CipherTrust Data Security Platform
Thales has pushed the innovation envelope with the CipherTrust Data Security Platform to remove complexity from data security, accelerate time to compliance, and secure cloud migrations. This next-generation platform is built on a modern micro-services architecture, is designed for the cloud, includes Data Discovery and Classification, and fuses together the best capabilities from the Vormetric Data Security Platform and KeySecure and connector products. CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform. This results in less resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk across your business.
Key Features
The CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection and control in one platform.
Discover
  • An organization must be able to discover data wherever it resides and classify it. This data can be in many forms: files, databases, and big data and it can rest across storage on premises, in clouds, and across back-ups. Data security and compliance starts with finding exposed sensitive data before hackers and auditors. The CipherTrust Data Security Platform enables organizations to get complete visibility into sensitive data on-premises and in the cloud with efficient data discovery, classification, and risk analysis.
Protect
  • Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization. The CipherTrust Data Security Platform provides comprehensive data security capabilities.
Control
  • Finally, the organization needs to control access to its data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security Platform delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.
Functional architecture
CipherTrust Manager
  • CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.
  • CipherTrust Manager is available in both virtual and physical appliances that integrates with FIPS 140-2 compliant Thales Luna or third-party Hardware Security Modules (HSMs) for securely storing keys with a highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.
CipherTrust Data Discovery and Classification
  • Thales CipherTrust Data Discovery and Classification helps your organization get complete visibility into your sensitive data with efficient data discovery, classification, and risk analysis across heterogeneous data stores - the cloud, big data, and traditional environments - in your enterprise.
  • Simple to deploy and use, it provides you with a single pane of glass that allows you to get a clear understanding of what sensitive data you have, where it’s located, and its risks of exposure. With rich visualizations and detailed reports, you can more easily uncover and close your gaps, make better decisions about third-party data sharing and cloud migration, and proactively respond to data privacy and security regulations including GDPR, CCPA, LGPD, PCI DSS and HIPAA.
CipherTrust Transparent Encryption Ransomware Protection
  • CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers.
  • Using CTE-RWP as part of your ransomware defense strategy to protect critical data strengthens your overall security posture and avoids business disruption.
CipherTrust Transparent Encryption
  • CipherTrust Transparent Encryption delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging. This protects data wherever it resides, on-premises, across multiple clouds and within big data, and container environments.
  • The deployment is simple, scalable and fast, with agents installed at operating file-system or device layer, and encryption and decryption is transparent to all applications that run above it. CipherTrust Transparent Encryption is designed to meet data security compliance and best practice requirements with minimal disruption, effort, and cost. Implementation is seamless keeping both business and operational processes working without changes even during deployment and roll out. The solution works in conjunction with the FIPS 140-2 up to Level 3 compliant CipherTrust Manager, which centralizes encryption key and policy management for the CipherTrust Data Security Platform.
  • CipherTrust Transparent Encryption for Kubernetes enables protection of sensitive data on persistent volumes via encryption, user and process-based access controls, and data access logging. This solution enables developers to establish security controls inside of containers. With this extension for CipherTrust Transparent Encryption, data protection can be applied on a per-container basis, both to data inside of containers and to external storage accessible from containers.
Data Security's Products
CipherTrust Manager
CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.
CipherTrust Manager is available in both virtual and physical appliances that integrates with FIPS 140-2 compliant Thales Luna or third-party Hardware Security Modules (HSMs) for securely storing keys with a highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.
CipherTrust Data Discovery and Classification
Thales CipherTrust Data Discovery and Classification helps your organization get complete visibility into your sensitive data with efficient data discovery, classification, and risk analysis across heterogeneous data stores - the cloud, big data, and traditional environments - in your enterprise.
Simple to deploy and use, it provides you with a single pane of glass that allows you to get a clear understanding of what sensitive data you have, where it’s located, and its risks of exposure. With rich visualizations and detailed reports, you can more easily uncover and close your gaps, make better decisions about third-party data sharing and cloud migration, and proactively respond to data privacy and security regulations including GDPR, CCPA, LGPD, PCI DSS and HIPAA.
CipherTrust Transparent Encryption Ransomware Protection
CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers.
Using CTE-RWP as part of your ransomware defense strategy to protect critical data strengthens your overall security posture and avoids business disruption.
CipherTrust Transparent Encryption
CipherTrust Transparent Encryption delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging. This protects data wherever it resides, on-premises, across multiple clouds and within big data, and container environments.
The deployment is simple, scalable and fast, with agents installed at operating file-system or device layer, and encryption and decryption is transparent to all applications that run above it. CipherTrust Transparent Encryption is designed to meet data security compliance and best practice requirements with minimal disruption, effort, and cost. Implementation is seamless keeping both business and operational processes working without changes even during deployment and roll out. The solution works in conjunction with the FIPS 140-2 up to Level 3 compliant CipherTrust Manager, which centralizes encryption key and policy management for the CipherTrust Data Security Platform.
CipherTrust Transparent Encryption for Kubernetes enables protection of sensitive data on persistent volumes via encryption, user and process-based access controls, and data access logging. This solution enables developers to establish security controls inside of containers. With this extension for CipherTrust Transparent Encryption, data protection can be applied on a per-container basis, both to data inside of containers and to external storage accessible from containers.
CipherTrust Database Protection
While there are many ways to protect sensitive data in databases, IT requirements for performance, availability and security can sometimes clash: will this security feature compromise database read and write performance? Can I be certain that the encryption key will always be available for fast read performance? Finding the balance between database security, availability and performance can lead to a close examination of which columns of the database contain sensitive data that must be protected versus those that might not. And this leads to the possibility of seeking a solution with column-level encryption granularity. CipherTrust Database Protection was formerly known as SafeNet ProtectDB
For your database security needs, consider CipherTrust Database Protection, a solution that can provide high-performance, column-level database encryption with an architecture that can provide high-availability to ensure that every database write and read happens at almost the speed of an unprotected database.
CipherTrust Application Data Protection
CipherTrust Application Data Protection delivers on the promise of DevSecOps. Developers enjoy language bindings appropriate to their projects. Operations can leverage choices among Crypto Service Providers that run on a wide range of operating systems. The product includes many operational features that enhance performance and availability to ensure that security imposes a minimal to zero impact on business operations. And for the security team, it operates with CipherTrust Manager, providing an architecture that centralizes encryption keys for applications. Enhanced separation of duties is provided with granular controls on both key users and key operational use.
CipherTrust Data Protection Gateway (DPG) from Thales offers transparent data protection to any RESTful web service or microservice leveraging REST APIs. DPG is deployed between the client and web service and transparently protects sensitive data inline without modifying legacy or cloud native applications. DPG interprets RESTful data and performs data protection operations based on policies defined centrally in Thales’s CipherTrust Manager and operates seamlessly with other pod-supporting services.

By moving the complexity of data protection into CipherTrust Manager, DPG offers true separation of duties in a DevSecOps world:
  • DevOps orchestrates deployment of DPG
  • "Sec" creates protection and access policies
  • Together, DevSecOps configures each deployment of DPG
CipherTrust RESTful Data Protection (CRDP) protects application data and eliminates the need for Developers (Devs) to manage security and update data protection.
  • Decrease Dev Involvement
  • Increase Dev Capacity
  • Separate Duties
CipherTrust Tokenization
CipherTrust Tokenization dramatically reduces the cost and effort required to comply with security policies and regulatory mandates like PCI DSS while also making it simple to protect other sensitive data including personally identifiable information (PII). While there are no tokenization standards in the industry, most tokenization solutions fall into one of two architectures: vaultless- or vaulted tokenization Both secure and anonymize sensitive assets. Tokenization software can reside in the data center, big data environments or the cloud.

If you are seeking a tokenization solutions, consider:
  • CipherTrust Vaultless Tokenization with Dynamic Data Masking or
  • CipherTrust Vaulted Tokenization
  • Both offerings are easy to use, cloud friendly, and highly secure.
CipherTrust Cloud Key Management
Encryption keys need to be managed whether the data is on premises or in a cloud. “Cloud keys” are encryption keys that enable organizations to secure data at rest with encryption across their cloud workloads without compromise to business functionality. Thales CipherTrust Cloud Key Manager (CCKM) adds controls that simplify and streamline the Cloud Administrator’s job so that organizations can efficiently meet compliance and best-practice requirements by generating, storing, managing and maintaining data encryption keys within a secure environment.
If you use Cloud Native keys, you will need to learn and maintain knowledge of each corresponding KMS system. If you choose a centralized cloud key manager, such as CipherTrust Cloud Key Manager (CCKM), you only need to learn one straightforward User Interface (UI) that manages native, BYOK and HYOK keys with a single pane of glass view across regions.
CipherTrust Enterprise Key Management
Enterprise Key Management solutions from Thales, enable organizations to centrally manage and store cryptographic keys and policies for third-party devices including a variety of KMIP Clients, TDE Agents on Oracle and Microsoft SQL Servers, and Linux Unified Key Setup (LUKS) Agents on Linux Servers. CipherTrust Enterprise Key Management delivers a robust, standards-based platform for managing encryption keys to protect data in disparate storage repositories across the enterprise. It simplifies the administrative challenges around encryption key management to ensure that keys are secure and always provisioned to authorized encryption services.
CipherTrust Secrets Management
CipherTrust Secrets Management (CSM) is a state-of-the-art Secrets Management solution, powered by the Akeyless Vault Platform, which protects and automates access to secrets across DevOps tools and cloud workloads including secrets, credentials, certificates, API keys, and tokens.
Enterprise-ready secrets management provides automatic processes for creating, storing, rotating, and removing secrets. Reduce the potential for human error and consistently enforce security policies across your organization with:
  • Centralized management for all secret types
  • Easy to use for DevSecOps
  • SaaS (Software as a Service) scalability for hybrid and multi-cloud environments

/ Try It now

Wherever your data resides we can help you own your data

Get a Demo