Application-Level Encryption: Today's Challenge

Protect sensitive data and provide selective access depending on users, their roles, and their entitlements.

Application-Level Encryption

Application-level encryption can be policy-based and geared to specific data protection mandates such as PCI DSS. It can provide targeted protection that is invoked only when necessary. Protection can be tightly managed and supervised with dual controls and other layers of procedural protection that, taken together, support compliance reporting obligations.

Protecting Keys

Attackers can use development tools, intended for tasks such as application monitoring or debugging, to gain access to encryption keys or simply to turn off encryption, unlocking information within the application.

Using pre-certified cryptographic implementations

Developers adding encryption to applications are often tempted to implement complex cryptographic algorithms themselves. As this practice can introduce unnecessary security flaws, it’s always best to use pre-certified cryptographic implementations for application-level encryption.

Managing keys

While adding encryption to application code has its challenges, these can be minor when compared to the issue of key management. Because inadequate key management can result in stolen or unusable information, developers need to decide whether to include native key management functionality or rely on external key management systems.

Delivering data protection

Products and services from Thales e-Security can help you deploy application-level data protection for your most sensitive applications. With the flexibility to handle a broad spectrum of applications, from fully automated, high-volume applications to tightly supervised, low-volume, but nevertheless highly sensitive applications, Thales e-Security application encryption solutions deliver data protection and operational efficiency.

Creating a trusted platform for cryptographic processing

nShield hardware security modules (HSMs) create a trusted platform where cryptographic processes can be performed safely and where key material can be protected and managed securely. This trusted layer overcomes the risks inherent in open system software environments in which applications typically execute.

Enabling Control and Agility

With nShield HSMs, developers and organizations have the best of all possible worlds—the ability to take advantage of proven and pre-certified cryptographic libraries, use native cryptographic offload and acceleration capabilities, and exploit of a wide range of key management tools to deliver a high degree of control and flexibility.

Robust Security

Provide high levels of assurance for cryptographic operations through the use of tamper-resistant hardware. Physically protect higher-level application processes through the unique CodeSafe functionality that enables one to execute sensitive code within the secure execution environment inside the HSM.

Operational Flexibility

Secure a broad range of applications by mapping diverse security policies and processes to a flexible and hardened data protection platform. Accelerate implementation of projects through Thales’ partnerships with leading vendors, delivering HSMs that are pre-certified to work with a wide range of applications and development platforms.

High Performance

Take advantage of hardware-based cryptography and maintaining high levels of application performance by offloading cryptographic processes onto the HSM. Simplify compliance reporting through streamlined policy definition to improved auditability of business processes.

Research and Whitepapers : Security World White Paper

The Thales Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSM appliances, host-embedded HSM cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.

Download

Research and Whitepapers : Code Safe

This white paper describes the unique Thales CodeSafe capability, which enables application code to run within the protected confines of a tamper-resistant nShield Hardware Security Module (HSM). CodeSafe enables users to develop application code to run inside the HSM, providing protection against Advanced Persistent Threats (APTs) as well as insider attacks and hacking. The paper describes the associated toolkit, bundled utilities, and management, and additionally details multiple usage examples where CodeSafe provides high value.

Download
Unsere interaktive Präsentation ansehen Mehr erfahren
Eine Live-Präsentation planen Zeitplan
Einen Spezialisten kontaktieren Uns kontaktieren