Secure all file uploads and receive documents completely risk-free.
Secure all file uploads and receive documents completely risk-free.
Completely secure every email that enters your organization.
Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to secure access to agency networks, protect the identities of users, and ensure that a user is who they claim to be.
Evolving needs around cloud applications and mobile devices, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control.
View this on-demand recording to hear from Thales TCT, and their partner Intercede, where you will have the opportunity to learn how to strengthen your authentication and address topics such as:
We are at digital war and data is the target. No organization is immune from data security threats and the US Federal government is no exception. More than half of federal data is now stored in the cloud, and a significant portion is sensitive. Yet, despite this exposure, in the 2020 Thales Data Threat Report 99% of federal government respondents say at least some of their sensitive data in the cloud is not encrypted. IT security departments must now, more than ever, embrace and own their portion of the cloud shared responsibility model and implement data security best practices, as the cloud provider does not guarantee security at the data level. This digital event highlighted results from the 2020 Thales Data Threat Report and explored best practices for securing data in cloud and multi-cloud environments.
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 provides guidance for the selection of security and privacy controls for federal information systems and organizations. Published by the National Institute of Standard and Technology, the publication details items from the Risk Management Framework that address security controls required to meet requirements in the Federal Information Processing Standard (FIPS) 200. Revision 4 is the most comprehensive update since the initial publication. Revision 4 was motivated principally by the expanding threat space and increasing sophistication of cyber-attacks. Major changes include new security controls and control enhancements to address advanced persistent threats (APTs), insider threats, and system assurance; as well as additions to address technology trends such as mobile and cloud computing. Critical to certification for meeting FIPS, is the implementation of security controls from NIST 800-53, Appendix F. Focusing on the capabilities needed to meet these requirements, this paper provides background about Thales Trusted Cyber Technologies’s (TCT) Data Security Platform and the Transparent Encryption product that is delivered through that platform. It further details a mapping of the Thales TCT product line’s capabilities against these NIST security controls, first with an initial summary for each Family Area (in the form of a table), and then with expanded details of how these controls are delivered.
D'Nan from Thales TCT demonstrates how to integrate Thales TCT's Luna Credential System with UiPath to provide hardware-protected PKI credentials for the software robots in UiPath's enterprise RPA solution.
U.S. Federal agencies often require PKI certificate-based authentication to perform Windows Logon and to access public key enabled systems. This requires use of a multi-factor authentication token that performs a cryptographic operation using the certificate and keys residing within the token.
Traditional multi-factor authentication introduces roadblocks to technologies like Robotic Process Automation (RPA). The OMB Memo M-19-17 outlines a policy that requires management of digital identities of non-person entities such as software robots. This means that all software robots are required to have individual digital identities and credentials that are managed in the same fashion as traditional user identities. Although software robots cannot be issued a physical token, they can utilize multi-factor login capabilities through the use of a centralized, hardware security module-based authentication system.
View this webinar to learn how Thales TCT’s Luna Credential System integrates with UiPath’s RPA platform to provide hardware-protected PKI credentials for software robots. The session will discuss topics including:
Historically, organizations have taken a perimeter based approach to cyber security, with the belief that a strong perimeter protected the IT infrastructure behind it. But, as agencies modernize legacy systems and move apps, systems and workloads to the cloud – and more employees, contractors and citizens connect remotely and from multiple devices – something is happening across federal networks; the perimeter is dissolving. Data is the new perimeter. Therefore, identifying and protecting data wherever it is created, shared, or stored, through its entire lifecycle becomes the priority. This digital briefing unveiled the survey results in the 2020 Thales Data Threat Report – Federal and shared best practices in creating a cohesive data security strategy in a perimeterless world.
Traditional multi-factor authentication introduces roadblocks to technologies like Robotic Process Automation (RPA). The OMB Memo M-19-17 outlines a policy that requires management of digital identities of non-person entities such as software robots. This means that all software robots are required to have individual digital identities and credentials that are managed in the same fashion as traditional user identities. Although software robots cannot be issued a physical token, they can utilize multi-factor login capabilities through the use of a centralized, hardware security module-based authentication system. This video demonstrates how Thales TCT’s Luna Credential System integrates with UiPath’s RPA platform to provide hardware-protected PKI credentials for software robots.
CDM overview mapping Thales TCT solutions to specific CDM requirements.
HSM-Secured Identity Credentials
The Luna Credential System (LCS) introduces a new, patent pending, approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. Download our video to learn more about LCS.
The Luna Credential System (LCS) introduces a new, patent pending, approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. Download our infographic to learn more about LCS and how the solution solves identity management challenges.
Rob from Thales TCT demonstrates how to configure Apache web server to use Thales TCT's Luna Network HSM to protect the private key for the certificate used by the web server.
With cloud and digital initiatives underway throughout U.S. Federal agencies, new attacks occurring daily, and traditional threats, many agencies are struggling to protect critical citizen data, financial information and government secrets. This is especially true as more agencies move applications and sensitive data to the cloud. In this session we’ll address the state of data security in U.S. Federal agencies today, the changing landscape of risks to data, and agency IT security pros priorities for data security today.
Based on the results from the 2020 Thales Data Threat Report – Federal Edition (now in its eighth year), expect to learn about:
• How the adoption of digital transformation technologies, and especially cloud, are putting sensitive data at greater risk
• The data security challenges facing agencies today
• Critical analyst recommendations for how agencies can be most effective when investing in protecting their crown jewels – their sensitive data
According to the 2020 Thales Data Threat Report – Federal Government Edition, government is ahead of business with cloud adoption, but cybersecurity remains a challenge. Ahead of global organizations, U.S. federal government agencies have more than half (54%) of their data already stored in the cloud. The report also shows digital transformation (DX) is well underway with 68% of U.S. federal government agencies embedding digital capabilities in the enterprise and aggressively disrupting the services they provide, but this adds to security complexity and creates potential vulnerabilities.
Offering the broadest range of multi-factor authentication methods and form factors, Thales TCT facilitates and empowers enterprise-wide security initiatives for maintaining and improving secure access to enterprise resources.
Thales Trusted Cyber Technologies’ (TCT) Luna HSMs are the choice for
government agencies when storing, protecting and managing cryptographic
keys used to secure sensitive data and critical applications. Meeting government
mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Thales
TCT’s Luna HSMs are designed, developed, manufactured, sold, and supported
in the United States.
The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.
With an extensive data security portfolio and compliance mapping methodology, Thales TCT is a key partner in helping organizations achieve CMMC requirements and cybersecurity maturity levels. Our solutions provide a platform for the implementation of cybersecurity controls and institutionalization of cybersecurity practices and processes.
Thales TCT’s data security portfolio consists of data protection solutions that share a common, extensible implementation infrastructure for delivering data-at-rest encryption, enterprise key management, network encryption, authentication, access control, and security intelligence across an organization’s infrastructure.
Encrypting PHI wherever possible and reasonable can be one of the most effective approaches for fine tuning your HIPAA compliance efforts. The essence of HIPAA Security Rule compliance is finding and implementing the most reasonable process or control to minimize risks that have been identified and prevent breaches.
Federal agencies require a simple way to correlate all security-relevant data so they can manage their security posture. Instead of merely watching events after they occur, agencies should anticipate their occurrence and implement measures to limit vulnerabilities in real time. For that, agencies need an analytics-driven SIEM platform such as Splunk.
However, once data is correlated by SEIM tools, it becomes extremely valuable. By integrating an encryption and key management solution such as Vormetric Data Security Platform with Splunk, agencies can ensure that their operational intelligence is protected from surreptitious attacks.
View this on-demand recording with Thales TCT to learn how to protect Splunk indexes and provide enhanced visibility on the processes and users who are accessing protected data.
True data protection extends beyond the core. Agencies need to apply the same level of protection deployed at the core to the cloud and to remote or disconnected environments in the field.
Thales Trusted Cyber Technologies serves as a trusted, U.S. based source for cyber security solutions. We offer a broad selection of security solutions that secure, manage, distribute, and control access to your data and cryptographic keys.
Thales Trusted Cyber Technologies, offers a network security solution that provides high-assurance data protection; dedicated encryption devices from 100Mbps to 100Gbps, support for multiple network and protocol configurations, secure key management, and authenticated end-to-end encryption.
During this on-demand webinar, you will have the opportunity to learn about:
Jane from Thales TCT demonstrated how to integrate HPE ESL G3 Tape Library with Thales TCT's KeySecure for Government KMIP compliant key manager.
Jane from Thales TCT demonstrates how to integrate Red Hat Certificate Authority, part of the Red Hat Certificate System 9.4, with Thales TCT's Luna Network HSM.
Thales TCT's CTO, Brent Hansen, shares his insight into taking a data-centric approach to security to enhance an agency's overall security posture and address CDM compliance requirements in his presentation at FCW's CDM Summit. Brent breaks down his decision tree methodology to help agencies validate the points of weakness and the tools available to achieve not only compliance but to provide the highest-level security posture.
As technology has evolved, the array of devices, applications and infrastructure have exploded, each providing a specialized type of data, protection or service. Distributed systems handle transactions; security/monitoring infrastructure monitors for breaches and slowdowns; a myriad of applications make the best use of Web technologies. Each of these elements generate machine data that can be used to provide competitive advantages, gain insights into customer behavior and avoid security or compliance issues.
This paper examines the use of Splunk as the platform to collect and index machine data from virtually any source, regardless of its location. Then, we will consider how Vormetric can interact seamlessly with the Splunk system to ensure compliance with security policies and regulatory mandates.
Learn how to integrate HPE MSL3040 with KeySecure for Government.
Learn how to integrate Microsoft OCSP with Luna HSM for Government.
Learn how to integrateHPE Primera Storage Platform Library with KeySecure for Government.
Learn how to integrate HPE StoreEver MSL G3 Series Tape Library with KeySecure for Government.
As healthcare stakeholders and systems become better connected, the volume of healthcare data created, processed, analyzed and stored is greater than ever. The increased use of HD video – either for collaboration or patient monitoring – is also changing the nature and format of healthcare data.
This Insight is designed to help IT decision-makers understand what quantum computing represents for the future of cryptography and how data security practices will need to respond.
The cloud provides new capabilities to develop more flexible offerings that are on par with premises-based versions – but at a lower cost and faster time to market. This, in turn, presents new models for government agencies to consider, either to augment or replace their existing data security infrastructure.
Supply chain risk management (SCRM) has long been a key element of the manufacturing process, but as technology advances, the risk management challenges go well beyond the world of producing physical products such as hardware. ISO-based standards provide clear guidance on supply chain management, especially for conventional manufacturing, but U.S. Federal Government suppliers need to think more broadly in today’s digital economy.
Opportunities for improving efficiencies in the public sector are so great that the adoption of technologies like RPA is being mandated. Not only do IT decision-makers for U.S. Federal agencies need to get up to speed on RPA, but they must also ensure that current levels of data security applied to humans extends to robots as well.
At the heart of this for IT is ensuring that the data flowing to and from these “things” can be trusted. IT needs to create security awareness around IoT, especially for protecting data at the network edge. There will soon be too many IoT-enabled network access points for IT to manage, and a data security strategy is needed to protect the integrity of the edge devices, components, endpoints, etc.
Once data is encrypted, the only way to gain access is by decrypting or unlocking secret content using the key. Haphazardly protecting these keys negates the entire process of encryption and creates a false sense of security. This white paper outlines best practices for deploying an effective cryptographic key managment strategy.
The term Root of Trust (RoT) is commonly used in information security circles, but what does it mean? Why do we care? How does it apply to cryptographic controls? Modern computer systems are incredibly powerful and flexible. They can be molded to accomplish things that were unimaginable a mere decade ago. This same property makes them almost impossible to control and all too easy for malicious actors to find ways to disrupt them. To counter these threats, security experts have resorted to a wide range of cryptographic tools, and for these tools to function they need a trust worthy beginning.
The Luna SA for Government uses a comprehensive three-layer authentication and access control model to achieve extremely strong security between the host application processes and the Luna SA for Government’s HSM partitions.This three-layer authentication and access control model was designed to allow the Luna SA for Government to offer network connectivity to clients without sacrificing the security requirements of HSM operations.
For agency leaders and IT administrators responsible for data security—from the most basic statistics to highly sensitive documents—understanding the role of encryption and the management of encryption keys is vital to keeping confidential data just that—confidential. And, for organizations that entrust their data to cloud storage, it is essential that they understand the options available for safeguarding this protected data—even if it’s being managed in the cloud by a third-party vendor. This white paper discusses the importance of data encryption, the vulnerabilities of third-party encryption, the necessity of encryption key ownership, and how all of it affects the security of your organization’s data stored in the cloud.
Everyone wants their eyes on the data to reduce costs, improve efficiency, develop new products, optimize offerings, and to make smarter, data-driven decisions. To meet these demands, data will need be produced in more places, stored in more places, processed in more places, and ultimately, shared and distributed to more places. As an IT professional, this isn’t new news. You’re living it – and it’s quite the data protection dilemma. The thought of sharing your organization’s sensitive data outside of your brick and mortar location (and outside of your watchful eye) is a growing concern. So how do you find a way to balance critical business needs and requirements, while protecting your data from malicious threats?
This White Paper describes the comparative security and performance benefits of Ethernet WAN data security solutions. We compare the benefits of SafeNet Layer 2 high speed encryption hardware with integrated encryption using MACsec or TrustSec.
So, you need to encrypt your sensitive data? Your data is in high demand, and you know it needs data-centric protection. With so many encryption options available, how do you find the right solution to protect your organization's sensitive data?
As the old saying goes, “loose lips sink ships”. For today’s enterprises, it is network metadata doing the talking—and a lot of potentially dangerous entities are listening. This paper looks at the risks that metadata can pose to many organizations, and it reveals how transmission security can be used to create a safeguard against nefarious network traffic analysis.
There are several challenges impeding adoption across federal agencies of PIV for privileged user access. Primarily, the time and cost required to migrate to PIV-enabled technologies for privileged user accounts can be unmanageable in the intermediate term. Pursuing technologies that support PIV-enablement of privileged user accounts is an evolutionary process and requires significant investment as systems are updated, replaced, or migrated. In many cases, this isn’t practical for legacy systems. Download this White Paper to learn why authenticators are proven and practical alternative to PIV.
Acknowledging that cyber security is a monumental task, CDM has taken a structured approach by defining four phases that enable agencies to fold in different aspects of cyber security over time. The program begins with dashboards at both the federal and the agency/department level. The program then deploys sensors throughout the network infrastructure that address different strategic questions associated with network security.
The Cloud First initiative is now a reality—civilian and defense agencies are being asked to default to cloud-based solutions when possible. In order to facilitate the transition to the cloud, the Federal Government has implemented the government-wide Federal Risk and Authorization Management Program (FedRAMP) to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
For US law enforcement agencies, complying with the Criminal Justice Information Services Security Policy (CJIS-SP) is an imperative requirement. However, it’s also critical to ensure that the security mechanisms employed don’t in any way impede staff in fulfilling the agencies’ chief charter: fighting crime. This paper examines data-in-transit encryption, which is an important component of CJIS-SP requirements. It offers a number of insights into the approaches that can help organizations address data-in-transit encryption policies most efficiently and effectively—while ensuring that investigators and other users always get reliable, timely access to the information they need to do their jobs.
From medical records to insurance forms to prescription services, the healthcare industry has become a networked environment— allowing patient information to be shared and managed by a variety of parties and from a number of endpoints, each with their own level of security for protecting that information.