Administration

CipherTrust Batch Data Transformation (BDT) is a high-performance, scalable, and containerized data security solution designed to securely process large volumes of sensitive data in bulk. It leverages advanced protection mechanisms, such as encryption, tokenization, and data masking, ensuring that sensitive information is protected across various files and databases.

BDT integrates seamlessly with Application Data Protection on CipherTrust Manager, enabling organizations to centrally configure, manage, and enforce data-centric cryptographic policies and job configurations in a reusable, human-readable format, providing flexibility and ease of management. Jobs can be initiated directly from CipherTrust Manager, where users can also monitor the intermediate status of the data transformation process.

BDT offers flexibility in how data is processed, allowing transformations either in place (within the same location) or by generating transformed data in a separate file or database. This adaptability makes it an ideal solution for organizations looking to securely manage and transform large-scale sensitive data, ensuring both scalability and efficiency.

Specifications

Supported Transformations

BDT supports the following transformations:

Database to database (DB-to-DB)

Protects, reveals, or reprotects the data of a database table and move it to another database. Multiple tables can be transformed in a single execution. You can choose table columns and specify what action needs to be performed on a particular column.

Database to file (DB-to-File)

Protects, reveals, or reprotects the data of a database table and move it to another file. You can choose table columns and specify what action needs to be performed on a particular column.

File to database (File-to-DB)

Protects, reveals, or reprotects the data of a file and move it to another database. You can choose file columns and specify what action needs to be performed on a particular column.

File to file (File-to-File)

Protects, reveals, or reprotects the data of a file and move it to another file. You can choose file columns and specify what action needs to be performed on a particular column.

In-Place Transformation

BDT also supports In-Place Transformation, where the source and destination tables are same and transformation takes place within the same table of the database. This transformation is only applicable to database. For In-Place transformation to work, a Primary Key column must be available in the table.

For SQL Server, primary key should be a non-clustered index key.

Supported File Formats

BDT accepts the input and output files in the following formats:

• CSV

• Fixed-length format

Supported Databases

• MySQL

• Oracle

• IBM Db2

• SAP HANA

• Microsoft SQL Server

• PostgreSQL

For supported database versions, refer to [CRN].

Supported Algorithms

• FPE/AES

• FPE/FF1v2

• FPE/FF3

• FPE/FF3-1

• AES/CBC/NoPadding

• AES/CBC/PKCS5Padding

• AES/ECB/NoPadding

• AES/ECB/PKCS5Padding

• AES/GCM (Support available in CipherTrust Manager 2.22 and higher versions)

Supported Operations

• Protect

• Reveal

• Reprotect

Licensing

BDT is licensed per deployed instance. Licenses for BDT are part of the Flex Connector Premium. Refer to Batch Data Transformation Licensing Model for details.