You have relied on the KeySecure platform over many years to provide centralized key management and data protection throughout your enterprise and cloud environments.
Thales has now combined the strengths of two industry-leading data protection companies – Gemalto and Vormetric, to create CipherTrust™ Managers.
It enables organizations to centrally manage encryption keys for the Thales data protection portfolio as well as our partner ecosystem via KMIP and NAE XML interfaces, and third-party products such as Oracle TDE and SQL Server EKM. It simplifies key lifecycle management tasks, including secure key generation, backup/restore, clustering, deactivation, and deletion.
The new unified management console in CipherTrust Manager makes it easy to discover and classify data, and to protect sensitive data wherever it resides using a comprehensive set of data protection connectors from Thales.
This brief captures the major reasons for current KeySecure customers to migrate to the new CipherTrust™ Manager platform now.
1. New Data Discovery and Classification
CipherTrust Manager enables organizations to discover and classify sensitive data wherever they reside across their on-premises, big data and cloud environments, and take remediation actions using a variety of data protection connectors to reduce business risks.
2. New Self-service Licensing
A new customer-facing licensing portal streamlines the provisioning of connector licenses and the new management console in CipherTrust Manager enables organizations to gain better visibility and control of their data protection connector licenses in use.
3. Improved Monitoring and Alerting
It includes tracking of all administrator access, encryption key state and policy changes in multiple log formats (RFC-5424, CEF, LEEF) for easy integration with SIEM tools. In addition, customers can generate pre-configured and customizable email alerts (SNMP v1,v2c, v3).
4. Developer Friendly REST APIs
CipherTrust Manager offers new REST interfaces, in addition to KMIP and NAE-XML APIs, for developers to simplify the deployment of applications integrated with key management capabilities and automate the development and testing of administrative functions.
Physical Appliance Improvements
5. High-speed Interfaces and NIC Bonding
The new CipherTrust Manager appliances (k470 and k570) provide optional 2x1GB/2x10GB network interface cards (NIC) as well as NIC bonding to increase available bandwidth.
6. Password and PED Authentication The k570 appliance now offers customers the choice of Password or PIN Entry Device (PED) authentication, allowing customers options for stronger authentication.
Flexible Deployment Options
7. Cloud Friendly Deployments CipherTrust Manager offers several options to securely migrate
applications to multiple cloud environments.
• Offers support for AWS, Azure, Google Cloud, VMware, HyperV, Oracle VM and more.
• Integration with CipherTrust Cloud Key Manager to support bringing your own key (BYOK) across multiple cloud infrastructures and SaaS applications
8. Hybrid High-Availability Clustering
It offers a choice of clustering a physical with a virtual appliance for high-availability environments to ensure optimum processing regardless of the workload location (data centre or cloud).
9. Multi-tenancy Support
It provides capabilities required to create multiple domains with separation of duties to support large organizations with distributed locations or multiple companies hosted by Managed Service Providers (MSP)
Expanded HSM Options
10. FIPS 140-2 Validated HSMs
CipherTrust Manager provides several options to integrate with a FIPS 140-2 validated physical or virtual HSMs as a secure root of trust for better key entropy.
• Built-in HSM crypto accelerator card on a CM k570 appliance.
• Network-attached Luna HSM with HA clustering
• Cloud HSM (Data Protection on Demand service) for several major cloud service providers.