About HPE
Hewlett Packard Enterprise is a global technology leader focused on developing intelligent solutions that allow customers to capture, analyze and act upon data seamlessly from edge to core to cloud. HPE enables customers to accelerate business outcomes by driving new business models, creating new customer and employee experiences, and increasing operational efficiency today and into the futur
Thales TCT CipherTrust Data Security Platform
CipherTrust Data Security Platform removes complexity from data security, accelerates time to compliance, and secures cloud migrations. It unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management—all on a single platform. This results in fewer resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk.
CipherTrust Manager, central management point for CipherTrust Data Security Platform, enables organizations to centrally manage and store cryptographic keys and policies associated with encrypted data stored in HPE environments. CipherTrust Manager manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting. CipherTrust Manager is available in both virtual and physical form-factors that integrate with FIPS 140 validated Thales TCT Luna T-Series Hardware Security Module (HSM) for securely storing master keys with highest root of trust.
CipherTrust Manager can integrate with a wide-range of HPE platforms:
Solutions
Sensitive data stored in HPE GreenLake deployments must be encrypted from edge-to-cloud. For encryption to successfully secure sensitive data, the cryptographic keys used to encrypt/decrypt data must be secured, managed and controlled by the organization.
CipherTrust Manager, central management point for CipherTrust Data Security Platform, enables organizations to centrally manage and store cryptographic keys and policies associated with encrypted data stored in HPE GreenLake deployments. CipherTrust Manager manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting.
CipherTrust Manager is available in both virtual and physical form-factors that integrate with FIPS 140 validated Thales TCT Luna T-Series Hardware Security Module (HSM) for securely storing master keys with highest root of trust. These appliances can be deployed within GreenLake infrastructure from the edge to the cloud. This allows customers to address compliance requirements, regulatory mandates and industry best practices for data security.
Cloud-to-Edge Deployment Options
CipherTrust k570 is an enterprise-level centralized key management platform that manages cryptographic keys, certificates, applications
in a tamper-proof hardware appliance. CipherTrust k570 utilizes an embedded FIPS 140 Level 3 Thales TCT Luna T-Series HSM for securely storing master keys with highest root of trust.
CipherTrust k170v & k470v are enterprise-level virtual key management platforms that protect cryptographic keys that can be easily adapted to a wide range of cloud & virtual environments.
CipherTrust k160 is a compact cryptographic key management platform that can be utilized in GreenLake deployments at the edge. This small form factor appliance includes a FIPS 140-2 Level 3 token or a high assurance cryptographic token as its hardware root of trust. The token HSM operates as a secure root of trust by encrypting all sensitive objects (e.g. keys, certificates, etc.) in CipherTrust k160 with keys that are generated by, and reside in, the token HSM.
The HPE Edgeline EL8000 Converged Edge System brings high-performance computing to the edge of networks, where large volumes of data are being generated but compute capability to get quick insights has traditionally been very limited. The rugged Size, Weight, and Power (SWaP) optimized design of the HPE EL8000 delivers new efficiency and creates new business models in domains across the Federal government.
Secure Edge Data with Multi-Layer Encryption
Encrypted data stored within HPE EL800 deployments is best protected through a multi-layer approach to encryption. Users can integrate and deploy the Thales Trusted Cyber Technologies (TCT) CipherTrust k160 and CipherTrust Transparent Encryption with HPE EL8000 for a FIPS 140 Level 2 multi-layer encryption solution to protect mission critical data at the edge.
Secure and Manage Cryptographic Keys at the Edge with CipherTrust k160
CipherTrust k160 is a compact cryptographic key management platform that protects and manages cryptographic keys and associated policies used to encrypt the most sensitive data-at-rest.
CipherTrust k160 can be deployed within an HPE EL8000 chassis. It protects and manages the self-encrypting drives keys via HPE iLO within EL8000. When CipherTrust k160 is deployed, an HPE EL8000 server is restricted from booting until the key manager provides its keys.
CipherTrust k160 includes a FIPS 140 certified token or a high assurance cryptographic token as its hardware root of trust. The token hardware security module (HSM) operates as a secure root of trust by encrypting all sensitive objects (e.g. keys, certificates, etc.) in CipherTrust k160 with keys that are generated by, and reside in, the token HSM. The removable token HSM provides an easy-to-use method to support common key management scenarios such as rapid key delivery disablement, key destruction, cryptographic erase, and time of use restrictions. By simply removing the detachable token you can keep mission-critical data safe, whether in the most hazardous environment or a remote branch office.
CipherTrust Transparent Encryption
Thales TCT’s CipherTrust Transparent Encryption can be deployed with CipherTrust k160 to deliver data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging. CipherTrust Transparent Encryption adds a second layer of encryption to HPE EL8000 environments.
CipherTrust Transparent deployment is simple, scalable and fast, with agents installed at operating file-system or device layer, and encryption and decryption is transparent to all applications that run above it. CipherTrust Transparent Encryption is designed to meet data security compliance and best practice requirements with minimal disruption, effort, and cost. Implementation of the server encryption software is seamless keeping both business and operational processes working without changes even during deployment and roll out.
CipherTrust Transparent Encryption works in conjunction with CipherTrust k160, which centralizes encryption key and policy management.
Ideal for bare-metal server deployment requiring high-performance, HPE Servers integrate with Thales TCT CipherTrust Manager to both reduce the cost and complexity of educes the cost and complexity of managing data protection policy and encryption keys across a distributed infrastructure with consistent security controls and automated key services from a single console.
Integration Benefits
- CipherTrust Manager centralizes and simplifies data protection policy and key management for datastores interacting with HPE iLO equipped servers, HPE self-encrypting drives, and other KMIP-compatible encryption solutions, while improving compliance and auditability.
- Multiple CipherTrust Manager appliances can be clustered to maintain encrypted data availability—even in geographically dispersed data centers.
- CipherTrust Manager supports segmented key ownership and management by individuals or
- group owners to protect sensitive material against unauthorized access.
- CipherTrust Manager is available in virtual, physical, and FIPS 140-2 L3 certified physical appliances.
HPE Hyperconverged Infrastructure System (HCI) solution running either VMware, Nutanix, or SimpliVity Virtual SAN software on the HPE server integrates with Thales TCT CipherTrust Manager to both reduce the cost and complexity of managing encryption keys across a distributed infrastructure with consistent security controls and automated key services from a single point of deployment.
CipherTrust Manager encryption and key management appliance stores the encryption keys, CipherTrust Manager can centralize control of disparate encryption solutions, and consolidate policy and key management for application servers, databases, and file servers to streamline security administration. When keys and policies are managed in one place, key surveillance, rotation, and deletion are easier, and duty separation becomes possible so that no single administrator is responsible for the entire environment. Additionally, unified, policy management details make information more readily accessible so demonstrating data governance compliance is easy.
HPE storage arrays such as StoreEasy, Nimble, and 3PAR/Primera, integrate with Thales TCT CipherTrust Manager to both reduce the cost and complexity of managing encryption keys across a distributed infrastructure with consistent security controls and automated key services from a single point of deployment.
CipherTrust Manager encryption and key management appliance integrates with HPE storage system to store the encryption key associated with HDD/SDD, for both regular (data encryption at IO level) or self-encrypting drive. In addition, CipherTrust Manager can centralize control of disparate encryption solutions, and consolidate policy and key management for application servers, databases, and file servers to streamline security administration. When keys and policies are managed in one place, key surveillance, rotation, and deletion are easier, and duty separation becomes possible so that no single administrator is responsible for the entire environment. Additionally, unified, policy management details make information more readily accessible so demonstrating data governance compliance is easy.
Image | Title | Link |
---|---|---|
HPE 3PAR StoreServ and Thales CipherTrust Manager | ||
HPE GreenLake and Thales TCT CipherTrust Data Security Platform | ||
HPE servers and storage with Thales CipherTrust Data Security Platform Solution Brief | ||
Secure Edge Data with Multi-Layer Encryption through HPE Edgeline and Thales TCT CipherTrust k160 |