Skip Navigation

Security is a Shared Responsibility

Cloud Solution Providers own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud.

Securing data in the cloud properly requires that data owners own—and can prove that they own—their data, from inception to deletion. That means that data owners—not their cloud provider—must control their encryption and own their encryption keys.

Cloud Security Best Practices

  1. Data owners need to directly manage, if not own, their encryption to ensure that their data is protected as it is stored in and moves to and from the cloud. 
  2. Data owners need to own the generation and administration of the cryptographic keys used to encrypt data in the cloud.
  3. Data owners need cloud independent security solutions that can be applied across private, hybrid, public, and multi-cloud environments

Thales TCT Solutions to Protect YOUR Data in THEIR Cloud

Thales TCT offers cloud independent encryption and key management solutions that enable organizations to safely store sensitive data in the cloud. Our solutions allow customers with U.S. supply chain requirements to effectively manage their security when working in different environments, across different platforms and with multiple cloud providers.

  • Solutions

    Cryptographic Key Management for the Cloud
    SafeNet AT’s KeySecure for Government is a cryptographic key manager that can be deployed as a hardware appliance on-premises or as a hardened virtual appliance in the cloud. By utilizing an on premises KeySecure for Government to securely generate, store and manage your cryptographic keys, you can ensure that you own and control your keys at all times.

    Whether embedded in the KeySecure for Government or used as a network-attached appliance, Luna Hardware Security Modules for Government provide a FIPS certified hardware root of trust for maximum security.

    Cloud-Independent Data-at-Rest Encryption Solutions
    KeySecure for Government integrates with various encryption solutions such as:

    • ProtectCloudStorage: Encrypts data using customers’ own keys before it is sent to cloud object storage
    • ProtectV: Provides full disk encryption of physical servers, virtual machines, and cloud instances
    • ProtectFile: Controls access and encrypts data in sensitive folders and files
    • ProtectApp: Encrypts sensitive field and application data at the point of creation
    • ProtectDB: Protects sensitive data across databases in the data center and the cloud

    SafeNet AT’s cloud independent encryption solutions enable your data to be seamlessly transferred to multiple clouds from various service providers.

    High Speed Encryption
    Data is often most vulnerable as it data moves to and from the cloud. Data owners should utilize network encryption solutions—either virtual or hardware-based—to ensure that their data is protected as it is transferred across the network. 

    SafeNet AT offers high speed encryption solutions that enable secure cloud connectivity:

    • CN9000 Series 100Gbps High-Assurance Mega Data Encryptor
    • CN6000 Series 1Gbps-10Gbps Scalable, High Assurance Ethernet Encryptor
    • CN4000 Series 10Mbps-1Gbps Versatile and Compact, Entry-level Ethernet Encryptor
    • CV1000 Hardened Virtual Encryptor for Extended WANs and SD-WANs
  • Resources


    Watch our video to learn how to safely store sensitive data in the cloud.

    Watch Now

    Download our solution brief to learn more about our cloud security solutions.

    Download Now


Securing the Hybrid Cloud


Protecting YOUR Data in THEIR Cloud 


This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.