Thales data discovery and classification, advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, in Microsoft Azure, and other cloud providers. Thales technology enables you to:
Data Discovery and Classification
CipherTrust Data Discovery and Classification locates regulated data in Microsoft Azure, other clouds and on-premises across many different types of data stores, include Azure block storage offerings and Azure Files. It offers a quick start with a full set of built-in classification templates with centralized operations on CipherTrust Manager. The product enables informed decision making about what and how to protect data in Microsoft Azure.
Advanced encryption for Microsoft Azure
If you’re 100% Microsoft Azure-based with stringent data security controls, or if you’re running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and on Microsoft Azure, you need an advanced data encryption solution. CipherTrust Transparent Encryption protects your files and databases stored anywhere, including Microsoft Azure, without any changes to applications, databases, infrastructure or business practices. Bring your own encryption to Microsoft Azure and other infrastructure as a service providers.
Centralized, secure key management
CipherTrust Manager centralizes key, policy and log management for CipherTrust Transparent Encryption, available in various hardware models for on-premises deployment, or can be instantiated in the Azure Marketplace.
Multicloud BYOK management
Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using CipherTrust Cloud Key Manager. The CipherTrust Cloud Key Manager leverages cloud provider Bring Your Own Key (BYOK) API’s to reduce key management complexity and operational costs by giving customers lifecycle control of encryption keys with centralized management and visibility. The solution is available on the Microsoft Azure Marketplace, or can be deployed on premises or in any private cloud deployment to meet more stringent compliance requirements.
BYOK for Microsoft Azure Key Vault with Thales TCT Luna T-Series HSMs
The ability to import keys generated in Luna T-Series HSMs via the Thales BYOK solution provides enhanced control and security over encryption keys used by Azure Services and applications running in the cloud. By generating your own keys with a Luna HSM, you can easily verify the origin and quality of the keys you are using in the cloud, strengthening the security of your organization’s key management and security practices.
Active Directory Federation Services (AD FS) is a tool installed on Windows servers that provides users throughout an enterprise with single sign-on (SSO) access to network and cloud-based resources. AD FS verifies user identities based on an exchange of private and secure information generated from a variety of authentication technologies–including certificate-based authentication, OTP, OOB, and pattern-based authentication–generated from a wide variety of form factors, such as hardware, software, or mobile tokens. When users authenticate to AD FS, they need only sign in once to then receive access to multiple web applications over the life of a single online session.
Thales TCT Luna T-Series HSMs integrate with AD FS to secure the token signing and certificate private keys. Preserving the token signing and certificate keys in Luna HSM, organizations preserve the integrity of the authentication transaction. Since these materials never leave the hardware appliance, unauthorized users never have access to the materials they would need to steal to impersonate an authorized user. When Luna HSM serve as the secure root of the SSO infrastructure, organizations can rest assured that identity verification transactions will be uncompromised.
Thales authentication solutions integrate with AD FS, enabling organizations to implement strong authentication for AD FS supported clients and web-based applications, such as Office 365. Acting as the trusted identity provider, the SafeNet portfolio of authentication solutions extend Active Directory identities to AD FS-supported environments. Thales solutions provide a wide range of authentication methods. Additionally, SafeNet authentication solutions integrate with the Thales AD FS agent to provide the authentication mechanism for its SSO features. Through the AD FS agent, organizations can implement strong authentication policies for AD FS supported clients and web-based applications.
Active Directory Certificate Services (ADCS) is a management tool for the administration of cryptographic materials used in public key infrastructures (PKI). More specifically, ADCS is the service that provides the core functionality for Windows Server’s certification authority (CA). Certificates enhance security by assigning the identity of a person, device, or service to a specific private key to ensure proper identity verification during sensitive cryptographic transactions. For organizations that rely on PKI, ADCS offers a cost-effective, efficient, secure way to manage the distribution and use of these certificates.
Fundamental to the integrity of this infrastructure is the CA’s root cryptographic signing key, which is used to sign the public keys of certificate holders and its own public key. The compromise of a CA’s root key either by malicious intent or by accident can have catastrophic consequences. Best practice dictates that this root-signing key be diligently stored in a tamper-proof hardware security module (HSM).
Organizations that use AD CS in their infrastructure can store their encryption keys and certificates in Thales TCT's Luna T-Series HSM.
Microsoft SQL Server is a powerful relational database that enables organizations to scale operations with confidence, improve IT and developer efficiency, and effectively manage business intelligence on a self-service basis. With SQL Server, enterprises can process large volumes of data in fractions of a second making data mining and near-instant insights easy.
Thales TCT Luna T-Series HSMs integrates with Microsoft SQL Servers to securely store encryption keys and manage such cryptographic operations as key creation, deletion, SQL encryption, and SQL decryption. Thales TCT HSMs addition allows administrators to store SQL server’s master cryptographic keys within a protected hardware appliance and not on the same software platform where encrypted data is stored. Verifiable audit trails act as a deterrent and serve as evidence that keys are properly managed and secured throughout their entire lifecycle to make demonstrating compliance easier.
In addition to the Thales TCT Luna Network HSM, the high-assurance Thales TCT Luna PCIe HSM can also be integrated directly in the Microsoft SQL Server.