IBM

ABOUT IBM

IBM® Corporation is the world’s largest information technology company. A leader in the creation, development and manufacture of information technologies, including computer systems, software, networking systems, storage devices and microelectronics. IBM Corporation has licensed SafeNet’s Chrystoki software, in order to help its customers become “e-businesses”. IBM will use Chrystoki software to add digital signature, encrypted smart card, and high-security PC Card support into its SecureWay line of electronic commerce software. This will give IBM customers a variety of secure methods to access their Internet electronic commerce business applications. Further information on IBM’s implementation of Chrystoki software can be found on the IBM I/T Security home page at www.ibm.com/security. 1 New Orchard RoadArmonkNY United StatesNorth Americas10504-1722914-499-1900

Solutions

BM Websphere MQ is a messaging middleware that simplifies the integration of diverse applications and business data across disparate platforms. IBM MQ sends and receives message data through messaging queues to facilitate secure, reliable and assured information exchange between applications, systems, services and file. These queues simplify: business application creation and maintenance, deployment of enterprise-wide messaging, and connectivity for the internet of things and mobile devices.

IBM Websphere MQ integrates with Thales Luna HSM to securely store keys used in SSL transactions.

IBM DB2 is the database of choice for enterprise-wide solutions Optimized to deliver industry-leading performance while lowering costs, IBM DB2 offers extreme performance, flexibility, scalability and reliability for any size organization.

IBM and Thales, via IBM Security Access Manager and Thales Luna HSM, deliver integrated capabilities that enable customers to optimize the security and performance of online communications and transactions. Together, enterprises can harness secure key and certificate storage and robust SSL acceleration to protect their online presence and business applications, along with transactions.

IBM Security Access Manager includes a high-performance web server that allows customers to apply fine-grained security policies to their web-based Security Access Manager environments. ISAM provides single sign-on capabilities and enables customers to apply policies to back-end web application server resources. Using IBM Global Security Kit (GSKit) libraries, ISAM WebSEAL uses encryption to secure network communications. To maintain the integrity of SSL operations, ISAM stores encryption keys at the root of the SSL handshake in Thales Luna HSMs.

IBM DataPower Gateway is a security and integration platform for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. It enables you to rapidly expand the scope of valuable IT assets to new channels—giving customers, employees and partners access to critical resources. It helps you quickly secure, integrate, control and optimize access to a range of workloads through a single, extensible gateway platform available in both physical and virtual form factors.

Thales Luna Enterprise HSM provides key management security for certificates and certificate-based authentication (including import of trusted CA certificates from software based keystore to hardware based keystores), self-signed certificate generation, and personal certificate requests via the IBM Key Management Utility. In addition, Luna Enterprise HSM offloads cryptographic operations such as signing for associated private keys, and accelerates SSL operations to free valuable compute resources on the server.

ISAM eSSO and Thales authentication solutions provides strong authentication for eSSO users for both personal and shared workstation configurations. Thales eTokens are USB-based authenticators that provide strong user authentication and cost-effective password management

Data-at-Rest Encryption and Key Management with VMAX and KeySecure The VMAX and KeySecure integration

The integration of Thales’s SafeNet KeySecure external key management appliance with VMAX storage platforms offers customers a comprehensive key management and data encryption platform providing the following advantages:

  • Leverages OASIS standard KMIP-based external key management protocol
  • Features centralized key management and auditing for security compliance objectives
  • Is a highly-available and resilient environment for long-term key storage external to the VMAX storage platform
  • Is FIPS 140-2 Level 3 capability using KeySecure with HSMs
  • Ability to temporarily decommission VMAX storage platform for secure transport by storing keys in SafeNet KeySecure

Each VMAX storage platform with the Data-at-Rest Encryption feature can be configured to connect to one or more KeySecure appliances at a customer’s data center. It is recommended that at least two KeySecure appliances are configured in a cluster for high-availability. There is no encryption key dependency between VMAX storage platforms, so independent KeySecure appliances/clusters can be configured at each site.

Dell EMC’s interoperability validation matrix maintains the most up-to-date list of VMAX-supported versions of Thales SafeNet KeySecure.

GSKit provides libraries and utilities for SSL communication, enabling organizations to add encryption protection to over 200 IBM applications, including the IBM WebSphere Suite and IBM Security Access Manager (ISAM). Businesses stand to lose substantially – both in revenue and reputation – when there is a breach of online channels they use for communication, transactions, and applications. SSL encryption secures these web based communications and services. Thales Enterprise HSM (formerly Luna SA) stores SSL certificates in a tamper-proof hardware security module to serve as a reliable root of trust for network cryptographic operations.

Additionally, Thales Enterprise HSM offloads SSL operations from general-use servers, stores them within the hardware appliance for added security, and improves server performance. It can also provide true random number generation and streamline key administration by performing both symmetric and asymmetric key functions on a single platform. Together, IBM and Thales optimize the security and performance of online communications and transactions.

IBM MFA for z/OS provides a way to raise the assurance level of user authentication to z/OS applications and hosting environments by allowing the use of multiple authentication factors.

Building on Thales’s award winning authentication service, Thales Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

IBM Domino and Notes: SaaS and Web apps with Thales Trusted Access

IBM Notes and IBM Domino are the client and server, respectively, of a collaborative client-server software platform marketed by IBM. The IBM Notes software client simplifies today’s complex world by integrating messaging, business applications, and social collaboration into one easy-to-use workspace.

Building on Thales’s award winning authentication service, Thales Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Thales Authentication Client (SAC) is a PKI middleware application that provides a secure method for exchanging information based on public-key cryptography, enabling trusted third-party verification of user identities.

IBM® Notes® Traveler (formerly IBM Lotus® Notes Traveler) is mobile email software that provides quick access to email, calendar and contacts from a wide range of mobile devices or tablets. This no charge mobile offering is available for IBM Notes and Domino® users.

Thales Authentication Service (SAS) delivers a fully automated, versatile, and strong authentication-as-a-service solution. With no infrastructure required, Thales Authentication Service provides smooth management processes and highly flexible security policies, token choice, and integration APIs.

Thales Authentication Manager (SAM) is a comprehensive token management system. It is an out-of-the-box solution for Public Certificate Authorities (CA) and enterprises to ease the administration of Thales hardware or software tokens devices.

IBM® Security Access Manager (ISAM) helps you simplify your users’ access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify.

Building on Thales’s award winning authentication service, Thales Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.