cpl.thalesgroup.

com

CipherTrust Data Security Platform

Discover, Protect and Control

IT teams ask for a data-centric solution that secures data as it moves • Data discovery and classification
from networks to applications and the cloud. When perimeter ° Risk analysis with data visualization
network controls and endpoint security measures fail, data-centric • Data discovery and classification can be combined with
solutions enable organizations to remain compliant with evolving transparent encryption to automatically encrypt sensitive data at
privacy regulations and the demand to support a tremendous the file level
number of remote employees.
• Ransomware protection
The CipherTrust Data Security Platform (CDSP) is a data-centric ° Actively watches for malicious behavior
solution that significantly reduces risk across your business and ° Behavior monitoring and data analytics enable:
decreases the number of resources required to maintain strong ° Protection against zero-day attacks
data security.
° Protection when system is disconnected from the internet
CDSP integrates centralized key management with data discovery ° Protection when installed after the existence of
and classification, data protection and granular access controls. By ransomware on the endpoint
centralizing and simplifying data security, CDSP accelerates time to • Secrets management
compliance and secures cloud migrations. ° Centralized management for all types of secrets
° Built for ease-of-use in DevOps integrations, automations,
Key Features and orchestrations
° Manage secrets for hybrid, multi-cloud (all clouds), multi-
• Centralized management console tenants, on-prem and legacy systems and with human or
• Monitoring and reporting machine access
• Data protection techniques Key Benefits
° Transparent encryption for files, databases and big data
° Application-layer data protection • Simplify Data Security. Discover, protect, and control sensitive
data anywhere with next-generation unified data protection.
° Format-preserving encryption
The CipherTrust Data Security Platform (CDSP) simplifies data
° Tokenization with dynamic data masking security administration with a centralized management console
° Static data masking that equips organizations with powerful tools to discover and
° Privileged user access controls classify sensitive data, combat external threats, guard against
• Centralized enterprise key management insider abuse, and establish persistent controls, even when data
° FIPS 140-2 compliant enterprise key management is stored in the cloud or in any external provider’s infrastructure
° Unparalleled partner ecosystem of KMIP integrations for on-prem and cloud-based data. Organizations can easily
° Multicloud key management uncover and close privacy gaps, detect and block ransomware,
manage secrets, prioritize protection, and make informed
° Database encryption key management (Oracle TDE, decisions about privacy and security mandates before starting
big data, MS SQL, SQL Server Always Encrypted, etc.)
or advancing a digital transformation to fundamentally change
how the organization operates and delivers value to customers.

• Accelerate Time to Compliance. Regulators and auditors

DISCOVER require organizations to have control of regulated and sensitive
data along with the reports to prove it. CDSP supports pervasive
data security and privacy requirements such as data discovery
ata Sec
plify D
Discovery & Data-at-rest
urit and classification, ransomware protection, secrets management,
Classification Sim y Encryption
encryption, access control, audit logs, tokenization and
key management. Data security controls can be added to
new deployments or in response to evolving compliance
FIP
e
ieve Complianc

PROTECT
S 14

requirements. The centralized and extensible nature of the

MONITOR

platform enables new controls to be added quickly through the

0-2 Certifie

CipherTrust addition of licenses and scripted deployment.

Manager
Ach

• Secure Cloud Migration. The CipherTrust Data Security

d

Platform offers advanced encryption, centralized secrets

management and centralized key management solutions that
Clo u
enable organizations to safely store sensitive data in the cloud.
d S e c u rit y The platform offers advanced multi-cloud Bring Your Own
Key
Management
Developer Encryption (BYOE) solutions to avoid cloud vendor lock-in and
APIs
ensure the data mobility to efficiently secure data across multiple
CO N T R O L cloud vendors with centralized cloud-agnostic encryption
key management. Organizations that cannot bring their own
encryption can still follow industry best practices by managing
keys externally using CipherTrust Cloud Key Management
Compliance (CCKM). CCKM supports Bring Your Own Key (BYOK) and
Hold Your Own Key (HYOK) use-cases and streamlines Native
CipherTrust Data Security Platform supports global security and
key management across multiple cloud infrastructures and
privacy regulations, including:
SaaS applications. CipherTrust Secrets Management powered
• GDPR by Akeyless Vault provides enterprise-grade secrets lifecycle
• PCI DSS management including automatic processes for creating, storing,
• HIPAA rotating, and removing all types of secrets.
• SOX/GLBA
• CCPA CipherTrust Data Security Platform
• FIPS140-2 CDSP consists of CipherTrust Manager (CM) and a set of
• FISMA, FedRAMP Connectors.
• NIST 800-53 rev.4
• South Africa POPI Act CM can be deployed on premises, in cloud or hybrid environments,
• ISO/IEC 27002:2013 or subscribed to as a service.
• Japan My Number Compliance
• South Korea’s PIPA CipherTrust Manager
• India’s Aadhaar Act As the central management point for CDSP, CM simplifies key
• Philippine’s Data Privacy Act lifecycle management tasks for all of your encryption keys. CM
• Monetary Act of Singapore manages secure key generation, backup/restore, clustering,
• Australia Privacy Amendment deactivation, deletion, and access to Connectors and partner
integrations that support a variety of use cases (e.g., data discovery,
data-at-rest encryption, enterprise key management, and cloud key
management).CM supports role-based access control to keys and
policies, robust auditing and reporting, and offers development- CipherTrust Application Data Protection
and management-friendly REST APIs. CM is available in both CipherTrust Application Data Protection (CADP) delivers crypto
physical and virtual form factors. Hardware and virtual appliances functions such as key management, signing, hashing and encryption
can leverage embedded Luna Network HSMs or select cloud services through APIs, so that developers can easily secure data at
HSMs to enable FIPS 140-2 Level 3 highest level root of trust. the application server or big data node. The solution comes with
CipherTrust Data Discovery and Classification supported sample code so that developers can move quickly to
secure data processed in their applications. CADP accelerates
CipherTrust Data Discovery and Classification locates regulated development of customized data security solutions, while removing
data, both structured and unstructured, across the cloud, big the complexity of key management from developer responsibility
data, and traditional data stores. A single pane of glass delivers and control. In addition, CADP enforces strong separation of
understanding of sensitive data and its risks, enabling better duties through key management policies that are managed only by
decisions about closing security gaps, compliance violations security operations.
and prioritizing remediation. The solution provides a streamlined
workflow all the way from policy configuration, discovery and CipherTrust Tokenization
classification, to risk analysis and reporting, helping to eliminate CipherTrust Tokenization is offered both vaulted and vaultless and
security blind spots and complexities. can help reduce the cost and complexity of complying with data
security mandates such as PCI-DSS. Tokenization replaces sensitive
CipherTrust Transparent Encryption data with a representative token, so that the sensitive data is kept
CipherTrust Transparent Encryption (CTE) delivers data-at-rest separate and secure from the database and unauthorized users
encryption, privileged user access controls and detailed data and systems. The vaultless offering includes policy-based dynamic
access audit logging. Agents protect data in files, volumes and data masking. Both offerings make it easy to add tokenization to
databases on Windows, AIX and Linux OS’s across physical and applications.
virtual servers in cloud and big data environments. The Live Data
Transformation extension is available for CTE, providing zero- CipherTrust Database Protection
downtime encryption and data rekeying. In addition, security CipherTrust Database Protection solutions integrate data encryption
intelligence logs and reports streamline compliance reporting and for sensitive fields in databases with secure, centralized key
speedup threat detection using leading security information and management and without the need to alter database applications.
event management (SIEM) systems. CipherTrust Database Protection solutions support Oracle, Microsoft
SQL Server, IBM DB2 and Teradata databases.
CipherTrust Ransomware Protection
CipherTrust Transparent Encryption Ransomware Protection CipherTrust Key Management
(CTE- RWP) monitors behaviors, watching for suspicious activities CipherTrust Key Management delivers a robust, standards-based
and blocks processes when ransomware indicators are detected. solution for managing encryption keys across the enterprise.
Using behavior monitoring and data analytics rather than malware It simplifies administrative challenges around encryption key
signature databases, CTE-RWP protects systems from zero-day management to ensure that keys are secure and always provisioned
attacks even when disconnected from a network. Exceptionally to authorized encryption services. CipherTrust Key Management
easy to deploy and manage. solutions support a variety of use cases including:

CipherTrust Secrets Management powered by Akeyless Vault • CipherTrust Cloud Key Management (CCKM) streamlines
"Bring Your Own Key" (BYOK), "Hold Your Own Key" (HYOK)
CipherTrust Secrets Management (CSM) is a state-of-the-art, and Native key management for Amazon Web Services (AWS),
enterprise-grade secrets management solution powered by the Google Cloud Platform (GCP), Microsoft Azure1, Oracle Cloud
Akeyless Vault Platform. CSM protects and automates access Infrastructure (OCI)1, Salesforce and SAP1. CCKM increases
to secrets across DevOps tools and cloud workloads including efficiency by reducing the operational burden – even when all
credentials, certificates, API keys and tokens. DevSecOps can quickly of the cloud keys are Native keys. Giving customers lifecycle
and easily integrate secrets management into multi-cloud applications control, centralized management within and among clouds, and
to secure and speed-up continuous integration and continuous visibility of cloud encryption keys, reduces key management
delivery processes. Exceptionally easy to deploy and manage. complexity and operational costs.
• CipherTrust TDE Key Management supports a broad range
CipherTrust Intelligent Protection of database solutions such as Oracle, Microsoft SQL, and
CipherTrust Intelligent Protection enables organizations to rapidly Microsoft Always Encrypted.
discover and classify data based on sensitivity, vulnerability, and
• CipherTrust KMIP Server centralizes management of KMIP
risk profiles and pro-actively protect at-risk data using encryption clients, such as full disk encryption (FDE), big data, IBM DB2,
and access controls. It integrates CipherTrust Data Discovery and
© Thales - June 2023 • GHv18

tape archives, VMware vSphere and vSAN encryption.

Classification with CipherTrust Transparent Encryption to improve
operational efficiencies, accelerate time to compliance, and pro-
actively close security gaps.

1 Check with us for dates for HYOK support for this cloud.

> cpl.thalesgroup.com <

Contact us – For all office locations and contact information, please visit cpl.thalesgroup.com/contact-us