able to store WAF encryption keys.
Meet with us at RSA Conference
Join Imperva and Fortanix at RSA Conference 2023 on April 24-27 in San Francisco, CA. Imperva will be exhibiting at booth #5180, North Hall, and Fortanix will be exhibiting at booth #449, South Hall. There will be representatives from both companies at both booths throughout the conference including;
Terry Ray, SVP, Data Security GTM and Field CTO at Imperva, will be speaking at the Fortanix booth at 3:00 pm on Tuesday, April 25: “Why organizations need monitoring AND encryption for data security, not monitoring OR encryption.”
Sumanth Kakaraparthi, VP of Data Security Product Management at Imperva, will be speaking at the Fortanix booth at 3:00 pm on Wednesday, April 26: “You can’t protect your sensitive data unless you know where it is and what it is.”
Learn more about the Imperva Data Security Fabric (DSF)
Learn more about the Fortanix Data Security Manager (DSM)
Learn about Imperva joining the Fortanix Partner program here
Learn about Fortanix joining the Imperva Technology Alliance Partner program here
Check out the Imperva Blog for the latest products and solutions news and threat intelligence from Imperva Research Labs
Imperva is the cybersecurity leader that helps organizations protect critical applications, APIs, and data, anywhere, at scale, and with the highest ROI. With an integrated approach combining edge, application security, and data security, Imperva protects companies through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
Fortanix secures data, wherever it is. The company’s data-first approach to security powered by Confidential Computing complements traditional infrastructure-centric solutions and allows businesses of all sizes to modernize their data security posture on-premises, in the cloud, or everywhere in between. Rated highly by customers, and with 100-plus tech integrations, the company’s award-winning flagship Data Security Manager (DSM) platform delivers a unified approach to the data security and privacy lifecycle while reducing risk and increasing compliance. Fortanix customers include global banks and financial services institutions, technology companies, retailers, government agencies, healthcare institutions as well as cloud service providers.