CipherTrust

Data
Security
Date

Platform
 CipherTrust Data
Market Overview Use Cases
Security
Platform

Deployment Next
Options What’s New?
Steps
 Evolving Rapidly
Explosive Operational
compliance increasing
data growth complexity
requirements data breaches

2,500
100 % 39 % 22 B
The Global DataSphere
is expected to more than
+
Number of data privacy
and security laws and
Number of respondents who
cited complexity as the top
Number of records
exposed from 4,145
double in size from regulations worldwide barrier for data security publicly disclosed breaches
2022 to 2026 deployment in 2021

Sources: IDC Global DataSphere 2022; PwC Ready Assess database;

Thales Data Threat Report 2020; Risk Based Security Year End Report 2021
Storage Applications File Data Cloud Data Virtual
Systems & Web Servers Servers Lakes Storage Bases Machines

Costly & complex No repeatable Audit

administration process challenges

Inconsistent security Inhibited data

policy enforcement & business workfl ow
 Only of organizations know
of sensitive data

54%
where all of their
sensitive data is 43% in the cloud is
unencrypted
stored

Only of organizations control

of all data within

52% organizations remains

unclassifi ed
53%
the keys to their
encrypted data in the
cloud

Sources: 2020 Thales Data Threat Report; 2019 Thales Cloud Security Report; 2018
Gemalto Data Security Confidence Index; 2019 Veritas Value of Data Study
Successful security and risk
management leaders can
significantly improve business
utilization and
data value by building a migration
plan from siloed data security
offerings
2 0 2to
2 data security platforms.
Strategic Roadmap for Data
Security Platform Convergence
The Gartner Approach
DISCOVER PROTECT CONTROL
Discover data wherever it Protect sensitive data with Control access to the data and
resides and classify it encryption or tokenization centralize key management
and policies
 CipherTrust Manager
Key Management and Policies

CipherTrust Connectors
Ransomware
Discovery Protection, Database Application Multi Cloud Secrets
Tokenization Enterprise
and Classifi cation Encryption and Protection Data Protection Management
Access Control

KMIP

Discovery Encryption and Tokenization Key Secrets

Management Management
 C i p h e r Tr u s t
Manager

Enhanced Developer-
Centrally Role-based FIPS 140-2
auditing friendly Multi-tenant
manage keys access certifi ed
and reporting REST APIs
 Discovery & Classification

Multi Cloud Key Management Data Protection

C i p h e r Tr u s t
Platform

Enterprise Key
DevSecOps
Management
#1 barrier to a successful encryption CipherTrust Data Discovery and Classification
strategy is the ability to discover where
sensitive data resides in the
organization
Find any type of
sensitive data, #1
anywhere

#
14.61 Detailed

2
Reports
Risk analysis and reporting

Proactive protection #3

DISCOVER
 Where How

Protection CipherTrust Connectors

Layer Solutions for each
Dat a Prot ec t ion Tokeniz at ion
Network Gat eway for R EST (Vaultless & Vault ed)
layer of the technology
stack to match your
security requirements
Ap plic at ion Dat a Prot ect ion and infrastructure
Application (S DKs)

Ap plic at ion Key

Dat ab ase Bat c h Dat a
Database Prot ec t ion
M an agemen t
Transformation
(for n at ive T DE)

Tran sp aren t Tran sp aren t En crypt ion solut ions for:

En crypt ion wit h
- Amaz on S3 - S AP HANA
File System Live Dat a
- Ku bern et es - Terad ata
Tran sformat ion

PROTECT
 Secure sensitive data wherever it resides to meet compliance
requirements with minimal disruption, eff ort and cost

Advanced data protection solution integrations

Transparent Live Data

Encryption Transformation

Encrypt data and defi ne Zero-downtime

privileged user access deployment and
controls without seamless key rotation
changes to
infrastructure, …and more
applications or workfl ow

PROTECT
CipherTrust Transparent Encryption – Ransomware Protection

Alerts or blocks malicious activity upon detection of

1 on all file system input and output at guard points

Detect ransomware identifying activities

2 (excessive data access, exfiltration, unauthorized
Strengthen your encryption, or impersonation with malicious actions)

multifaceted data 3 Monitors active processes rather than relying on a

database of known ransomware file signatures
defenses against
ransomware attacks 4 Defends against ransomware even when the
ransomware is installed prior to CTE-RWP

Shares the CipherTrust Data Security Platform console,

5 simplifying your management of unified data security
 Protect sensitive information in databases across distributed
systems

Database Application Key Batch Data

Protection Management Transformation

Transparently External key Protect vast

encrypt sensitive management for quantities of
column-level data in Oracle TDE and data quickly
databases Microsoft SQL Server
EKM

PROTECT
 Protect sensitive information in cloud native and legacy
applications

Data Protection
Application Data RESTful
Gateway for
Protection Tokenization Service
REST

Add data protection to Add data protection to Tokenize data using

applications using best applications without vaultless and vaulted
in class encryption modifying code solutions
libraries
Application layer Network layer Network layer

PROTECT
Deploy data protection controls into applications while protecting
velocity
CipherTrust Connectors

Transparent
Data Protection
Encryption for
Kubernetes Gateway for REST

Orchestration Monitoring

• Helm • SIEM Compatible

• Ansible Logging
• Terraform • Readiness Probes
• Power Shell
 Learn, Discover, & Try – Free!

CipherTrust Platform
Community Edition

Community • Free-forever version of

CipherTrust Manager Tutorials
Forum
• Includes licenses for two full
• Q&A enterprise-edition • videos
• blogs CipherTrust Connectors • code samples
• documentation • documentation
• Deploy data protection controls
• videos
into multi-cloud applications in
minutes instead of weeks
 Securing Secrets at Scale

CipherTrust Secrets
Management *

Automate access • Centralized management for all Automate processes

to secret types
for
• Easy to use for DevSecOps
• Secrets • Creating
• Credentials • SaaS (Software as a Service) • Storing
• Certifi cates scalability for hybrid and multi- • Rotating
• API keys cloud environments • Removing
• Tokens

* Po wered b y Akeyl ess Va u l t

 Extensive partner integrations with leading enterprise
storage, server, database, cloud and SaaS vendors

Data storage vendors, big data Database (TDE) Key Management

TDE Key
KMIP Clients Management Client

Home-grown apps, web servers Cloud Key Management

PKCS#11, Java, Cloud native,

.Net, C# and C BYOK, HYOK

CONTROL
CipherTrust Manager works with a range of data storage, cloud/SaaS, and
virtual environments using key management interoperability protocol
(KMIP)
Tape En terprise En t erprise Dat ab ase M ainframe Virt ual Cloud Bac kup &
Libraries St orage Servers Servers AS /400 En vironment s SaaS Recovery

KMIP Server

CipherTrust Manager
Key Management and Access Control Policies

CONTROL
 Mitigate data security and privacy risks with separation of
duty between your data and your cloud provider

Centralize multi cloud key management for BYOK,

HYOK and cloud native encryption keys across any
combination of clouds and on-premises with single UI

Public Clouds
Increase effi ciency with a single pane of glass view
across regions, and automated key lifecycle
management with a common set of APIs

CipherTrust Cloud
Demonstrate compliance with data sovereignty laws
Key Manager
and privacy regulations
On-Premises Private Clouds

CONTROL
 NEW IN
2023!

On-premises Hybrid As a Service

Physical or virtual appliances

Hosted offering allowing customers to
Single management interface across clustered
Control over your own infrastructure consume CipherTrust services via monthly
physical and virtual appliances
Meet audit and compliance requirements subscription

Common user experience

Meet any operational expense model

Common
B e n e fi t s High availability through clustering
 P h y s i c a l C i p h e r Tr u s t V i r t u a l C i p h e r Tr u s t
FIPS Level 1
-or-
Luna or Cloud HSM RoT

V i r t u a l C i p h e r Tr u s t Clustered
FIPS Level 1
-or-
Luna or Cloud HSM RoT P h y s i c a l C i p h e r Tr u s t
FIPS Level 3
Luna PCI-HSM onboard

P h y s i c a l C i p h e r Tr u s t
Cloud On-Premises On-Premises

Virtual Physical Hybrid

 NEW IN 2023!

V i r t u a l C i p h e r Tr u s t

Physical
C i p h e r Tr u s t
FIPS Level 1
or
Cloud
Luna, or Cloud HSM RoT C i p h e r Tr u s t D a t a
Security Platform
V i r t u a l C i p h e r Tr u s t Clustered as a Service
FIPS Level 1
or
Luna, or Cloud HSM RoT Physical Flexible subscription service
C i p h e r Tr u s t designed to meet SMB and
FIPS Level 3 Enterprise needs
Luna PCI-HSM onboard
Physical
C i p h e r Tr u s t

Cloud On-Premises On-Premises On-Premises Cloud

Virtual Physical Hybrid As a Service

 Thales CipherTrust Data
Public cloud infrastructure Hosted by Thales in secure data centers,
Security Platform as a service
observing chain of custody audit requirements

Customer applications can be hosted

on-premises or in a public/private cloud

Customer Cloud Application

Access to the CipherTrust Platform via a

Customer Application Customer Management flexible subscription service – designed to
meet SMB and Enterprise needs

BYOK With KMIP Transparent Tokenization

CCKM Encryption

Use cases CipherTrust Management Console

Full remote control and management of
keys and Connectors by customer
Host traffic Management traffic
 Subscription
Benefits Next steps
logistics
 Offload key management appliance administration to Thales security experts

Future proof OpEx model

Scalable

Access the latest CipherTrust Flexible subscription model

Scales on demand so you
solutions on-demand, Thales eliminates the need to fund
avoid outreach to Thales to
updates the service without upfront investments in data
plan for changes in capacity
disruption to your operations security infrastructure
 Audit Management Service
Control compliance interface availability

Full customer control Centralized platform for Key management service is

Backed by FIPS 140-2 Level 3
and management of multiple environments backed by HSM services
certified HSM
the encryption use case operated from secure data
Same capabilities centers with 24x7 support
Detailed logging to assist in
Full segregation from as with on-premises from Thales
meeting internal or industry
other service users and CipherTrust Manager (APIs
driven standards
Thales DevOps or management console) Targeting SLA of 99.95%*

*Under development
 Differences vs.
Subscription options On-boarding process
on-premises installations
 1 Select CipherTrust tile
3

Sign up for Data Get started

Protection Marketplace
(DPoD) 2
 Offl oad key management
Subscription rather appliance administration
than ownership model (clustering, backups, key

rotation)

Meets ISO 27001 and

Scalable to meet
SOC2 certifi cation
changing performance
requirements, auto-
and capacity requirements
confi gured HSM root of trust
CipherTrust Data Security Platform As-a-Service Summary

Save time and operational resources

Your trusted partner
Launch new solutions quickly and scale
to meet business demands

Avoid upfront investments

Flexible subscription service designed to meet

SMB and Enterprise needs

Support your cloud strategy

Simplify operations, lower fi xed costs and
reduce risk
Security where you need it, delivered on your terms

XXXXX

Protect
YYYYY

anything
Big data Intellectual Financial Enterprise Identities Payments & digital
Property data data of things transactions

Protect
anywhere
Applications Data Containers Networks Virtual Clouds
centers

Delivered
any way
On-premises Hybrid cloud & As a service
hardware or software on-premises
CipherTrust Data Security Platform as a Service: Next Steps LINKS TO COME

Set up a meeting to
Learn more about Activate a discuss how this can
the service trial subscription support your cloud
strategy
Benefits for partners

New revenue
Cloud agnostic Multi-tenant Flexible
source

Support your customers’ Monthly billing Expand to new customers

multi-cloud / hybrid with data sovereignty and
Designed for the partner No upfront investment
environments compliance requirements
go-to-market model
Turn on new services
Compatibility with the major Combine the CipherTrust
Single management portal to without a PO
public Cloud Service Platform with your other
address multiple customers
Providers (CSPs), including Scale capacity as off erings to create more
AWS, Azure & GCP needs change value for your customers
 Setup
servic e
Diagnostic
in data
checks
ce nter s
em ent
Re mote manag
Cipher Tr ust t
via Managem en
Connec tor API
Console or REST
24x7 confi guration
Ne twor k
suppor t
confi guration
t
Ensure suffi cien
m ee t
Audit tr ail subscriptions to
em ents
Update to m ee t
ongoing management use case requir
Billing and rtifi cation
func tionality, ce
automated ments
and audit re quire
overage

Customer
responsibilities responsibilities