System Architecture
VPS is a Linux-based system consisting of three internal modules:
Proxy Server
The proxy server handles communications between SaaS application clients and the SaaS application server via various protocols (e.g., HTTP, SMTP, IMAP, POP3) and formats (e.g., HTML, XML, JSON). The proxy intercepts requests sent by the SaaS client to the SaaS application, analyzes the requests to detect any sensitive data elements within a request, encrypts these data elements using the appropriate VPS encryption methods and replaces the sensitive data elements with their encrypted values. It then forwards the modified request to the SaaS application. When a response is returned by the SaaS application, the proxy detects the encrypted elements within the response and decrypts them to deliver a clear-text response to the SaaS client.
Encryption Engine
The VPS encryption engine contains a set of patent-pending encryption methods based on NIST-standard encryption algorithms, such as AES. This multi-algorithm encryption/decryption engine includes sort- and search-preserved encryption methods which encrypt the data while preserving the application's ability to search within the encrypted data and/or to sort the encrypted data.
Administration and Policy Management
A Web-based UI is provided for general system administration and application security policy management. The latter allows the security officer to review security policies and to customize application security policies down to the field level.