Partner Playbook: Data Protection Portfolio

cpl.thalesgroup.
com
Partner Playbook
Data Protection Portfolio
Full Edition
Partner Playbook Data Protection 1

Thales Cloud Protection
and Licensing Story
Today’s enterprises depend on the cloud, data and software to keep pace with the
cost of doing business in a world that is rapidly undergoing a digital transformation.
However, they are concerned about business critical and sensitive data being stolen
by adversaries such as competitors or cyber criminals. In spite of all their investments in
perimeter and endpoint security, data breaches continue to occur on a weekly basis.
When all else fails, data security has become the last line of defense.
That’s why the most respected brands and largest organizations in the world rely on
Thales to help them protect and secure access to their most sensitive data wherever it
resides - at rest in on-premises data centers and in public/private clouds, and data-in-
motion across wide-area networks. Our solutions enable organizations to migrate to the
cloud securely, achieve compliance with confidence, and create more value from their
software in devices and services used by millions of consumers every day.
We are the worldwide leader in data protection, providing everything an organization

needs to discover, protect and control its data, identities and intellectual property
with comprehensive data discovery and classification, data encryption, tokenization,
access controls, advanced key and crypto management, authentication and access
management. Whether it’s securing the cloud, digital payments, blockchain or the
Internet of Things, security professionals around the globe rely on Thales to confidently
accelerate their organization’s digital transformation.

Contents
4 The people we all rely on to make the world go round – they rely on Thales
6 Providing a safer, more secure world powered by the cloud, data and software
7 Thales Data Protection Portfolio
10 Buyers personas
11 How to Win
11 Ask these questions!
12 CipherTrust Data Security Platform
13 CipherTrust Manager
14 CipherTrust Data Discovery and Classification
15 CipherTrust Transparent Encryption
16 CipherTrust Application Data Protection
17 CipherTrust Tokenization
18 CipherTrust Database Protection
19 CipherTrust Enterprise Key Management
20 CipherTrust TDE Key Management and CipherTrust KMIP Server
21 Protecting Data in Motion
23 Hardware Security Modules
24 Luna General Purpose HSM
24 Luna Network HSM
25 Luna PCIe HSM
26 Luna USB HSM
26 Crypto Command Center
27 ProtectServer PCIe HSM
27 Payment HSMs
28 payShield 10K
29 payShield Manager
29 payShield Monitor
30 payShield Trusted Management Device
31 Data Protection On Demand (DPoD)
32 Luna Cloud HSM Services
32 CipherTrust Cloud Key Management Services
32 SureDrop
33 Questions and Special Requests
33 About Thales

The people we all rely on to make the
world go round – they rely on Thales
10 largest banks
in the world 5 largest software
companies
in the world
10 largest
retailers in
the world
10 5
largest
healthcare largest cloud service
companies providers
in the world in the world
10 of the largest
manufacturers
in the world
PROTECTIO
ATA N
D
Today’s enterprises depend on the

S O F T WA R E
AGEMENT
cloud, data and software in order to Cloud Protection

be confident in decisive moments. and Licensing
AN
LI
EN
M
S
C
SIN ES
G ACC

What will be your decisive moment to protect your data and software?
Digital transformation is reshaping industries as more and more At Thales, we are at the heart of making this new digital world
organizations look to build their businesses. The success of these possible. As the worldwide leader in digital security, we protect
transformations will ultimately depend on whether these digital more data, identities, software and transactions than any other
services, identities and transactions can be secured and trusted. company and enable tens of thousands of businesses and
organizations to deliver trusted digital services to billions of
individuals around the world.
Cloud Security Secure Your Digital

Confidence in data security is essential, whether it’s accessing
Transformation
cloud services or storing data across multiple cloud Digital transformation is increasing the growth of connected
environments, or managing security as a service. As businesses devices, and with that comes the challenge of security, privacy,
evolve to encompass hybrid, multi-cloud environments, they safety and reliability of the underlying systems and information.
need a comprehensive security solution that meets their needs Additionally, security has become more complex with IoT, and
regardless of where their data resides or who manages it for containerized applications are more difficult to secure due to the
them. You can rely on Thales to deliver simple, data protection, way microservices and applications are developed, deployed
and secure access solutions as a service in the cloud, on- and run. Thales can protect the digital keys and unique credentials
premises or across hybrid environments. How are you securing on with modern digital security is built. Have you considered a
your data across the hybrid multi-cloud? defense-in-depth security approach and how purpose-built
security solutions can help?
Data Discovery & Classification
The crucial first step in compliance is to understand what
Access Management &
constitutes sensitive data, where and how it is stored, and Authentication
who can access it. Data Discovery and Classification enables
organizations to get complete visibility of sensitive data across Moving applications to the cloud brings not only increased risks
cloud, big data, and traditional environments. Does your of data breaches but also the challenges of simplifying access
organization know how to prevent sensitive data exposure? for users and enabling compliance. Regardless of the size of
your business, you can rely on Thales to deliver secure, trusted
access to all cloud services. Do you have secure access to all
Data Encryption of your cloud services?
Securing sensitive data is a priority for every organization.

Whether your data is at rest, in motion, or in use, you can rely Compliance & Data Privacy
on Thales to enable the most effective encryption strategies for
your enterprise environments. Does your enterprise have an Data security regulations present an increasingly complex
encryption strategy? challenge for global organizations. Wherever you operate and
whatever the regulation, you can rely on Thales to help you
achieve and maintain compliance, improving your security and
Key Management managing your risk. Is your business ready for today's data
compliance challenge?
Manage encryption keys securely, with separation of duties,
and over the entire lifecycle of the keys whether you choose to
manage them in your own environments, or bring or hold them Software Licensing &
in them in the cloud (BYOK/HYOK). How do you ensure that Protection
your keys are always secure?
Software is crucial for business performance and new revenue
opportunities. As your company shifts from hardware to a
software-based business, you can rely on Thales to generate
new revenue streams, improve operational efficiency and
gain valuable insights from your software. Can you deliver
software the way your customers want to consume it?

Providing a safer, more secure world
powered by the cloud, data and software
Data protection against Enabling a world
increasing threats powered by software
According to the Thales Data Threat Report, 60 percent of Just as important as the cloud, software is increasingly crucial
organizations have been breached sometime in their history. for business performance and new revenue opportunities. This
This is increasingly serious when nearly all organizations will is especially true for businesses that are shifting away from
use sensitive data in digitally transformative technologies. hardware as their main revenue driver in favor of software.
However, less than 30% of companies have deployed Our software licensing and monetization solutions help
encryption to protect data in digital transformation manufacturers, device makers and software companies license,
environments. Thales helps businesses and organizations deliver and protect their software in order to generate new
defend their data in a digital world where there is no defined revenue streams, improve operational efficiency, increase
perimeter with advanced encryption, key management and customer satisfaction and gain valuable business insights.
tokenization solutions.
Security that integrates with

Trusted access
your technology ecosystem
in a zero trust world
With one of the industry’s largest data protection technology
Traditional security models operate on the assumption ecosystems, Thales solutions integrate with the most widely
that everything inside corporate networks can be trusted. used technologies to protect and secure access to your
However, given the increasing adoption of cloud services and mission-critical applications and data. Through the Thales
sophistication of cyber attacks, new security approaches are partner program, we have established partnerships with more
needed to ensure the individuals accessing cloud services and than 500 global technology organizations who are committed
corporate resources can be trusted, verified and deliver on to architecting solutions to meet secure cloud and digital
compliance mandates. Our access management solutions help transformation initiatives. Thales partners with leading resellers,
organizations provide secure, trusted access to cloud services system integrators, distributors, managed service providers
and applications with user friendly single sign-on and robust and technology companies to meet the data protection and
multi-factor authentication. compliance needs of the most security-conscious organizations
around the world.
Security for a
cloud-first world
The cloud gives organizations the agility and efficiency to
instantly introduce new services, expand operations, and enter
new markets. But the lack of physical control of infrastructure
brings a whole host of data security issues, including privileged
user abuse, data leakage, regulatory requirements, and
many more. Our solutions help organizations secure their
cloud transformation, reduce breach exposure and achieve
compliance with encryption, HSM and key management
solutions that keep you in control of your data across multiple
clouds while also providing simple, secure access to cloud
services with integrated access management, authentication
and single sign-on, and data protection services on demand
with click of a button simplicity.

Thales Data Protection Portfolio
As security breaches continue with alarming regularity and Thales is the market leader in hardware security modules
compliance mandates get more stringent, companies need (HSMs) that protect the crypto infrastructure of the most
to discover and protect sensitive data across on-premises, security conscious organizations in the world and act as
hybrid and multi-cloud environments. trust anchors by securely managing, processing, and storing
crypto keys inside a hardened, tamper-resistant device
The industry-leading portfolio of data protection products available on-premises, in the cloud as a service or as a
from Thales, enable organizations to discover and secure hybrid solution.
data at rest and data in motion across the entire IT ecosystem
and ensure the encryption keys to that data are always The most trusted brands rely on Thales to help them protect
protected and only under your control. It simplifies data and secure access to their most sensitive information.
security, improves operational efficiencies and accelerates Whether you're protecting customer PII data, want to
time to compliance. Regardless of where your data resides, or leverage hybrid clouds without sacrificing control of your
whether you choose to manage your data and the keys to that data, or looking to optimize meeting data security and
data on-premises, in the cloud or across hybrid environments. privacy regulations, the Thales Data Protection portfolio has
Thales ensures that your data is secure, with a broad range of the solutions and services that your organization can trust.
proven, market-leading products and solutions for deployment
in data centers, or those managed by cloud service providers
(CSPs), or managed service providers (MSPs), or as a Thales-
managed cloud-based service.
IOT
PKI Security
Data Payment
Security Security
Cloud USE CASES

Multi-cloud Key
Security Management
Key Data Discovery

Management PRODUCTS
AND SOLUTIONS and Classification
Tokenization Network
Encryption
Data Hardware
Encryption Security
modules
(HSM)

With Thales Data Protection products Protecting Data at Rest
you can: CipherTrust Data Security Platform
• Secure Data at Rest with the CipherTrust Data Security Platform.
Discover, protect and control your organization’s sensitive data CipherTrust Data Security Platform unifies data discovery,
anywhere with next-generation unified data protection. classification, data protection, and unprecedented granular
• Protect Data in Motion with dedicated physical and virtual access controls with centralized key management – all on
high speed network encryptors. Protect sensitive data, real-time a single platform. This results in less resources dedicated to
video and voice, as it moves from data center to data center or data security operations, ubiquitous compliance controls,
site-to-site, or to back up and disaster recovery sites, and in the
cloud with High Speed Encryptors.
and significantly reduced risk across your business. The
platform includes:
• Manage Encryption Keys securely, with separation of
duties, and over the entire lifecycle of the keys either with the
CipherTrust Data Security Platform or as a service with the
CipherTrust Manager
CipherTrust Key Broker services available on Data Protection on
CipherTrust Manager is the central management point for
Demand (DPoD).
the platform. It offers an industry-leading enterprise key
• Control Cryptographic Functions using Luna Network
Hardware Security Modules (HSMs) and Luna Cloud HSMs to management solution enabling organizations to centrally
securely manage, process and store crypto keys and functions manage encryption keys, provide granular access controls
inside a hardened, tamper-resistant, FIPS 140-2 validated and configure security policies. It manages key lifecycle tasks
appliance available as hardware for your premises or in the including generation, rotation, destruction, import and export,
cloud as a service on DPoD, or together as a hybrid solution. provides role-based access control to keys and policies,
• Optimize Transaction Security for retail payment supports robust auditing and reporting, and offers developer
processing environments, payment applications and PIN
friendly REST APIs. It enables centralized management
processing using payShield payment HSMs.
of data security policies and key management for all
• Share Files Securely between internal and external users by
allowing them to store, share and synchronize files in the cloud CipherTrust Data Security Platform products. CipherTrust
and on-premises with SureDrop, an enterprise-class solution Manager is available in both virtual and physical form-
using defense-grade security. factors that can use FIPS 140-2 validated Thales Luna or
third-party hardware security modules (HSMs) for securely
Key Benefits storing master keys with an elevated root of trust.
• Strengthen Security and Compliance CipherTrust Data Discovery and Classification

Thales Data Protection products and solutions address the
demands of a range of security and privacy mandates, CipherTrust Data Discovery and Classification locates
including the electronic IDentification, Authentication and trust regulated sensitive data, both structured and unstructured,
Services (eIDAS) regulation, Payment Card Industry Data across the cloud, big data, and traditional data stores A
Security Standard (PCI DSS), the General Data Protection single pane of glass delivers understanding of sensitive data
Regulation (GDPR), the Health Insurance Portability and
and its risks, enabling better decisions about closing security
Accountability Act (HIPAA), the Federal Information Security
Management Act (FISMA) and regional data protection and gaps, prioritizing remediation and securing your cloud
privacy laws. transformation. The solution provides a streamlined workflow
• Optimize Staff and Resource Efficiency from policy configuration, discovery, and classification, to
Thales delivers the broadest support of data security use cases risk analysis and reporting, helping to eliminate security blind
in the industry with products designed to work together, a single spots and complexities.
line to global support, a proven track record protecting from
evolving threats, and the largest ecosystem of data security CipherTrust Transparent Encryption
partnerships in the industry. At Thales we are hyper focused on
ease of use, APIs for automation and responsive management CipherTrust Transparent Encryption delivers data at rest
to assure your teams can quickly deploy, secure and monitor encryption, privileged user access controls and detailed
the protection of your business. In addition, our Professional data access audit logging. Transparent Encryption protects
Services and partners are available for design, implementation
data in files, volumes and databases on Windows, AIX
and training assistance to assure fast and reliable
implementations with the least amount of your staff’s time. and Linux operating systems across physical and virtual
• Reduce Total Cost of Ownership servers, in cloud and big data environments. The Live
The Thales Data Protection portfolio delivers a comprehensive Data Transformation extension is available for CipherTrust
set of data security products and solutions that easily scale, Transparent Encryption, providing zero-downtime encryption
expand into new use cases, and have a proven track record and data rekeying. In addition, CipherTrust Security
of securing new and traditional technologies. With Thales, you Intelligence Logs and reports streamline compliance
can future proof your investments while reducing operational
costs and capital expenditures.
reporting and speed up threat detection using leading
security information and event management (SIEM) systems.
CipherTrust Application Data Protection delivers
crypto functions for key management, signing, hashing and
encryption services through APIs, so that developers can
easily secure data at the application server or big data node.
The solution comes with supported sample code so that
developers can move quickly to securing data processed
in their applications. CipherTrust Application Data Protection
accelerates development of customized data security
solutions, while removing the complexity of key management
from the developers’ responsibility and control. In addition, it
enforces strong separation of duties through key management
policies that are managed only by security operations.
CipherTrust Tokenization
CipherTrust Tokenization is offered both vaulted and vaultless,
and can help reduce the cost and complexity of complying
with data security mandates such as PCI DSS. The vaultless
offering includes policy-based dynamic data masking,
whereas the vaulted offering has additional environment
specific APIs. Both offerings make it easy to add tokenization
to applications via REST APIs.
CipherTrust Database Protection

CipherTrust Database Protection solutions integrate data
encryption for sensitive fields in databases with secure,
centralized key management and without the need to alter
database applications. CipherTrust Database Protection
solutions support Oracle, Microsoft SQL Server, and IBM
DB2 and Teradata databases.
CipherTrust Enterprise Key Management

CipherTrust Key Management delivers a robust, standards-
based solutions for managing encryption keys across the
enterprise. It simplifies administrative challenges around
encryption key management to ensure that keys are secure
and always provisioned to authorized encryption services.
CipherTrust Enterprise Key Management solutions support a
variety of use cases including:
• CipherTrust Cloud Key Manager streamlines bring your
own key (BYOK) management for Amazon Web Services,
Microsoft Azure, Salesforce, Google Cloud and IBM Cloud.
The solution provides comprehensive cloud key lifecycle
management and automation to enhance security team
efficiency and simplify cloud key management.
• CipherTrust TDE Key Management supports a broad range
of database solutions such as Oracle, Microsoft SQL, and
Microsoft Always Encrypted.
• CipherTrust KMIP Server centralizes management of KMIP
clients, such as full disk encryption (FDE), big data, IBM DB2,
tape archives, VMware vSphere and vSAN encryption, etc.
9
Buyers personas
Overall Approver Decision Maker Implementer Recommender

Business Buyer Technical Buyer End User Key Influencer
Managing data security Evaluating and testing
Grow revenue, shareholder IT/security strategy, operations, evaluates data protection and key
Responsible for value, budget control, final technology roadmap, fund data protection solutions management solutions. Key
approval allocation, vendor selection – important stakeholder in influencer in the decision
making buying decision. making process.
Reduce operational Ease of deployment/
Company’s reputation,
Improve security, protect complexity, simply security migration, integration
comply with industry
Drivers data, simplify operations, management and cloud and testing with existing
regulations, protect
reduce IT Cost migration, streamline applications and legacy
company/customer data
compliance data stores.
Lack of centralized
Business risks, data Management complexity, management, monitoring,
Sensitive data exposure,
breaches, penalties lack of centralized visibility reporting, visibility of
Risks / Concerns operational complexity,
associated with and control, limited security sensitive data. Complexity
compliance audit delays
compliance skills of integration with current
data stores.
• Centralized visibility
• Need strong ROI and • Avoid product silos, and management • Support of IT ecosystem
TCO technology gaps across on-premises and at customer site
• Buy from vendors with • Select right vendors cloud • Developer friendly APIs
Considerations wide inside support who reduce complexity, • Breadth of data for test & dev
• Relies heavily on simplify operations protection across data • Breadth of data
decision makers and • Streamline data privacy stores protection across data
influencers compliance • Simplify multi-cloud stores
data protection
• Provides centralized
• Centralized visibility:
key management and
• Reduces business risks • Provides comprehensive provides discovery,
data protection across
with comprehensive data protection to classification protection,
all data stores
data protection reduce complexity monitoring and alerting
• Unified management capabilities.
• Better ROI and • Centralized console to discover
How our
operational efficiency management across • Simplifies data
sensitive data and
with centralized on-premises and multi- protection and key
solution helps protect it using a single
management cloud providers management across
pane of glass
• Coverage across • Simplifies compliance multiple data stores
• Simplifies data
multiple global and with better auditing, • REST APIs for easy
protection and key
regional compliance monitoring and application integration
management across
mandates reporting and automating test
multiple cloud service
and dev
providers

How to Win
Business drivers and specific goals
Ask these
• What are they trying to achieve – business and security objectives, cloud strategy,
scalability requirements and budget?
• Do they have to meet any data privacy and industry specific compliance regulations?
• What does their current data storage ecosystem consist of, where is their data located
across on-prem. and cloud?
• How are they currently discovering and protecting sensitive data across their enterprise?
questions!
Why they should trust Thales
• Market-leading key management, data protection and HSM solutions across
financial, healthcare, and gov. sectors
• New data discovery solution integrated with data protection offers simplified security
and accelerated compliance
• Largest partner ecosystem of storage, server and cloud service provider integrations
• 19 billion Euros revenue, 1+ billion Euros R&D, global presence in 68 countries
Solutions that meet their needs

• Demonstrate appropriate solutions and how they meet customer’s needs
• Best practices for holistic data protection and compliance
• Value proposition of the solution - benefits, customers, compliance, TCO, etc.
• Strong differentiators as compared to the key competitors

CipherTrust Data Security Platform
As data breaches continue at alarming rates, securing sensitive data is critical to all organizations. In addition, organizations
struggle to stay compliant with evolving global and regional privacy regulations, and securing the cloud in the face of
accelerated adoption brought on by the new demand to support tremendous number of remote employees. IT security
organizations seek a data-centric solution that secures the data as it moves from networks to applications and the cloud.
When perimeter network controls and endpoint security measures fail, protecting data at rest is the last line of defense.
The CipherTrust Data Security Platform integrates data discovery, classification, data protection and unprecedented granular
access controls, all with centralized key management. This solution removes data security complexity, accelerates time to
compliance, and secures cloud migration, which results in less resources dedicated to data security operations, ubiquitous
compliance controls, and significantly reduced risk across your business.
Value proposition Click here to access CipherTrust Data Security

• Simplify Data Security. Discover, protect, and control Platform product brief
sensitive data anywhere with next-generation unified data
protection. The CipherTrust Data Security Platform simplifies data
Click here to access CipherTrust Data Security
security administration with ‘single pane of glass’ centralized
Platform data sheet
management console that equips organizations with powerful
tools to discover and classify sensitive data, combat external
threats, guard against insider abuse, and establish persistent Click here to access CipherTrust Data Security
controls, even when data is stored in the cloud or in any external Platform customer facing presentation
provider’s infrastructure. Organizations can easily uncover and
close privacy gaps, prioritize protection, and make informed Click here to access CipherTrust Data Security
decisions about privacy and security mandates before a digital
Platform white paper
transformation implementation.
• Accelerate Time to Compliance. Regulators and auditors
require organizations to have control of regulated and sensitive Click here to access Cloud Security Summit on-
data along with the reports to prove it. CipherTrust Data demand webinar
Security Platform capabilities, such as data discovery and
classification, encryption, access control, audit logs, tokenization,
and key management support ubiquitous data security and Click here to access 451 Research report
privacy requirements. These controls can be quickly added
to new deployments or in response to evolving compliance
requirements. The centralized and extensible nature of the
platform enables new controls to be added quickly through the
addition of licenses and scripted deployment of the needed
connectors in response to new data protection requirements. DISCOVER
• Secure Cloud Migration. The CipherTrust Data Security
Platform offers advanced encryption and centralized key
ata Sec
plify D
Discovery & Data-at-rest
management solutions that enable organizations to safely urit
Classification Sim y Encryption
store sensitive data in the cloud. The platform offers advanced
multi-cloud Bring Your Own Encryption (BYOE) solutions to
avoid cloud vendor encryption lock-in and ensure the data
FIP
e
ieve Complianc
PROTECT
S 14
mobility to efficiently secure data across multiple cloud vendors

MONITOR
with centralized, independent encryption key management.

0-2 Validat
Organizations that cannot bring their own encryption can still CipherTrust
follow industry best practices by managing keys externally Manager
Ach
using the CipherTrust Cloud Key Manager. The CipherTrust

ed
Cloud Key Manager supports Bring Your Own Key (BYOK)

use-cases across multiple cloud infrastructures and SaaS
applications. With the CipherTrust Data Security Platform, the Clo u
d S e c u rit y
strongest safeguards protect an enterprise’s sensitive data Key
Developer
and applications in the cloud, helping the organization meet Management
APIs
compliance requirements and gain greater control over data,
wherever it is created, used, or stored. CO N T R O L

CipherTrust Manager
CipherTrust Manager (formerly known as Next Generation KeySecure) offers the industry leading enterprise key
management solution enabling organizations to centrally manage encryption keys, provide granular access control and
configure security policies. It manages key lifecycle tasks including generation, rotation, destruction, import and export,
provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly
REST API.
CipherTrust Manager is available in both virtual and physical form-factors that can use FIPS 140-2 validated Thales Luna
or third-party hardware security modules (HSMs) for securely storing master keys with an elevated root of trust. These
appliances can be deployed on-premises as well as in private or public cloud infrastructures. This allows customers to
address compliance requirements, regulatory mandates and industry best practices for data security.
Value proposition Smart questions

• Centralized Key Lifecycle Management. Simplifies • How are you encrypting sensitive data and managing access
management of encryption keys across their entire lifecycle, control across all your data repositories on file-servers, databases,
including secure key generation, backup/restore, clustering, applications, virtual machines and across cloud providers?
deactivation and deletion. It unifies key management operations • Do you have a centralized key management solution for
with role-based access controls using existing Active Directory managing encryption keys and access control across all these
and LDAP credentials, and provides full audit log review. data repositories?
• Unified Management Console. Provides a single pane • Does your key management solution come with a built-in HSM
of glass for discovering and classifying sensitive data and or integrated with a network attached HSM for securely storing
protecting data using CipherTrust Data Security Platform products encryption keys for highest level of assurance?
to reduce business risk and satisfy compliance regulations. It
streamlines provisioning of connector licenses through a new self-
Click here to access CipherTrust Manager
service licensing portal for better visibility and control of licenses.
product brief
• Developer Friendly REST APIs. Offers new REST interfaces
in addition to KMIP and NAE-XML APIs, for developers
to simplify deployment of applications integrated with Click here to access Top 10 reasons for Migrating
key management capabilities and automate testing and to CipherTrust Manager data sheet
deployment of administrative operations.
customer facing presentation

walkthrough video
Key Access Auditing Flexible

Management Policies Reporting APIs
CipherTrust Manager

CipherTrust Data Discovery and
Classification
Thales CipherTrust Data Discovery and Classification enables you to efficiently locate structured and unstructured regulated
data across the cloud, big data, and traditional data stores in your enterprise. A single pane of glass allows you to get
a complete understanding of your sensitive data and its risks, so you can make better decisions about closing your gaps,
prioritizing remediation, and securing your cloud transformation.
Unlike alternative disjointed solutions that can leave data exposed or compromised, Thales CipherTrust Data Discovery and
Classification provides a streamlined workflow all the way from policy configuration, discovery, and classification, to risk
analysis and reporting. This eliminates security blind spots and complexities. As a result, you can easily uncover and mitigate
your data privacy risks, enforce data sovereignty, and proactively respond to a growing number of data privacy and security
regulations, such as GDPR, CCPA, PCI DSS, and HIPAA.

• Effective solution for enterprise-wide data privacy. • How do you identify your sensitive data across storage
Thales CipherTrust Data Discovery and Classification efficiently environments: on-premises and cloud?
identifies structured as well as unstructured sensitive data • Do you know the risk of exposure of your data?
on-premises and in the cloud. Supporting both agentless and • How many different key management and data security solutions
agent-based deployment models, the solution provides built-in are in place today?
templates that enable rapid identification of regulated data,
highlight security risks, and help you uncover compliance
gaps. A streamlined workflow exposes security blind spots
and reduces remediation time. The detailed reporting supports Click here to access 451 Research report
compliance programs and facilitates executive communication.
• Complete visibility and control. A centralized console
Click here to access Build a strong foundation for
with rich visualizations and detailed reports offers a clear
view of sensitive data and its risks. This makes it easy for your data privacy and security solution brief
organization to uncover and close privacy gaps, prioritize
remediation, and make informed decisions about third- Click here to access Thales CipherTrust Data
party data sharing and privacy concerns before a digital Discovery and Classification product brief
transformation implementation.
• Accelerated path to compliance. The crucial first step in Click here to access CipherTrust Data Discovery and
compliance is to understand what constitutes sensitive data,
Classification sales enablement tools
where and how it is stored, and who can access it. Efficient
scans enable you to build a strong foundation for your overall
data privacy and security. Detailed reports and visualized
charts help your compliance teams demonstrate compliance to
auditors and regulators.
A
• Single pane of glass from discovery to remediation.
w
n
Thales CipherTrust Data Discovery and Classification is integrated

ar
tio
en
with the CipherTrust Manager, which enables your IT organization

Ac
ess
to manage your data privacy and security with centralized

management. Now, from a single pane of glass your organization Remediation Policy
can set policies, discover data that adheres or violates those
policies, classify data, rank risks and apply remediation.
Detailed
Report
Risk Discovery
Analysis
Classification
A lert

CipherTrust Transparent Encryption
CipherTrust Transparent Encryption (formerly known as Vormetric Transparent Encryption) delivers data-at-rest encryption
with centralized key management, privileged user access control and detailed data access audit logging. This protects data
wherever it resides, on-premises, across multiple clouds and within big data, and container environments.
The deployment is simple, scalable and fast, with agents installed at operating file-system or device layer, and encryption
and decryption is transparent to all applications that run above it. CipherTrust Transparent Encryption is designed to meet
data security compliance and best practice requirements with minimal disruption, effort, and cost. Implementation is seamless
keeping both business and operational processes working without changes even during deployment and roll out. The solution
works in conjunction with the FIPS 140-2 up to Level 3 compliant CipherTrust Manager, which centralizes encryption key and
policy management for the CipherTrust Data Security Platform.

• Transparent Data Protection. Transparent and continuous • What initiatives do you have around data security, encryption
file-level encryption that protects against unauthorized and key management?
access by users and processes in physical, virtual, and cloud • Who is responsible for securing your — cloud, big data and
environments. Implementation is seamless and fast, keeping container initiatives? What about your databases?
both business and operational processes working without • What strategy do you have at the enterprise level for securing
changes even during deployment and roll out. the data target in a breach?
• Scalable and Easy to deploy. Scaling to deployments of
tens of thousands of physical or virtual servers, the CipherTrust
Transparent Encryption solution is available for Windows, Click here to access CipherTrust Transparent
Linux, and AIX platforms. The enterprise encryption software Encryption product brief
can be used, deployed and maintained across physical, cloud,
container and big data environments.
Click here to access CipherTrust Live Data
• Meet Compliance and Best Practice Requirements. Transformation product brief
Encryption, access controls and data access logging are
basic requirements or recommended best practices for almost
all compliance and data privacy standards and mandates, Click here to access CipherTrust Transparent
including PCI DSS, HIPAA, GDPR and many others. Encryption white paper
CipherTrust Transparent Encryption
CipherTrust
Transparent
Encryption
CipherTrust Manager
Big data Containers Cloud Databases OS/file systems
Securing sensitive data-at-rest wherever it resides

File-level Privileged user Live data Integration
encryption access control transformation to SIEM

CipherTrust Application Data Protection
CipherTrust Application Data Protection is a fusion of products formerly known as Vormetric Application Encryption and
SafeNet ProtectApp. It offers simple-to-use, powerful software tools for application-level key management and encryption of
sensitive data. The solution is flexible enough to encrypt nearly any type of data passing through an application. Application-
layer data protection can provide the highest level of security, as it can take place immediately upon data creation or first
processing and can remain encrypted regardless of its data life cycle state – during transfer, use, backup or copy. CipherTrust
Application Data Protection can be deployed in physical, private or public cloud infrastructure to secure data even when it is
migrating from one environment to another, without any modifications to existing encryption or data processing policies.
CipherTrust Application Data Protection is deployed with CipherTrust Manager, an architecture that centralizes key and policy
management across multiple applications, environments, or sites. The combined solution provides granular access controls
that separate administrative duties from data and encryption key access. For example, a policy can be applied to ensure that
no single administrator can make a critical configuration change without additional approval.

• Centralized key management. Centralized key • How are your software developers protecting sensitive data using
management enables developers to add security to encryption or tokenization in applications today?
applications, free from complex and risky alternative key • How are your developers securing data in Extract- Translate-
management stores. Load(ETL) tools, which needs a way to selectively protect data
• Accelerate Secure Application Development. With APIs before it gets stored in data repositories?
for both PKCS#11 and KMIP and bindings for Java, C/C++, • Do you have access to PKCS#11 libraries or REST APIs that
.NET and REST, more developers gain a faster start and can connects your applications and ETL tools to a centralized key
leverage the solution for more data protection use cases. management and encryption platform?
• Leverage the cloud with utmost security. Architecture
is both IaaS- and PaaS friendly, with keys that cloud
Click here to access CipherTrust Application
administrators cannot access.
Data Protection sales enablement tools
• Offload crypto processing from application hosts.
Leveraging CipherTrust Manager power cryptographic
performance, simple configuration tells the architecture to
encrypt there, saving application server CPU cycles.
CipherTrust Manager
Database Server
Sensitive Data Encrypted Data
0544 - 4124 - 4325 - 3490 4269 - 8572 - 9741 - 2570
CipherTrust Database
Application
acme.com
Data Protection
Web Server

CipherTrust Tokenization
CipherTrust Tokenization is a fusion of products formerly known as Vormetric Tokenization with Dynamic Data Masking
and SafeNet Tokenization. CipherTrust Tokenization is offered both vaulted and vaultless and can help reduce the cost
and complexity of complying with data security mandates such as PCI DSS while also making it simple to protect other
sensitive data including personally identifiable information (PII). While there are no tokenization standards in the industry,
most tokenization solutions fall into one of two architectures: vaultless- or vaulted tokenization, both secure and anonymize
sensitive assets. Tokenization software can reside in the data center, big data environments or the cloud.

• Efficiently Reduce PCI DSS Compliance Scope. • What data is in your databases that would be critical if taken?
Tokenization can remove card holder data from PCI DSS scope How are you protecting those field values now?
with minimal cost and effort, enabling organizations to save on • Explain how users access critical field values? Do all users need full
costs associated with compliance with the industry standard. access or would partial value be of benefit?
• Conveniently Protect Personally Identifiable Information. • Do you have a QA, Test or Dev environment that needs to work
Modern IT architectures require both use and protection with a production database, but shouldn’t be exposed to sensitive
of personally identifiable information (PII). With CipherTrust information? Are you using outside contractors for any of this work?
Tokenization, PII protection is gained without encryption key
management required by the software developer.
• Foster Innovation Without Introducing Risk. Tokenize data
Click here to access Tokenization: Ready for
and maintain control and compliance when moving data to the
cloud or big data environments. Cloud providers have no access Prime Time webinar
to token vaults or any of the keys associated with tokenization
root of trust.
• Architect for Your Requirements: Vaultless or Vaulted, and
Cloud-Friendly. Both solutions leverage CipherTrust Manager as
a secure encryption key source. All-software, cloud friendly, is
readily available, including with FIPS 140-2 Level 3 Root of Trust.
Sensitive Data Tokenization Stored Protected Data
CREDIT CARD
4269-8572-9741-2570
1234 5678 9123 4567
CipherTrust
0544-4124-4325-3490 4269-8572-9741-2570
Tokenization

CipherTrust Database Protection
While there are many ways to protect sensitive data in databases, IT requirements for performance, availability and security
can sometimes clash: will this security feature compromise database read and write performance? Can I be certain that the
encryption key will always be available for fast read performance? Finding the balance between security, availability and
performance can lead to a close examination of which columns of the database contain sensitive data that must be protected
versus those that might not. And this leads to the possibility of seeking a solution with column-level encryption granularity.
For your database security needs, consider CipherTrust Database Protection, a solution that can provide high-performance,
column-level database encryption with an architecture that can provide high-availability to ensure that every database write
and read happens at almost the speed of an unprotected database.

• Security. Transparent encryption of sensitive database content • Do your databases contain sensitive data?
on a per-column basis. • Do you need high-quality keys and separation of duties for your
• Efficiency. Gain security without expanding your workload. TDE implementations?
• High Performance Architecture. Choose where encryption • Do you need to comply with PCI DSS? Or remove other PII?
is performed to match your requirements and infrastructure.
• Compliance. Meet compliance mandates, such as PCI DSS
and HIPAA, that require data encryption and separation of Click here to access CipherTrust Database
duties. Protection product brief
CipherTrust Manager
Database Server
Sensitive Data
0544 - 4124 - 4325 - 3490
CipherTrust
Database
acme.com
Web Server Protection
Encrypted
Data 4269 - 8572 - 9741 - 2570
Database

CipherTrust Enterprise Key
Management
CipherTrust Enterprise Key Management delivers a robust, standards-based solutions for managing encryption keys across
the enterprise. It simplifies administrative challenges around encryption key management to ensure that keys are secure and
always provisioned to authorized encryption services. CipherTrust Enterprise Key Management solutions support a variety of
use cases including:
• CipherTrust Cloud Key Manager
• CipherTrust TDE Key Management
• CipherTrust KMIP Server
CipherTrust Cloud Key Manager
For virtually every organization today, the adoption of multiple cloud services continues to expand—and so does the use of
encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With the CipherTrust
Cloud Key Manager, your organization can establish strong controls over encryption keys and policies for data encrypted
by cloud services.
CipherTrust Cloud Key Manager supports a growing list of infrastructure-, platform- and software as a service (IaaS, PaaS
and SaaS) providers. SaaS solutions include Microsoft Office365, Salesforce.com and Salesforce Sandbox. Supported
IaaS/PaaS solutions include Microsoft Azure, Microsoft Azure Germany and China National Clouds, Microsoft Azure
Stack, Google Cloud and Amazon Web Services.
• Enhanced IT Efficiency. CipherTrust Cloud Key Manager • How many cloud services do you use to run your business?
centralizes encryption key management from multiple environments, • Do you have a single scalable data protection platform across
presenting all supported clouds and even multiple cloud accounts cloud services? What about on-premises?
in a single browser tab. Automated key rotation and federated • Do you use encryption provided by cloud platforms? Where
login dramatically simplifies key life cycle management. are the keys stored?
• Gain Strong Key Control and Security. Data Encryption • Do you need subpoena-proof cloud encryption?
solutions from leading public cloud providers such as Microsoft
• How do you manage multiple BYOK services? Do you have a
Azure, Google Cloud, Amazon Web Services and Salesforce.com flexible and scalable solution for key lifecycle management?
provide Bring Your Own Key (BYOK) services that enable customers
to separate key management from provider-controlled encryption.
CipherTrust Cloud Key Manager utilizes BYOK services to deliver Click here to access CipherTrust Cloud Key
key generation, separation of duties, reporting, and key lifecycle Manager overview video
management that help fulfill internal and industry data protection
mandates, all with FIPS 140-2-compliant secure key storage.
Click here to access CipherTrust Cloud Key
• Fulfill Best Practices. Separate encryption keys from data Manager product brief
encryption and decryption operations for compliance, best security
practices and control of your data. Gain operational insights on
encryption key usage with dashboards, reports and logs with Click here to access CipherTrust Cloud Key
CipherTrust Cloud Key Manager. Manager customer presentation
CipherTrust Cloud Key Manager Click here to access CipherTrust Cloud Key
Manager sales enablement tools
Enhanced Security
• Key control
• FIPS 140-2 assurance
• Visibility for compliance Click here to access Cloud Security Summit on-
IT Efficiency demand webinar
• Key lifecycle management
• Automated key rotation
• Single pane of glass
Multi-Cloud Bring Your Own Key Management

CipherTrust TDE Key Management and
CipherTrust KMIP Server
Once an organization encrypts data on third party servers, storage infrastructure and devices, it depends on centralized
enterprise key management to generate, distribute, store, rotate, and revoke/destroy cryptographic keys associated with that
encrypted data, wherever it resides.
Enterprise Key Management solutions from Thales, enable organizations to centrally manage and store cryptographic keys
and policies for third-party devices including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
CipherTrust Enterprise Key Management delivers a robust, standards-based platform for managing encryption keys from
disparate sources across the enterprise. It simplifies the administrative challenges around encryption key management to
ensure that keys are secure and always provisioned to authorized encryption services.

• Unify Key and Certificate Management. Leverage • Do you use Microsoft SQL or Oracle Transparent Data
CipherTrust Manager for managing keys for CipherTrust Encryption?
Data Security Platform products and third-party applications • Do you use any storage arrays that offer KMIP-based
including Microsoft SQL TDE, Oracle TDE, and KMIP- encryption key management?
compliant encryption products. • Do you have a need for centralized management of
• Improve Operational Efficiency. Enterprise Key encryption keys?
Management simplifies the process of managing cryptographic
keys, enabling security teams to gradually consolidate the
management of encryption across the enterprise that can Click here to access Enterprise Key
reduce cost of ownership and minimize overall risks. Management Solutions solution brief
• Prevent Unplanned Downtime. Minimize key availability
and redundancy, leveraging secure replication of keys across Click here to access TDE Key Management
multiple appliances with automated backups. Automated alerts
solution brief
help prevent unexpected key expiration.
Click here to access Key Management
white paper
CipherTrust Cloud
CipherTrust Manager
Key Manager
CipherTrust CipherTrust
KMIP Server CipherTrust
TDE Key LUKS Key
Management Management
CipherTrust Enterprise Key Management

Protecting Data in Motion
Thales High Speed Encryptors (HSEs) that provide network independent encryption (Layers 2, 3 and 4) for data in motion
ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back. Our encryptors are crypto-
agile, meaning they support flexible encryption policies and a range of elliptic curves to allow for end-user customization
to balance security and performance requirements. The HSE devices also leverage quantum safe crypto techniques for
future-proof data security. Thales HSEs are available as both physical and virtual appliances, supporting a wide spectrum of
network speeds from 100 Mbps to 100 Gbps, with platforms ranging from single to multi-port appliances.
• The CN series is a hardware network appliance that delivers network layer independent encryption for data in motion. These
hardware encryptors are certified for FIPS 140-2 Level 3 and Common Criteria EAL 2 and 4+.
• The CV series is a hardened virtual appliance that delivers robust encryption for data-in-motion across high speed carrier WANs and
SD-WAN links, using Network Function Virtualization (NFV).
• Trusted security. Certified FIPS 140-2 L3, Common Criteria, Are you encrypting your network?
NATO, UC APL, ANSSI (pending) Thales network encryptors
are preferred by market leading financial institutions, telcos and • Yes - What are you using? IPSec? MACsec?
other commercial organizations and governments in more than • No - Why? Are you sending high value or long life data over
35 countries. the network to any remote sites for storage or processing?
• Maximum network performance. Thales High Speed High-level topics to start the HSE conversation
Encryption solutions have been proven to deliver max uptime
in the most demanding, performance intensive environments. • Data Links between sites – How do you encrypt between sites
The solutions have near-zero latency, and can operate in full- and remote locations? Between or to the data center? Up to
duplex mode at full line speed. the cloud and back?
• Optimal Flexibility. Thales High Speed Encryption solutions • Encryption – Is your solution standards based? crypto agile
offer flexible, vendor agnostic interoperability, meaning they’re and future proof? Can it support all network layers (layer
compatible with all the leading network vendors throughout 2-4)?
your network. The product range supports network speeds of • Do they have an Encryption strategy for future threats (i.e.
10 Mbps to 100 Gbps and single to multi-port appliances and Quantum Computing, 5G, SDN, etc)?
virtual solutions. • Key management – Do you have control and protection for
keys? Are they updated on regular intervals (e.g. hourly) and
Click here to access High Speed Encryption securely stored/protected?
Solutions solution brief • Does your encryption impact bandwidth utilization or cause
issues with real time applications like voice or video?
Click here to access Protecting SD-WAN Data in
Motion infographic
Seamless concurrent multi-layer network traffic

encryption across network layers (2-4)
Policy Topology Destination
LAYER 2
Multi-layer Encryption Data Link
Layer
Topology-based, LAYER 3
Network
Max Load Encryption Layer
Destination Defined LAYER 4

Transport
Layer

CN Series CV Series
The CN series is a hardened physical network appliance CV1000 Series
that delivers network layer independent (Layers 2, 3 and 4)
data-in-motion encryption. These hardware encryptors are The CV1000, the first hardened virtual encryptor, is instantly
certified for FIPS 140-2 Level 3 and Common Criteria EAL 2 scalable and may be deployed rapidly across hundreds
and 4+. of network links, providing robust encryption protection
for data-in-motion. The Thales Virtual Encryptor CV1000
CN6000 Series is a Virtual Network Function (VNF) that delivers an agile
The CN6000 Series encryptors offer variable-speed network and reduces capital expenditure requirements. Ideal
licenses from 100 Mbps to 10 Gbps. The CN6140 has a for organizations that are virtualizing network functions and
multi-port design that makes this encryptor variable, with taking advantage of Software Defined Networking (SDN).
speed licenses up to 40 Gbps (4x10 Gbps), highly flexible Value proposition
and cost effective.
• Hardened virtual appliance
Value proposition • CipherTrust Manager integration
• 1 Gbps-10 Gbps Ethernet Encryptor • Supports Transport Independent Mode (TIM)
• Certified to highest commercial standards • Ideal for Software Defined Networks (SDN) and Server-to-
• Rack-mountable, fully redundant robust design Server communications
• Ideal for private networks and data center interconnects
CN9000 Series Target Customers
Delivering 100,000,000,000 bits per second of high Organizations with:
assurance and secure encrypted data, the CN9000 Series
• Data Center Interconnect
provides mega data security (100 Gbps), with the lowest • Branch Offices/Remote Locations
latency in the industry (<2μs) • Disaster Recovery Sites
Value proposition • Remote Data Centers
• Cloud Services
• First commercial certified 100 Gbps encryptors
• Only multipoint 100G Encryptor on market
• Fully interoperable with CN product family
• Designed for next gen data centers and core networks
CN4000 Series
The CN4000 Encryptors are versatile and compact,
offering 10 Mbps-1 Gbps encryption in a small-form factor
(SFF) chassis. The CN4000 series is ideal for branch and
remote locations, offering cost effective, high-performance
encryption, without comprising network performance.
Value proposition
• 10 Mbps-1 Gbps Ethernet Encryptor
• Certified, low-cost, high-performance
• Small form factor ideal for remote locations
The CV series is a hardened virtual appliance that delivers
robust encryption for data-in-motion across high speed
carrier WANs and SD-WAN links, using Network Function
Virtualization (NFV).
22
Hardware Security Modules
Achieve compliance and scale to meet high performance use cases, by confidently securing critical environments with Thales
HSMs - high-assurance FIPS 140-2 Level 3-validated, tamper resistant appliance. Specifically designed for the protection
of cryptographic keys for data at rest and in transit, they act as trust anchors to protect the master keys that encrypt your data,
digital identities, and transactions. Thales offers the following types of purpose-built HSMs:
General Purpose HSM

Luna General Purpose HSMs are the foundation of trust Value proposition
for an organization’s overall ecosystem including devices,
Thales Hardware Security Modules (HSMs) provide the
identities and transactions. Luna HSMs ensure the integrity
highest level of security by always storing cryptographic
of your cryptographic keys and functions, protecting them
keys in hardware. Thales HSMs provide a secure crypto
within a variety of form factors including a network attached
foundation as the keys never leave the intrusion-resistant,
appliance, an embedded PCIe card, or a portable USB
tamper-evident, FIPS-validated appliance. Since all
appliance. They can be easily integrated with a wide-
cryptographic operations occur within the HSM, strong
range of applications to accelerate general cryptographic
access controls prevent unauthorized users from accessing
operations, secure crypto key life cycles and act as a root of
sensitive cryptographic material. Additionally, Thales also
trust for your entire crypto infrastructure.
implements operations that make the deployment of secure
Luna Cloud HSM HSMs as easy as possible, and our HSMs are integrated
with Thales Crypto Command Center for quick and easy
Luna Cloud HSM services are available on Data Protection on crypto resource partitioning, reporting and monitoring.
Demand (DPoD), a cloud-based platform that provides a wide
range of Cloud HSM and key management services through Thales HSMs adhere to rigorous design requirements and
a simple on-line marketplace. With DPoD, security is made must pass through stringent product verification testing,
simpler, more cost effective and easier to manage because followed by real-world application testing to verify the
there is no hardware to buy, deploy and maintain. Just click security and integrity of every device.
and deploy the protection you need, provision services, add
Thales HSMs are cloud agnostic, available also as a Cloud
security policies and get usage reporting in minutes.
HSM service on DPoD and are the HSM of choice for
Payment HSM Microsoft, AWS and IBM, providing a “rentable” hardware
security module (HSM) service that dedicates a single-tenant
Payment HSMs deliver a suite of payment security appliance located in the cloud for customer cryptographic
functionality including transaction processing, sensitive storage and processing needs.
data protection, payment credential issuing, mobile card
acceptance and payment tokenization. Thales payShield
HSMs are used throughout the global payment ecosystem by
issuers, service providers, acquirers, processors and payment
networks. The latest model, payShield 10K, has a range of
global and regional security certifications including PCI HSM
v3, FIPS 140-2 Level 3 and AusPayNet.

With Thales Hardware Security Modules, You Can address compliance requirements with solutions for Blockchain,
GDPR, eIDAS, IoT, paper-to-digital initiatives, PCI DSS, digital signatures, DNSSEC, hardware key storage, transactional
acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more.
Keys are generated, and always stored in the intrusion-resistant, tamper-evident, FIPS-validated appliance, providing the
strongest levels of access controls.
Create partitions with a dedicated Security Office per partition, and segment through admin key separation.
Luna General Purpose HSM

Available in a wide range of form factors and performance options, Thales Luna General Purpose HSMs safeguard the
cryptographic keys used to secure transactions, applications, and sensitive data.
Smart Questions • Does your HSM provide the ability to address your existing
traditional use cases such as code signing, PKI and database
• Do you have a data security strategy? How does data encryption, as well as emerging technologies such as
encryption form part of that strategy? Blockchain, 5G, IoT and BYOK?
• What data encryption do you currently deploy and what does • Do you have the ability to quickly react to cryptographic
compliance mandates and audit mandates expect you to encrypt? threats? Can you implement alternative methods of encryption,
• Do you have an internal PKI? – How do you securely store the ensuring you can migrate your applications to new post-
root keys? quantum algorithms?
• Do you purchase third party SSL and TLS Certificates? – Are
they centrally stored for improved security and performance?
• What crypto services do you currently offer? – How do you Click here to access An Anchor of Trust in a
generate and store the cryptographic keys? Digital World white paper
Thales Luna Network HSM

Secure sensitive data and critical applications by storing, protecting and managing cryptographic keys in Thales Luna
Network HSM - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance. You
can integrate Luna Network HSMs into a wide range of applications to accelerate cryptographic operations, secure the
crypto key lifecycle, and provide a root of trust for your entire encryption infrastructure. Furthermore, centralize your Luna
Network HSM crypto resources and reduce IT security infrastructure costs with Crypto Command Center - a complete
monitoring, reporting and management tool for on-premises, hybrid and cloud environments.
Value proposition
Click here to access Thales Luna Network
• Ensure keys always remain in high assurance FIPS 140-2 Level HSM product brief
3, tamper-evident hardware root of trust
• Protect your organization today and into the quantum era
PKI
• Meet high throughput requirements for high performance use cases Signing & IOT
• Meet compliance for eIDAS, GDPR, HIPAA, PCI-DSS and more Document
Signing
Validation
• Securely backup and duplicate keys in hardware for Code Signing
redundancy, reliability and disaster recovery Secure

Manufacturing Post-
• Increase security with multi-person MofN with multi-factor Quantum
Crypto
authentication Agility
Database
• Multiple roles for strong separation of duties Encryption
• Remotely manage Luna HSMs - no need to travel 5G
• Reduce audit and compliance costs and burdens Luna Network HSMs
Transaction
• Extend native HSM functionality by developing and deploying Processing
custom code within the secure confines of the HSM SSL/TLS
BYOK/HYOK
Blockchain
Smart Card
Issuance HSMaaS
Private & public
eIDAS
cloud
environment

Thales Luna PCIe HSM
Secure sensitive data and critical applications by storing, protecting and managing cryptographic keys in Thales Luna PCIe
HSM –high-assurance, tamper-resistant PCIe cards. Provide applications with dedicated access to a purpose-built, high-
performance cryptographic processor. Quickly embed this cost-efficient solution directly into servers and security appliances
for FIPS 140-2 validated assurance.
Value proposition Click here to access the Thales Luna PCIe HSM
• Server-embedded PCIe card product brief
• High assurance, FIPS 140-2 validated, high performance
cryptographic processor
• Keys always remain in FIPS-validated, tamper-evident hardware
• Meet compliance needs for GDPR, eIDAS, HIPAA, PCI-DSS,
and more
PKI
Certificate
Signing &
Validation
BYOK/HYOK IOT
5G TLS/SSL
Post-
Time- Quantum
stamping Crypto Agility
Document
Signing Blockchain
Luna PCIe HSMs
Database Code Signing

Encryption
Transaction eIDAS
Processing
Smart Card Secure

Issuance Manufacturing

Thales Luna USB HSM
Thales Luna USB HSM is a small form factor HSM. Governments, financial institutions, and large enterprises reduce security
risks and ensure regulatory compliance with this hardware cryptographic root of trust for data, applications and digital
identities. It is well suited for the strong protection of Certificate Authority (CA) root keys and Proof of Concepts (PoCs).
Value proposition
• Small form-factor USB interface appliance Click here to access the Thales Luna USB HSM
• Ideal for storing root keys in an offline, secure device product brief
• FIPS 140-2 Level 3 validated
Thales Crypto Command Center

Thales Crypto Command Center centralizes Thales Luna Network HSM crypto resources and helps to reduce IT security
infrastructure costs. IT security departments and service providers can now quickly and securely expand IT capabilities, gain
visibility, and streamline their infrastructure in physical, cloud, hybrid cloud and virtual environments with Crypto Command
Center. This is the market's first solution to fully exploit the benefits of virtualization including reduced costs and innovation, by
provisioning Luna Network HSMs without compromising security or compliance. Together Crypto Command Center and
Luna Network HSMs combine to form one complete, centralized solution for the management of crypto HSM resources - a
crypto hypervisor.
Value proposition Crypto as a Service

HYBRID CLOUD USE CASE
• Centralized crypto resources
• On-demand provisioning, monitoring,
reporting and alerting of crypto resources
• Highly scalable solution
• Maintain full control of encryption services
and data Crypto Command Center
• Discover unmanaged crypto resources and HSM Monitoring
gain visibility
• Maintain a standardized, consistent level
of security through crypto templates and
automation
• Increased security and sharing of hardware
through multi-tenancy and role separation
Code
IoT Database Signing PKI SSL
Click here to access the

Thales Crypto Command
Center product brief
Enterprise HSM Cloud Crypto Enterprise HSM On-premises

and/or
Resource Pool Crypto Resource Pool
Crypto Command Center provisions access to HSM crypto resources Direct access to HSM resources

Thales ProtectServer PCIe HSM
The Thales ProtectServer PCIe HSM provides tamper-protected hardware security for server systems and applications that
require high-performance symmetric and asymmetric cryptographic operations. The HSM provide secure storage and a
dedicated cryptographic processor to deliver high-speed processing for cryptographic operations and fast transaction
speeds. The HSM provides a wide range of cryptographic services, including encryption, user and data authentication,
message integrity, secure key storage, and key management for eCommerce, PKI, document management, Electronic Bill
Presentation and Payment (EBPP), database encryption, financial EFT transactions, plus many others.
Value proposition
Click here to access the Thales ProtectServer
• Flexible, fully customizable HSM
PCIe HSM product brief
• Easy management
• Ideal for application developers
• Keys always remain in FIPS 140-2 Level 3 validated, tamper-
evident hardware
• Multiple form factors
Thales Payment HSMs

payShield 10K delivers a suite of payment security functionality including transaction processing, sensitive data protection,
payment credential issuing, mobile card acceptance and payment tokenization. It is used throughout the global payment
ecosystem by issuers, service providers, acquirers, processors and payment networks. The payShield 10K has achieved
various global and regional security certifications including PCI HSM v3, FIPS 140-2 Level 3 and AusPayNet.
Value proposition Click here to access Transaction processing

using payShield HSMs brochure
For more than 30 years, Thales payment HSMs have
been involved in a wide range of applications. The main Click here to access Sensitive data protection in
role of a payment HSM is to protect cryptographic keys the retail card payments ecosystem
and sensitive data in a highly secure manner such that the
integrity of two fundamental processes is maintained: Click here to access Payment credential issuing
using payShield HSMs brochure
Equipping consumers to make payments
• Dealing with the complexity of EMV chip cards or mobile-
based applications
• Keeping control of critical user credential assets
• Maintaining a high level of security (to avoid counterfeiting or
rogue payment instruments)
Facilitating a secure payments process
• Being able to scale quickly to handle higher transaction volumes
• Ensuring that sensitive data is protected at all times
• Facilitating transactions originating from a diverse range of
payment instruments (with more and more no longer under
bank control).

payShield 10K
As markets and digital payment security standards continue to advance, a secure payment infrastructure is crucial to the success
of global business. Organizations face many challenges in protecting the rapidly growing volume of digital payments – from
transaction processing and country-specific mandates, to card/device issuance and direct-to-mobile (IoT) provisioning.
Customers can rely on payShield 10K payment HSMs to deliver the protection, performance, and operational efficiency
needed to confidently secure digital payments.

• Optimized for deployment in dark data centers – • Which payment applications are you using – in-house or from
comprehensive remote management and monitoring a Thales Accelerate Technology Partner (and if so, which one)?
underpinned by high resilience and availability • How many types of HSMs are you using in your production
• Operational efficiency – reduce costs and streamline existing data centers?
operations with lower power consumption, faster firmware • What types of cryptographic keys do you need to share with
updates and broader cryptographic support third parties?
• Proven integrations – payShield HSMs work off-the-shelf with the • Which online or remote payment solutions do you need to support?
largest number of payment applications from the leading vendors • Have you considered HSM options to help lower your
• Future-proof design – leverage the latest cryptographic operating costs, including:
functions to support new payment methods while meeting • Remote management using payShield Manager to
stringent security standards eliminate most travel to data centers?
• Backwards compatible will all legacy Thales payment HSMs – • payShield Monitor for 24 x 7 monitoring of HSM utilization
a simple migration path for all payShield 9000 users to identify performance bottlenecks?
• payShield Trusted Management Device as a more flexible,
portable and efficient alternative to a console for key
Click here to access payShield 10K component management?
data sheet • Multiple LMK options to securely share an HSM between
multiple applications or tenants?
Click here to access Top 10 reasons for Migrating • Software performance upgrades to maximize HSM investment?
to payShield 10K now data sheet
Click here to access payShield 10K sales

enablement tools
payShield TMD
Payment system Switch

services
payShield Manager
payShield Monitor
Host HSM estate
system
POS eCommerce ATM Payment Payment PIN & key component

automation Credential issuing mailers

payShield Manager
payShield Manager offers local and remote management options for both payShield 10K and payShield 9000 HSMs. It
enables remote operation of HSMs via a standard browser interface, leveraging smart card access control to establish secure
connections with HSMs. payShield Manager enables key management, security configuration and software and license
updates to be carried out remotely.

• Reduced operating costs – eliminates travel to data centers for • How often do you travel to data centers to manage
HSM management your HSMs?
• 24x7 coverage – physical access to HSMs is no longer required • How easy is it to book a time slot for HSM management?
• Highly scalable – easy to support large HSM estates • How many HSMs in total do you need to manage on a
deployed across multiple locations regular basis?
• How long does it typically take to bring a new HSM online
after installation in the data center rack?
Click here to access the payShield Manager • What benefits would you gain if you could load your LMK
product brief from a secure remote location?
Click here to access the Top 10 Reasons You

Can't Live Without Remote HSM Management
product brief
payShield Monitor
payShield Monitor is a comprehensive HSM monitoring platform that enables operations teams to gain 24x7 visibility into the
status of all their payShield HSMs, including those residing across distributed data centers. With this solution, security teams can
efficiently inspect HSMs and find out immediately if any potential security, configuration or utilization issue may compromise their
mission-critical infrastructure.

• Know instantly when an issue the HSM security domain • How often to you visit data centers to record operational
has occurred information regarding your HSMs?
• Improve visibility on individual HSM utilization and overall • What solution do you deploy today to monitor your
HSM security domain capacity payshield HSMs?
• Reduce operating costs by leveraging a 24x7 background • How quickly do you get notified if an HSM stops working?
monitoring solution with no human intervention • How do you measure the headroom you have in your
HSM estate capacity?
• How can you quickly confirm that all your HSMs are
configured correctly and using the correct version of software?
Click here to access the payShield Monitor
product brief
Click here to access the Top 10 Reasons HSM

Monitoring Helps You Avoid Outages
product brief

payShield Trusted Management
Device
The payShield Trusted Management Device (TMD) is a compact, intuitive, self-contained secure cryptographic device (SCD)
that enables secure management of symmetric keys. This critical key management task can be carried out without any physical
connection to a production HSM, providing greater operational flexibility without compromising security.

• Simplified key management – the unique QR code method for • What security audit requirements are you finding challenging
key import and export helps eliminate data entry errors to meet?
• Reduced time required - all sensitive key management tasks • How are you using payShield Manager today?
can be performed in a secure remote location 24x7 without • How easy is it to organize key ceremonies inside data centers?
physical access to production HSMs • What types of keys do you need to generate and share on a
• Secure key sharing – TR-31 standard for keys and components regular basis?
enables sharing with a wide variety of HSMs from multiple vendors • What would help reduce your key management costs?
Click here to access payShield Trusted Management

Device data sheet
Click here to access Top 10 reasons for using the

payShield Trusted Management Device data sheet
Click here to access payShield Trusted Management

Device product presentation
30
Thales Data Protection On Demand
(DPoD)
The award winning Thales Data Protection on Demand (DPoD) is a cloud-based platform, providing a wide range of Luna
Cloud HSM, CipherTrust Cloud Key Management, and payShield Cloud Payment services through a simple online marketplace.
Data security is now simpler, more cost effective and easy to manage because there is no hardware to buy, deploy and
maintain. Just click and deploy the protection you need, provision services, add security policies and get usage reporting in
minutes. DPoD is also ideal for Managed Security Providers and Managed Security Service Providers who want to provide their
customers unrivaled data-protection-as-a service solutions, bundled with their other cloud and security services.

• Deploy and manage key management and hardware security • What is your company strategy around cloud adoption?
module services, on-demand and from the cloud • If you use a CSP, how do you feel about the data security
• SLA – 99.95% availability, ISO 27001 compliant provided by the cloud service provider?
• Focus on services, not hardware • What are your concerns when it comes to securing your data?
• Deploy in minutes, not days • Do you have internal resources to manage the data security?
• Purchase only what you need and reduce costs
• Protect data anywhere Click here to access the Thales Data Protection
• Real-time reporting and visibility On Demand - 30-Day Free Evaluation
information page
• Multi-tier management, including complete separation of duties
• Easily integrates with existing apps, IT infrastructure & services
Click here to access Thales Data Protection on
Demand product brief
Click here to view Thales Data Protection On

Demand video
Data Protection... Available On Demand

Protect Everywhere Protect Everything
Thales Data Protection On Demand
Data Center
Payments
and Transactions
Encryption
Hybrid
Personal Data
Cloud
Key Management Root of Trust
Applications
Policy APIs
Management,
Centralized Billing Big Data
& Reporting
Virtual
Market Place
Network IOT
31
Luna Cloud HSM Services
DPoD provides a wide range of cloud-based HSM services within Data Protection on Demand allows customers to store
and manage cryptographic keys used for data encryption in the cloud while retaining complete control of their keys. The
DPoD marketplace offers Cloud HSM services for a wide variety of use cases and integrations across cloud, hybrid and on-
premises environments.
Luna HSM is the only HSM engineered for hybrid and multi-cloud environments. A combination of Thales Luna HSMs on-
premises and Data Protection on Demand (DPoD) Cloud HSM services, hybrid Luna HSM provides you with the flexibility
and convenience to choose the right balance to meet your business and digital security needs. Hybrid Luna HSMs give you
the flexibility to move keys, for cloning and backup and scaling, freely between cloud, hybrid and on-premises environments
in a purpose-built hybrid solution.
Click here to access more information about Click here to access more information about
Luna Cloud HSM Services Hybrid Luna HSM
CipherTrust Key Management Services

Key Broker services on the DPoD platform provide Bring Your Own Key (BYOK) capabilities as a cloud-based service. With
DPoD, you can ensure simple and secure control of your keys and related security policies for encryption within your cloud
service providers IaaS and PaaS environments and SaaS vendors.
Click here to access more information about

CipherTrust Key Management Services
SureDrop
Secure File Sharing
SureDrop is developed for organizations that have strong security policies around file storage, but still need the productivity
benefits of a fully-featured file-sharing solution. With SureDrop, users can store, share, sync, and collaborate on all their files
in the cloud with an enterprise-class solution and end-to-end security, featuring standards-based encryption. Easy to use and
fully compatible with Microsoft 365, Outlook, and Azure, SureDrop delivers a full drop box file-sharing and collaboration
experience, without compromising security.

• End-to-end, standards-based encryption • Do you currently have a file sharing application in place and
• Robust audit capabilities does it provide end-to-end encryption of your data?
• Cloud or on premises versions available • Does your organization have strong security polices around
• Client-side encryption key management file storage, sharing and collaboration, but still need the
productivity benefits of a fully-featured file-sharing and
collaboration solution?
Click here to access SureDrop product brief • Is your organization blocked from using applications like Dropbox
because they don’t meet your security policies and standards?
Click here to access SureDrop infographic

Questions and Special Requests
If you have any questions or special requests, please contact DLAccelerate.Campaigns@thalesgroup.com
You can discover the latest and greatest sales and marketing resources by visiting the Accelerate Partner Portal via
https://cpl.thalesgroup.com/partners/partner-login
About Thales
The people you rely on to protect your privacy rely on Thales to protect their data. When it comes to data security,
organizations are faced with an increasing number of decisive moments. Whether the moment is building an encryption
strategy, moving to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.
Decisive technology for decisive moments.

Contact us
For all office locations and contact information,
please visit cpl.thalesgroup.com/contact-us
> cpl.thalesgroup.com <

© Thales - October 2020• DBV16

Partner Playbook: Data Protection Portfolio

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Partner Playbook: Data Protection Portfolio

Uploaded by

Copyright:

Available Formats

cpl.thalesgroup.

Partner Playbook Data Protection 1

We are the worldwide leader in data protection, providing everything an organization

Partner Playbook Data Protection 2

Partner Playbook Data Protection 3

Today’s enterprises depend on the

cloud, data and software in order to Cloud Protection

Partner Playbook Data Protection 4

Cloud Security Secure Your Digital

Securing sensitive data is a priority for every organization.

Partner Playbook Data Protection 5

Security that integrates with

Partner Playbook Data Protection 6

Cloud USE CASES

Key Data Discovery

Partner Playbook Data Protection 7

• Strengthen Security and Compliance CipherTrust Data Discovery and Classification

CipherTrust Database Protection

CipherTrust Enterprise Key Management

Overall Approver Decision Maker Implementer Recommender

Partner Playbook Data Protection 10

Solutions that meet their needs

Partner Playbook Data Protection 11

Value proposition Click here to access CipherTrust Data Security

mobility to efficiently secure data across multiple cloud vendors

with centralized, independent encryption key management.

using the CipherTrust Cloud Key Manager. The CipherTrust

Cloud Key Manager supports Bring Your Own Key (BYOK)

Partner Playbook Data Protection 12

Value proposition Smart questions

Click here to access CipherTrust Manager

Key Access Auditing Flexible

Partner Playbook Data Protection 13

Value proposition Smart questions

Thales CipherTrust Data Discovery and Classification is integrated

with the CipherTrust Manager, which enables your IT organization

to manage your data privacy and security with centralized

Partner Playbook Data Protection 14

Value proposition Smart questions

CipherTrust Transparent Encryption

Big data Containers Cloud Databases OS/file systems

Securing sensitive data-at-rest wherever it resides

Partner Playbook Data Protection 15

Value proposition Smart questions

0544 - 4124 - 4325 - 3490 4269 - 8572 - 9741 - 2570

Partner Playbook Data Protection 16

Value proposition Smart questions

Sensitive Data Tokenization Stored Protected Data

1234 5678 9123 4567

Partner Playbook Data Protection 17

Value proposition Smart questions

Partner Playbook Data Protection 18

Multi-Cloud Bring Your Own Key Management

Partner Playbook Data Protection 19

Value proposition Smart questions

Partner Playbook Data Protection 20

Seamless concurrent multi-layer network traffic

Policy Topology Destination

Destination Defined LAYER 4

Partner Playbook Data Protection 21

General Purpose HSM

Partner Playbook Data Protection 23

Luna General Purpose HSM