Gemalto - Thales Group

Thales/Gemalto offers cryptographic protection of data regardless of the place and storage method. Its portfolio includes:

More information:

https://www.thalesgroup.com

Description of technology

Data Encryption

• ProtectDB - Column-level protection of information stored in the database plus additional access control

• High Speed Encryptor - Fast network encryptor preventing eavesdropping of data on the telecommunications link between company branches. Constant, microsecond latency, up to 100 GB bandwidth, FIPS-140-2 level 3 certification.

• KMIP - Key Management Interoperability Protocol support, enabling you to connect third party systems and secure data stored in them

• ProtectV - Full disk encryption for virtual machines. It protects the entire machine and its backups, and prevents unauthorized copying of the machine and launching it in a different environment

• TAE, ProtectApp, Tokenization - Programming library for the most aware users, which will enable you to encrypt any data at the point of their creation

• TDE/ProtectFile - Transparent file-level encryption (including files on network shares) plus additional access control

• Vormetric, KeySecure - Centralized key management platform. It supports KMIP, so you can simply integrate it with your current systems (e.g. NetApp). FIPS-140-2 Level 1 and 3 certification (using HSM)

Database Security

Database Security - Gemalto ProtectDB offers column-level cryptographic protection of data stored in databases. The encryption is transparent for the user and the application. Data backups are also protected. If ProtectDB is used in development projects, it will release developers from all responsibility for encryption. ProtectDB also allows the use of additional access control. Database administrators will not have access to stored data. However, they will be able to monitor the work of the database systems, make backups or manage database users. ProtectDB cooperates with the KeySecure centralized key storage with FIPS-140-2 Level 1 and 3 certification (using HSM). Vormetric Transparent Data Encryption offers efficient cryptographic protection of the entire database, regardless of its size.

HSM

HSM - The hardware security modules of Gemalto (a Thales Group company) have been designed for securing encryption keys throughout their lifecycle. Enhanced operating system, cryptographic card resistant to hardware attacks, encrypted communication channels, multi-factor authentication and compliance with recognized standards (FIPS 140-2 Level 3, PCI DSS, Common Criteria) prevent the loss of stored cryptographic material. Cryptographic modules are available in several versions:

• Luna HSM - General-purpose security module available in the network version (Network HSM), PCI-E card and USB; with authentication by password (PW Auth) or with a device using strong, two-factor authentication (PED Auth);

• Luna Payment HSM (Luna EFT) - Module dedicated to handling financial transactions,

• ProtectServer, Java HSM - Configurable security modules with a higher level of flexibility, ProtectServer HSM is available in the Network HSM and PCI-E variants.

User Authentication

SafeNet Trusted Access - Building on its award-winning achievements and experience, Gemalto (a Thales Group company) offers the SafeNet Trusted Access (STA) service — a system for strong authentication and managing access to applications. It guarantees easy deployment and management of strong, two-factor authentication at the lowest possible cost. Selecting the right authentication solution is crucial in reducing the risk that threatens your company. Naturally, the best solutions offer the widest choice of tokens, protect both local and cloud applications and provide remote access to the network for employees. However, the choice is not just about security, it is also about the ease of deployment and management, and about costs. Authentication system administrators are aware that most costs are related to the continuous administration of users and tokens. A real cloud-based solution such as SafeNet Trusted Access can drastically reduce these costs. In addition to strong authentication, STA also includes an application access management service based on additional context. It makes is possible to easily access many applications, websites and services using single sign-on (SSO), based on scenarios, aforementioned contexts and established policies. The service has been created to improve cloud identity management and eliminate the use of multiple user and administrator passwords which are difficult to maintain and manage. The user gains access to many applications, websites and services using single sign-on without the need to enter complicated passwords (Smart Single Sign-On). STA provides an intuitive management panel with insight into events within all applications to make sure that a user with the proper level of trust has access to the right application. All these strengths make SafeNet Trusted Access offer the lowest total cost of ownership compared to other solutions and opens a new path for managing and security company resources.

Smart cards, readers, USB tokens - Gemalto (a Thales Group company) offers many types of cards for various tasks. In addition to traditional smart cards that provide access to data, e.g. user certificates, only through the contact module under which the heart of the entire card — a secure cryptographic chip — is hidden, Gemalto’s portfolio also includes dual cards which thanks to the use of an internal antenna connected to the chip allow for contact and contactless access to data, e.g. via NFC technology. The most popular cards in enterprises are hybrid cards, which in addition to the contact module have an independent chip which makes it possible to use the card with systems for regulating work time or physical access control, e.g. to the company, office and rooms where unauthorized access cannot be allowed. This solution enables you to offer one card which serves as a single employee ID by combining logical access to IT systems and physical access to the premises. In all cases where the use of a card is not possible, e.g. due to the inability to use card readers, Gemalto offers the so-called eTokens – smart cards in the form of a small USB key. With certifications such as Common Criteria, QSCD or FIPS 140-2 Level 3, Gemalto solutions help to achieve compliance with regulations such as eIDAS and GDPR. Software available along with Gemalto cards ensures that it is possible to use them by multiple operating systems and applications, and saves time and resources by improving the management of cards and digital user credentials stored on them.

Virtual Security

Virtual Security - Gemalto ProtectV makes it possible to encrypt the entire virtual machine, preventing its unauthorized copying and launching as well as theft of data stored in it. ProtectV supports environments such as Amazon Web Services, VMware, Microsoft Azure, Hyper-V and IBM BlueMix. It cooperates with the KeySecure centralized key storage with FIPS-140-2 Level 1 and 3 certification (using HSM). We also encourage you to check out ProtectFile, ProtectDB and ProtectApp — software cryptographic modules that provide granular data protection in virtual environments.

Helpful files