Skip Navigation

CipherTrust Data Security Platform

As data breaches continue at alarming rates, securing sensitive data is critical to all organizations. In addition, organizations struggle to stay compliant with evolving privacy regulations, and securing the cloud in the face of accelerated adoption brought on by the new demand to support tremendous number of remote employees. IT security organizations seek a data-centric solution that secures the data as it moves from networks to applications and the cloud.  When perimeter network controls and endpoint security measures fail, protecting data at rest is the last line of defense.

The CipherTrust Data Security Platform removes complexity from data security, accelerate time to compliance, and secure cloud migrations. It is built on a modern micro-services architecture, is designed for the cloud, includes Data Discovery and Classification, and fuses together the best capabilities from the Vormetric Data Security Platform and KeySecure and connector products. CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform. This results in less resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk across your organization.

CipherTrust Data Security Platform is available for sale to the U.S. Federal Government exclusively through Thales TCT. 


CipherTrust data security platform demo

Access Thales' CipherTrust Data Security Platform Self-Guided Tour to learn more about this easy-to-use platform.

Launch Tour

The CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection and control in one platform.

  • Discover: An organization must be able to discover data wherever it resides and classify it. This data can be in many forms: files, databases, and big data and it can rest across storage on premises, in clouds, and across back-ups. Data security and compliance starts with finding exposed sensitive data before hackers and auditors. The CipherTrust Data Security Platform enables organizations to get complete visibility into sensitive data on-premises and in the cloud with efficient data discovery, classification, and risk analysis.
  • Protect: Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization. The CipherTrust Data Security Platform provides comprehensive data security capabilities, including file-level encryption with access controls, application-layer encryption, database encryption, masking, vaultless tokenization with policy-based dynamic data masking and vaulted tokenization to support a wide range of data protection use cases.
  • Control: Finally, the organization needs to control access to its data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security Platform delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.
  • Key Benefits

    Simplify Data Security. Discover, protect, and control sensitive data anywhere with next-generation unified data protection. 
    The CipherTrust Data Security Platform simplifies data security administration with ‘single pane of glass’ centralized management console that equips organizations with powerful tools to discover and classify sensitive data, combat external threats, guard against insider abuse, and establish persistent controls, even when data is stored in the cloud or in any external provider’s infrastructure. Organizations can easily uncover and close privacy gaps, prioritize protection, and make informed decisions about privacy and security mandates before a digital transformation implementation.

    Accelerate Time to Compliance. Regulators and auditors require organizations to have control of regulated and sensitive data along with the reports to prove it. CipherTrust Data Security Platform capabilities, such as data discovery and classification, encryption, access control, audit logs, tokenization, and key management support ubiquitous data security and privacy requirements. These controls can be quickly added to new deployments or in response to evolving compliance requirements. The centralized and extensible nature of the platform enables new controls to be added quickly through the addition of licenses and scripted deployment of the needed connectors in response to new data protection requirements.

    Secure Cloud Migration. The CipherTrust Data Security Platform offers advanced encryption and centralized key management solutions that enable organizations to safely store sensitive data in the cloud. The platform offers advanced multi-cloud Bring Your Own Encryption (BYOE) solutions to avoid cloud vendor encryption lock-in and ensure the data mobility to efficiently secure data across multiple cloud vendors with centralized, independent encryption key management. Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using the CipherTrust Cloud Key Manager. The CipherTrust Cloud Key Manager supports Bring Your Own Key (BYOK) use-cases across multiple cloud infrastructures and SaaS applications. With the CipherTrust Data Security Platform, the strongest safeguards protect an enterprise’s sensitive data and applications in the cloud, helping the organization meet compliance requirements and gain greater control over data, wherever it is created, used, or stored.

  • CipherTrust Data Security Platform Products

    CipherTrust Manager
    CipherTrust Manager is the central management point for the platform. It is an industry-leading enterprise key management solution that enables organizations to centrally manage encryption keys, provide granular access controls and configure security policies. CipherTrust Manager manages key lifecycle tasks including generation, rotation, destruction, import and export, provides rolebased access control to keys and policies, supports robust auditing and reporting, and offers development- and management-friendly REST APIs. CipherTrust Manager is available in physical and virtual form-factors that are FIPS 140-2 compliant up to level 3. The CipherTrust Manager can also be rooted to a hardware security module (HSM) such as Thales Luna and Luna Cloud HSM or Thales TCT’s T-Series HSM.

    CipherTrust Data Discovery and Classification 
    CipherTrust Data Discovery and Classification locates regulated data, both structured and unstructured, across the cloud, big data, and traditional data stores. A single pane of glass delivers understanding 
    of sensitive data and its risks, enabling better decisions about closing security gaps, compliance violations and prioritizing remediation. 
    The solution provides a streamlined workflow all the way from policy configuration, discovery, and classification, to risk analysis and reporting, helping to eliminate security blind spots and complexities. 

    CipherTrust Transparent Encryption
    CipherTrust Transparent Encryption delivers data-at-rest encryption, privileged user access controls and detailed data access audit logging. Agents protect data in files, volumes and databases on Windows, AIX and Linux OS’s across physical and virtual servers in cloud and big data environments. The Live Data Transformation extension is available for CipherTrust Transparent Encryption, providing zero-downtime encryption and data rekeying. In addition, security intelligence logs and reports streamline compliance reporting and speed up threat detection using leading security information and event management (SIEM) systems. 

    CipherTrust Security Intelligence
    CipherTrust Transparent Encryption delivers detailed data access audit logs, which are useful for compliance, identifying unauthorized access attempts, and building baselines of authorized user access patterns. CipherTrust Security Intelligence logs and reports streamline compliance reporting and speedup threat detection using leading Security Information and Event Management (SIEM) systems. The solution allows immediate automated escalation and response to unauthorized access attempts and provides all the data needed to build behavioral patterns required to identify suspicious usage by authorized users.

    CipherTrust Application Data Protection 
    CipherTrust Application Data Protection delivers crypto functions such as key management, signing, hashing and encryption services through APIs, so that developers can easily secure data at the application server or big data node. The solution comes with supported sample code so that developers can move quickly to securing data processed in their applications. CipherTrust Application Data Protection accelerates development of customized data security solutions, while removing the complexity of key management from developer responsibility and control. In addition, it enforces strong separation of duties through key management policies that are managed only by security operations.

    CipherTrust Tokenization 
    CipherTrust Tokenization is offered both vaulted and vaultless and can help reduce the cost and complexity of complying with data security mandates such as PCI-DSS. Tokenization replaces sensitive data with a representative token, so that the sensitize data is kept separate and secure from the database and unauthorized users and systems. The vaultless offering includes policy-based dynamic data masking. Both offerings make it easy to add tokenization to applications.

    CipherTrust Database Protection 
    CipherTrust Database Protection solutions integrate data encryption for sensitive fields in databases with secure, centralized key management and without the need to alter database applications. CipherTrust Database Protection solutions support Oracle, Microsoft SQL Server, IBM DB2 and Teradata databases.

    CipherTrust Batch Data Transformation
    Batch Data Transformation is a powerful tool that gives you high-performance static data masking as part of the CipherTrust Data Security Platform. It leverages the power of CipherTrust Application Data Protection and CipherTrust Tokenization to protect vast quantities of data quickly.

    CipherTrust Key Management 
    CipherTrust Key Management delivers a robust, standards-based solutions for managing encryption keys across the enterprise.  
    It simplifies administrative challenges around encryption key management to ensure that keys are secure and always provisioned to authorized encryption services. CipherTrust Key Management solutions support a variety of use cases including:

    CipherTrust Cloud Key Manager
    Streamlines bring your own key (BYOK) management for Amazon Web Services, Microsoft Azure, Salesforce and IBM Cloud. The solution provides comprehensive cloud key lifecycle management and automation to enhance security team efficiency and simplify cloud key management

    CipherTrust KMIP Server
    centralizes management of KMIP clients, such as full disk encryption (FDE), big data, IBM DB2, tape archives, VMware vSphere and vSAN encryption, etc.

    CipherTrust TDE Key Management
    Supports a broad range of database solutions such as Oracle, Microsoft SQL, and Microsoft Always Encrypted.

  • Resources

    CipherTrust Data Security Platform Solution Brief

    Product overview with technical features and specifications.


    Download Now

    CipherTrust Data Security Platform Data Sheet

    Detailed product overview with technical features and specifications.


    Download Now

    CipherTrust Data Security Platform Infographic

    This infographic concentrates on data security complexity caused by multi-cloud adoption, evolving privacy regulations, as well as the risk of data breaches from external and internal threats.

    Download Now

    The Case for Centralized Multicloud Encryption Key Management – White Paper

    Cloud Security Alliance's Cloud Controls Matrix states in section EKM-04 that "Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties." Download this white paper to learn how secure and manage your encryption keys in a multicloud environment.

    Download Now

     The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

    Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...

    Download Now

    Top 10 Reasons for Protecting Your Organization With CipherTrust Data Security Platform

    Thales has pushed the innovation envelope with the new CipherTrust Data Security Platform that unifies data discovery, classification, and data protection. It enables organizations to remove data security complexity, accelerate time to compliance, and secure cloud migrations....

    Download Now

    CipherTrust Data Security Platform – White Paper

    To meet the scale of current and future data security threats, evolving global and regional privacy regulations, and cloud adoption brought on by remote working, organizations need an easier and unified approach to discover, protect and control their sensitive data...

    Download Now

    The Importance of KMIP Standard for Centralized Key Management White Paper

    This white paper offers a look at the KMIP standard, and it shows how Thales solutions help you maximize the advantages of this standard.

    Download Now

    Key Management White Paper

    This white paper looks back at the evolution of encryption and key management systems, and examines the key challenges faced by IT teams around encryption systems, including regulation and compliance, complexity, lack of proper management tools. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management.

    Download Now

    Prevent Ransomware Attacks from Disrupting Your Agency with CipherTrust Data Security Platform White Paper

    This white paper helps you understand the anatomy of ransomware attacks and explores the solutions available in the market today to defend against such attacks. It illustrates how security policies in CipherTrust Transparent Encryption from Thales enable you to prevent rogue processes and unauthorized users from encrypting your most sensitive data and thereby protects you from ransomware attacks.

    Download Now

    NIST 800-57 Recommendations for Key Management Requirements Analysis - White Paper

    The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57, Recommendations for Key Management Part 1 (Rev 5) provides guidance for cryptographic key management for U.S. Federal Government agencies. Part 1 of the publication outlines best practices for the management of cryptographic keys and discusses key management issues that must be addressed with using cryptography.

    Download Now

     Introduction to Thales' CipherTrust Enterprise Key Management Solutions

    Watch Now


    On Demand Webinar: The Key Pillars for Protecting Sensitive Data

    During this webinar, attendees learned how to develop a three-point strategy for protecting sensitive data in their organization.

    Watch Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.