Compliance Module

Compliance-based B2B Integration

Every Hubspan integration solution features best-in-class security.  As the integration industry’s first net-native platform, Hubspan was built from the ground up with data protection, identity management and access control in mind.  In fact, you can think of security as a wrapper around the entire integration process, whether you are doing a basic purchase order exchange or a complex eCommerce integration business process. Hubspan maintains this security regardless of the communication protocols, data formats or applications used by companies in the integration community.

PCI DSS Levels of Encryption and Control

For those companies who must adhere to key compliance mandates, such as PCI DSS or HIPAA, the WebSpan Compliance Module adds an incremental layer of data protection and control to the integration process.  Perhaps your company has customized digital certificate policies, special data retention rules, security audit requirements, or end-to-end data encryption mandates.  Hubspan’s Compliance Module,  based on the tenets found in the PCI DSS mandate, enables you to address those needs.

The Compliance Module seamlessly incorporates multiple security features for end-to-end protection. Hubspan guards against theft or compromise of sensitive data and intellectual property as it moves across the Internet, allowing you to exchange information across systems and companies with complete confidence.

With Hubspan’s Compliance Module, you receive these additional security features for every Integration Process:

• Advanced Data Encryption at Rest: Hubspan encrypts data throughout all stages of the transaction, both in motion and at rest, based on PCI DSS encryption levels. With this module added, all data related to the integration process will be encrypted at rest.   
• Automated Data Masking:  With the Compliance Module, all data in the transaction is automatically masked. If an authorized user attempts to view data, this triggers an automated masking process to ensure any sensitive data, such as a credit card number, is masked.  For example, if a user goes to view this data, the credit card number will only be showing as ********last4digits.  
• Advanced Data Access Control and Auditing: A user can request to unmask the masked, but the user must have the authority based on the access control rules and any viewing of unmasked data automatically triggers an audit process, which records the date, time, user, data/record and other information about the data being unmasked in the system.
• Multi-layer Key Management:  The Compliance Module provides an additional layer to an already strong key management system. This multi-layered approach utilizes a key encrypting key (KEK) to secure the data encryption keys (DEK).  Hubspan holds a patent for innovation in key management. The patent enables Cryptographic Key Brokering capabilities to securely translate information between systems having different security management schemes.

Adherence to Key Compliance Mandates

The Hubspan B2B cloud integration platform is governed by industry standards covering confidentiality, integrity, authentication, availability and non-repudiation.  There are several key certifications, processes and compliance mandates Hubspan adheres to, including:

• PCI DSS:  The PCI DSS is a multifaceted security standard designed to proactively help protect customer account and other financial data. 
• SAS 70 Type II:  SAS 70 Type II mandates a strict level of internal process controls for a service organization and must be confirmed by a third-party audit on an annual basis.  
• Cloud Security Alliance (CSA):  CSA promotes the use of best practices for providing security assurance within Cloud Computing, and provides education on the uses of Cloud Computing to help secure all other forms of computing. Hubspan is a corporate member of the CSA.
• OWASP Top Ten:  To ensure protection against security breaches, Hubspan addresses the 2010 Top Ten Most Critical Web Application Security Risk issues published by the Open Web Application Security Project (OWASP).