w w w . t h a l e s e s e c u r i t y . c o m

<Thales eSecurity>

THALES ENCRYPTION SOLUTIONS

2_<T h a l e s e n c r y pt i o n s o l ut i o n s >

PROTECTING SENSITIVE DATA AND MEETING COMPLIANCE MANDATES

Enhance data security strategies across environments and use cases, including cloud and data centers Defend against data breaches and attain compliance for data protection mandates�Protect�the�confidentiality�and�integrity�of�payment�transactions Provide high-assurance protection of mission-critical data-in-motion Streamline the management and protection of encryption keys Patented Live Data Transformation delivering zero downtime or disruption to users and applications during encryption and re-keying operations

<Thales eSecurity>

THALES ENCRYPTION SOLUTIONS

< T h a l e s e S e c u r i t y >_3

DIGITAL TRANSFORMATION INCREASES DATA SECURITY CHALLENGESAs forward-looking businesses pursue digital transformation initiatives, the volume of data they process and control continues to grow exponentially. These activities span many business processes, including, among others:

Growing reliance on containers for app developmentCapturing steady new streams of data via the Internet of ThingsUsing seamless payment processing via mobile applications and new in-store technologiesRelying on Big Data environments to capitalize on valuable new analytical opportunities

The rapid data growth that accompanies an enterprise’s digital transformation presents new opportunities for malicious actors who seek to steal sensitive customer and corporate information. Not all data is tied to digital transformation initiatives, of course, and organizations already face the challenge of protecting data at rest in databases and applications , as well as data in motion.

One issue impeding the development of stronger security strategies is the perception that security tools, particularly encryption, are complex and require significant resources and funding. Surveys of security professionals, including those conducted by Thales for its annual Data Threat Report, consistently find that the perception of complexity is identified as an obstacle to implementing data encryption even though respondents acknowledge its potential benefits.

Additionally, the adoption of cloud computing to help reduce capital expenditures and increase workflow capacity opens up new attack vectors that expose critical data. Although cloud service providers (CSPs) provide encryption as an optional feature, the added complexity and administration create a burden for CSP customers. For example, CSPs often provide a mix of native encryption, advanced third party offerings, and encryption built into services, such as databases. No matter what combination of vendors and cloud provider solutions being deployed, proper key management is paramount to gain value from the encryption solution. This quickly becomes complex and burdensome when key management is distributed to support different clouds and services. The key management challenge is brought into sharp focus when a customer plans to move from one cloud environment to another.

Similarly, siloes of data encryption may have emerged as business units and departments implemented their own data protection. Given the full key management lifecycle when encryption is done properly, this means that multiple encryption keys are generated, distributed, rotated and destroyed, as well as securely stored and backed up. This is highly inefficient and takes security professionals away from other priorities.

Finally, as the data environment grows, so does the need to ensure compliance with global and regional data protection mandates. Not only must organizations address established security standards such as the PCI DSS, but newer mandates such as the GDPR and regional data privacy laws also demand organizations’ attention. Maintaining a compliant posture is a continuous and ever-changing responsibility.

4_<T h a l e s e n c r y pt i o n s o l ut i o n s >

TRADITIONAL SECURITY APPROACHES LEAVE GAPSWhile enterprises have made significant investments in traditional security such as firewalls and endpoint protection, these tools are less effective against modern threats. Highly publicized data breaches have exposed millions of records and led to compliance violations, resulting in extensive administrative costs, financial penalties and public embarrassment. What is needed instead is a data-centric security strategy that renders data useless to attackers, even in the event of a breach, and incorporates controls that monitor and limit access to sensitive information.

ENTERPRISE-STRENGTH�ENCRYPTION� AND KEY MANAGEMENTThales data encryption and key management solutions help organizations ensure secure, compliant protection of sensitive customer and corporate information across all environments, whether on-premises or in the cloud. Security professionals around the world trust our flexible, robust solutions to accelerate their organizations’ digital transformations.

ENCRYPTION & KEY MANAGEMENT SOLUTIONSDATA-AT-REST ENCRYPTIONThe Vormetric Data Security Platform offers a single extensible framework for protecting both structured and unstructured data-at-rest across the broadest range of OS platforms, databases, cloud environments and Big Data implementations. The Vormetric platform enables enterprises to encrypt data across environments without having to change applications or system administration, and even without having to take applications offline with its Live Data Transformation features.

Vormetric Transparent Encryption equips your security team with file-level encryption, access control and security intelligence. Vormetric Transparent Encryption can be deployed without having to re-architect applications, infrastructure or business practices.

Vormetric Application Encryption makes it easy to add column-level encryption to an existing application. Development teams can implement the solution without having to acquire encryption or key management expertise. With Vormetric Application Encryption, your organization can secure sensitive data in fields or columns in any database.

< T h a l e s e S e c u r i t y >_5

DATA IN MOTION ENCRYPTIONThales Datacryptor Series provides high-performance network encryption for sensitive data transmissions – across departments, facilities or regions, to safeguard sensitive data against eavesdropping, traffic analysis and side channel attacks.

PAYMENT DATA ENCRYPTIONThe Thales payShield 9000 is a payment hardware security module (HSM) that provides the cryptographic protection needed for automated teller machine (ATM) and point of sale (POS) credit and debit card transactions.

Thales payShield HSMs are also deployed as part of mobile point-of-sale and payment processing solutions with our industry partners, and help ensure compliance with PCI HSM and PCI P2PE requirements.

CENTRALIZED ENCRYPTION KEY PROTECTION & MANAGEMENTThales key management products centralize key management for your home-grown encryption, as well as your third-party applications using native encryption such as full-disk encryption and databases using their vendor’s native encryption offering. This gives you greater command over your keys while increasing your efficiency and data security. Thales key management products connect with your applications through standard interfaces and deliver access to robust key management functions.

The Vormetric Data Security Manager provides central management and secure storage of encryption keys, including those generated by Thales eSecurity products, KMIP-compliant devices, Microsoft SQL Server TDE, Oracle TDE and IBM Guardium Data Encryption. It is available as a virtual appliance and FIPS 140-2 Level 1-certified hardware appliance.

6_<T h a l e s e n c r y pt i o n s o l ut i o n s >

CLOUD DATA PROTECTIONThales eSecurity provides cloud encryption and key management solutions, along with partnerships with industry-leading IaaS, PaaS, SaaS and managed services providers, to support any cloud strategy – public, private, hybrid or multi-cloud. Your cloud data is encrypted with keys that you control, giving you peace of mind and bolstering your compliance posture.

The CipherTrust Cloud Key Manager offers life cycle encryption key management with FIPS 140-2 secure key storage for a growing range of IaaS, PaaS, and SaaS providers.

For advanced encryption and centralized policy control, organizations use bring-your-own-encryption (BYOE) with Vormetric Transparent Encryption to fully manage and control their encryption keys. Customers benefit from data encryption, privileged user access controls and security intelligence logs that detail access attempts.

CONTAINER SECURITYVormetric Container Security delivers critical encryption, access controls, and data access audit logging capabilities that enable organizations to meet compliance, regulatory, and best practice requirements for safeguarding data within dynamic container environments.

ENHANCED COMPLIANCEThales’ data encryption and key management solutions help customers enhance their compliance postures by rendering data useless to unauthorized users, managing keys separately from encrypted data, incorporating policy-based, granular access controls and outputting security intelligence logs that document access to sensitive data.

Thales data encryption and key management solutions protect sensitive information across all environments, whether on-premises or in the cloud

< T h a l e s e S e c u r i t y >_7

THALES BENEFITSThales customers enjoy several key benefits not available from other data protection vendors:

BREADTH OF USE CASESThales’s products address an expansive set of business challenges, delivering an exceptional return on your security investment. Thales provides everything your organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance.

UNMATCHED SERVICE AND SUPPORTData security experts in the Thales Advanced Solutions Group can accelerate deployments, increase your confidence, improve your knowledge of best practices and help optimize your data protection environment. And engineers from our global technical support and customer service teams provide world class service and help resolve technical and product related queries.

ENTERPRISE STRENGTH SECURITYWith today’s highly integrated systems, organizations must know where their data is stored, how and where it moves and which applications use it – then design a protection strategy that follows the data. Thales provides a comprehensive portfolio of data security solutions that can meet your needs for protecting data wherever it resides.

DECADES OF SECURITY EXPERTISEThales products have been trusted to secure some of the world’s most sensitive data for more than 40 years. Organizations across industries like Financial Services, Healthcare, Retail, Manufacturing and more trust Thales to help them secure their mission-critical information, wherever it is created, shared or stored.

“Encrypting all of our production databases perfectly fits with our mission of going above-and-beyond what is required for compliance: Thales made that possible.”- Bharani Krish, associate vice president of enterprise infrastructure, Molina Healthcare

“Thales’s Vormetric Transparent Encryption enables us to apply security in a way that is invisible to the end user; in fact, it’s pretty much transparent from an administrative viewpoint too.”- Damian McDonald, vice president of Global Information Security, BD

Follow us on:

Americas – Thales eSecurity Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: sales@thalesesec.comAsia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: asia.sales@thales-esecurity.comEurope, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: emea.sales@thales-esecurity.com

w w w . t h a l e s e s e c u r i t y . c o m

© T

hale

s - D

ecem

ber 2

018

• P

LB74

16_D

igita

l Tra

nsfo

rmat

ion_

SS_U

SL_V

5

About Thales eSecurityThales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.