The Cloud Security Alliance emphasizes the importance of shared responsibility in its latest Security Guidance v4.0. Shared responsibility means that Cloud Solution Providers (CSPs) own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud.
Securing data in the cloud properly requires that data owners own—and can prove that they own—their data, from inception to deletion. That means that data owners—not their cloud provider—must protect their sensitive data by deploying a cloud security ecosystem where data and cryptographic keys are secured and managed, and access is controlled.
Thales TCT offers cloud independent encryption, key management, and authentication solutions that enable organizations to safely store sensitive data in the cloud. Our solutions allow customers to effectively manage their security when working in different environments, across different platforms and with multiple cloud providers.
When data and applications move to the cloud, user access—by default —takes place remotely. Organizations therefore have to implement user access controls for enterprise resources residing both in the cloud and within the confines of the data center.
Thales TCT offers Authentication and Access Management Solutions that allow organizations to seamlessly extend secure access to the cloud through identity federation. Thales TCT’s platforms leverage organizations’ existing authentication infrastructures, allowing them to extend users’ on-premises identities to the cloud and enabling them to implement consistent access control policies for both cloud and network applications.
Safely store sensitive data in the cloud with Thales TCT’s CipherTrust Data Security Platform. The platform offers advanced multi-cloud Bring Your Own Encryption (BYOE) solutions to avoid cloud vendor encryption lock-in and ensure the data mobility to efficiently secure data across multiple cloud vendors with centralized, independent encryption key management.
Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using the CipherTrust Cloud Key Manager. The CipherTrust Cloud Key Manager supports Bring Your Own Key (BYOK) use-cases across multiple cloud infrastructures and SaaS applications.
Additionally, organizations can utilize CipherTrust Data Discover and Classification to locate sensitive data in the cloud. A single pane of glass delivers understanding of sensitive data and its risks, enabling better decisions about closing security gaps, prioritizing remediation, or securing cloud transformation and third-party data sharing.
With the CipherTrust Data Security Platform, the strongest safeguards protect sensitive data and applications in the cloud, helping the organization meet compliance requirements and gain greater control over data, wherever it is created, used, or stored.
Even if sensitive data is encrypted in the cloud, with either BYOE or cloud native encryption, organizations still need to own their encryption keys. Many CSPs offer key management service however, users can’t guarantee quality if the keys generated by the provider. Furthermore, users need the ability to easily decrypt and migrate data between cloud providers.
Thales TCT’s Hardware Security Modules (HSMs) provide uncompromised trust across cloud, on-premises and hybrid environments. Whether used independently or integrated with CipherTrust Data Security platform, HSMs safeguard digital identities, applications and sensitive key materials that are used to protect important collaboration tools, document sharing and online transactions. Thales TCT HSMs have a full U.S. supply chain and provide a high assurance, FIPS certified root of trust.
By generating keys on an HSM, users can verify the origin and quality of the keys you provided to the cloud service provider, strengthening the security of your organization’s key management practices. Users can gain greater control over the durability of imported key material as customers maintain the original version of the key material in their on-premises Luna HSM, outside of the cloud service provider’s environment.
The file-sharing and collaboration marketplace is crowded with applications promising to deliver on the potential of a work anywhere, with anyone, culture. Many solutions offer a degree of security but, for many organizations, they don’t meet their standards for maximum data protection.
Thales TCT offers SureDrop®, a secure file sharing and collaboration platform, that enables users to store, share and sync all their files in the cloud or on premises with an enterprise-class solution and end-to-end encryption security. SureDrop, offers users the mobile collaboration, interaction and productivity they need behind what is commonly referred to as ‘unbreakable’ encryption security.
Thales TCT additionally offers Votiro’s Secure File Gateway for Web that enables users to transfer files safely without disrupting the workflow. Using Positive Selection™ techniques, all known and unknown threats from external networks are eliminated before they can enter internal networks. Positive Selection ensures only known elements from files across multiple devices and data sources are transferred to your internal network.
Whether deploying Robotic Process Automation (RPA) in the cloud or on-premises, Thales TCT’s Luna Credential System (LCS) addresses compliance mandates for the management of digital identities such as software robots. LCS introduces a new, patent pending, approach to multi-factor authentication by maintaining user credentials in a centralized hardware security module (HSM).
Composed of the Luna Credential HSM and the Luna Credential Client, LCS supports a number of RPA use cases including Windows Logon and authentication to PK-enabled applications and websites. When installed with cloud-based RPA deployments, the Luna Credential Client establishes secure communications to either an on-premises Luna Credential HSM or a cloud-based HSM (such as Azure Dedicated HSM) to utilize an entities certificate and corresponding private keys.