JumpWire Overview
JumpWire makes it easy to enforce secure data practices across internal users, applications and APIs, without having to change any code. By securing data as it moves between clients, databases and APIs, JumpWire prevents sensitive data from being leaked or exposed, and helps companies stay compliant with the data handling practices of their SOC2/PCI DSS/or ISO 27001 programs.
A key feature of JumpWire is its ability to apply data security to specific properties in data, instead of an entire database, result set or document. For example, JumpWire can encrypt only the JSON properties that correspond to PII as part of an HTTP POST. JumpWire automatically catalogs schemas to understand the shape of data payloads, then uses policies to label, classify and transform fields.
JumpWire was built to be easily run inside a private network in a company's own cloud. This has two benefits: it keeps latency low, and enables JumpWire to connect internal applications and databases, not just ones that are connected to the Internet.
JumpWire embodies a philosophy of “defense-in-depth” and applies it to data. We invert typical perimeter-based security approaches on their head, by securing data as it moves through applications in an environment, and transforming the original data with a secured format. This ensures that, regardless of where data travels within an environment, it remains secure from improper handling or access.
Without JumpWire, companies are left trying to protect sensitive data with access controls alone. While least-privilege access to systems is complementary to the security that JumpWire provides, it fails to add protection when data is moved into other systems like data warehouses, stored in backups, logged by applications, or exported between environments.
JumpWire can solve a variety of use-cases for securing data across its lifecycle in a scoped environment. Common ones are detailed below.
Use JumpWire to control query access to sensitive data in an existing database. For example, developers may need access to a production database, but should not be able to query columns that contain customer PII. A request can be made to step-up privileges for accessing sensitive data, with manager approval. You can read more under Group Access.
Use application encryption keys to seamlessly secure individual columns in a database. For example, encrypt customer data with a customer-specific key even when storing data in a cotenant database.
Companies often need to store data in different physical regions, to comply with privacy laws. JumpWire can automatically route queries to the correct region, and combine results in real-time without the application being aware of which region the data resides.
Highly-confidential data that should never leave a scoped environment can be dropped from HTTP requests through JumpWire.
JumpWire installs inside your cloud environment, which we refer to as “on-premise”. In this setup, no data leaves your private network, and there are no critical dependencies on a SaaS product being available.
JumpWire adapts to existing infrastructure architecture, with the flexibility to sit atop a variety of network or application boundaries. There are two boundaries where JumpWire is typically deployed - as an HTTP Proxy or as a Database Proxy
The heart of JumpWire is a powerful integration platform that manages connections to and moves data between APIs and databases. This custom-built platform provides efficient work distribution across a cluster of nodes and automated horizontal scalability for handling increasing load. JumpWire integrations can programmatically describe data schemas in other systems, streamlining the ability to label data fields and match labels to handling policies.
