thales e-security corporate presentation
TRANSCRIPT
www.thales-esecurity.com OPEN
Thales e-Security + Vormetric
Together, Data Protection with Management, Speed and Trust.
2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Increased connectivity drives need for trusted relationships
3This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
169MM
… and relationships depend on trusting that data is secure
Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors.
$154The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record.
38%
In 2015, there were 38 percent more security incidents detected than in 2014.
74%
74 percent of CISOs are concerned about employees stealing sensitive company information.
4This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Encryption solves
Source: 2016 Vormetric Data Threat Report
Best Practice53%
Reputation41%
Compliance
52%Data
Residency38%
Legal/Financial31%
IP/Competitive
19%
5This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
… and is now perceived as a strategic business enabler
Source: 2016 Global Encryption Trends Study
FY2005 FY2015
15%
38%37%
15%
Does YOUR company have an encryption strategy?
Company has an enterprise encryption strategyCompany does not have an enterprise encryption strategy
6This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Each use case requires individual infrastructure, management consoles and training
Complex • Inefficient • Expensive
CustomerRecords
DB/ File Encryptio
n
Secure Analytics
Big Data
PII
Application
Encryption
PCI,PHI
TokenizationData
Masking
Internet of
Things
Public KeyInfra (PKI)
Use Cases
CloudMigration
Cloud Security
Payment related apps
TransactionSecurity
ScriptDevelopmen
t
Code Signing
This increased adoption has created encryption silos
7This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Slide No: 7
THE COMBINATION OF THALES E-SECURITY AND VORMETRIC WILL CREATE A POWERHOUSE IN DATA
SECURITY, WITH A BROAD RANGE OF ENCRYPTION, KEY MANAGEMENT
AND TOKENIZATION CAPABILITIES THAT FEW VENDORS WILL BE ABLE TO MATCH.
GARRET BEKKER – SENIOR ANALYST
8This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Together, data protection with management, speed and trust
Vormetric + Thales e-Security provides the platform of trust with theworld’s best Key Management and
Data Encryption solutions
Data Protection Platform
Data Protection Platform
Key Management Encryption
Key Management Encryption
9This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
The value we deliver together
▌ We protect data in more environments
On premise, in the cloud, database, file, applications, container, at rest and in motion
▌ In more ways
Encryption, Tokenization, Masking, Identity, Signing
▌ Providing the most comprehensive, automated key management
Through out the data life cycle
▌ With the highest levels of Assurance
FIPS Levels 1,2 &3, Common Criteria, PCI HSM, DPA (Side Channel Attack Mitigation)
▌ Using common platforms
The least disruptive, easiest to deploy, and manage at the lowest life cycle cost
+
www.thales-esecurity.com OPEN
Our Solutions
11This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Comprehensive data protection product portfolio
DATA PROTECTION SOFTWARE
DATA PROTECTION HARDWARE
12This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Data Protection Platform
Key Management Encryption
Together, removing complexity, inefficiency and cost
DATA PROTECTIONHARDWARE
DATA PROTECTIONSOFTWARE
CustomerRecords
DB/ File Encryptio
n
Secure Analytics
Big Data
PII
Application
Encryption
PCI, PHI
Tokenization
Data Masking
Internet of
Things
Public KeyInfra (PKI)
Use Cases
CloudMigration
Cloud Security
Payment related apps
Transaction
Security
ScriptDevelopmen
t
Code Signing
13This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Thales e-Security + Vormetric Prepared to Protect
▌ Our Company
750+ employees across 50+ countriesMore than 10,000 customers across 100 countriesGlobal Services and SupportLeader in certified security solutions - FIPS, Common Criteria, PCI HSM20 leading cloud service providers offer our solution
▌ Our Customer
19 of the 20 largest banks 15 of the fortune 30 companies3,000 financial institutions worldwide4 of 5 top energy companies4 out of the 5 aerospace companies
14This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
More Environments
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Environments
www.thales-esecurity.comOPEN
THALES GROUP INTERNALTHALES GROUP CONFIDENTIAL
THALES GROUP SECRET
Thank You
www.thales-esecurity.com OPEN
For Legacy TeS Customers and ChannelsFor Identification of Vormetric Opportunity
17This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Questions leading to the value of the platform
▌Are you finding it costly and difficult to manage a large number of point encryption solutions?
▌Are you being asked to define a data-at-rest encryption strategy?
▌Do you want to reduce operational cost to your business by offering encryption-as-a-service?
Have you considered a key management strategy and the associated TCO?Are you considering current and future requirements? Such as environments and new technologies?Do you know when root users access data? When they SU and access data as a credentialed user? How do you automate and alarm on this data?
18This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Vormetric Data Security Platform: Qualifying Questions
▌ How are you currently protecting your sensitive and regulated data at rest?
What environments do you have? Windows, Unix, Linux; physical virtual cloud …Are your priorities to protect structured or unstructured data?What technologies for data-at-rest in Big Data or Containers are you using?Do you have multiple key managers? Need help with Nutanix, TDE keys or other devices with native encryption?
▌ Are you concerned about Root and IT Privileged user access?Do you need access controls that stops misuse of privilege user credentials?Are you interested in Security Intelligence logs that provide indicators of compromise and integrate with SIEMs?What about malware and APTs that are leveraging the privileged user credentials?
19This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Vormetric Data Security Platform: Qualifying Questions
▌ Are you planning to build security up the stack and into your applications?
To protect PII, PCI, PHI …Do you have users that need access to portions of the data?Are you considering Vaultless Tokenization, Data masking, or application encryption?
▌ Are your users storing information in S3, Box or other S3-like services (Caringo/object storage)
Do users have the ability to store files in the environments aboveDo want to encrypt on premise and keep your keys on premise before the data reaches the cloud?
20This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Customer Risk Determines Which Products to Position
Application/Database
File System
Disk
SECU
RITY
COM
PLEX
ITY
21This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Customer Risk Determines Which Products to Position
File encryption with access control
Application/Database
File System
Disk
SECU
RITY
COM
PLEX
ITY
App Level Encryption, Tokenization,
TDE, Data Masking
Full Disk Encryption (FDE)
Protect From
vDatabase Admins, SQL Injections
Physical theft of media
External threats, Privileged User
22This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Customer Risk Determines Which Products to Position
Do you want to encrypt specific fields in columns?
Do you want to encrypt files, file shares or databases?
Do you want mask data based on user authorization?
Do you have Full Disk Encryption?KMIP Client Devices?Certificates to vault?
Application/Database
File System
Disk
23This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Vormetric Products Protect at Different Levels in the Stack
Application/Database
File System
Disk Key Management
EncryptionGateway
TransparentEncryption
ApplicationEncryption Tokenization
24This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Products for Specific Use Cases
▌Do you have sensitive data in:Teradata?
SAP HANA?
S3, Box, S3-compatible services?
Do you want to store keys on a central KMS? (VAE/KMIP/Vault/TDE)
Encryption
Gateway
Key Managemen
t
TransparentEncryption
25This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Differentiating with the Vormetric Data Security Platform▌ Vormetric Data Security Platform
Mix products and solutions Enterprise-wideDeliver centralized key managementFIPS and Common Criteria validatedAlways ready for the next use case
▌ EnvironmentsAny data: Structured and UnstructuredAny Server: Windows, Linux, UnixAnywhere: Hybrid clouds and physicalCutting edge: Big Data, Docker, REST APIs
▌ EffectiveFlexible, fast deploymentEfficient operations and performanceProven scalability
ApplicationEncryption
Encryption
Gateway
Vormetric Data Security
ManagerTokenizatio
n
DataMasking
Key Managemen
t
Security Intelligence
TransparentEncryption
26This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
More Environments
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Environments
www.thales-esecurity.com OPEN
For Legacy Vormetric Customers and ChannelsFor Identification of TeS Opportunity
28This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
nShield HSMs are FIPS 140-2 Level 3 certified
The nShield HSM family
▌Market leading platform for trusted applications
Certified implementations of all leading algorithmsWorld’s fastest ECC performanceProven integration and developer supportSecure execution for tamper resistant applications
• Network attached appliance• Shared crypto resource• High-volume transactions• High availability
nShield Connect
• Server-embedded card• Dedicated processing• High performance• Compact PCIe design
nShield SolonShield Edge
• Portable HSM• Personal use• Small
footprint• USB interface
29This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Optimized key management architecture
Operational Ease
Hardened Security
• Strict policy enforcement
• No single point
of attack• Powerful separationof duties
• Zero-impact backups
• Unlimited key capacity
• Simplified key distribution
ThalesSecurityWorld
Architecture
30This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
nShield use cases – a small sample
E-Ticketing
Digital Cinema
Manufacturing▌ Digitally signed barcode
helps ensure integrity and authenticity
▌ Authentication between playback devices and servers, content encryption, watermarking
▌ Unique identities & device authenticity to prevent counterfeiting
▌ Digital currency
▌ Cardholder data protection
Cloud▌ HSM provider for
Microsoft Azure Key Vault
▌ First to provide ability to Bring Your Own Key to the cloud
31This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
nShield - Data Protection
▌ nShield
▌ Are you standing up or refreshing a public key infrastructure (PKI)?
▌ Does your organization hold sensitive card holder or personal identifying information (PII)?
▌ Is your organization required to follow data privacy regulations?
▌ Do you control confidential intellectual property or high technology manufacturing processes?
▌ Are you protecting critical applications using software-based cryptography and have a need for stronger controls, such as—
Isolation of encryption keys and crypto processes from the host environment Anti-tamper techniques for physical protection Strong authentication for administrators Strongly separated administrator domains Strongly enforced roles-based access and control High integrity random number generation to ensure key strength Processing offload to boost capacity?
32This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Payment HSM Typical applications
Card Issuing Payment Processing
33This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
payShield use cases
Mobile Point of Sale (mPOS)
Mobile ProvisioningTransaction Processing▌PIN block translation and
card data validation to authorize transactions for any card scheme
▌ Point to Point Encryption (P2PE) protects payment data and reduces merchant PCI DSS scope
Host Card Emulation (HCE)
▌ Secure mobile contactless payments at the point of sale
▌ Secure Element key management and application personalization
Card Issuance▌ Secure EMV card
data preparation and PIN generation
34This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Payment Applications (Issuing / Acquiring)
▌ payShield
▌ Which payment application are you using – in-house or from a Thales ASAP partner (and If so, which one)?
▌ What unique security requirements do you have that are not fulfilled by off-the-shelf solutions?
▌ Do you require PCI HSM compliance in advance of card scheme mandates?
▌ Which new mobile payment solutions are you expecting to support?
▌ Have you considered HSM options to help lower your operating costs, including
payShield Manager to eliminate most travel to data centers? CipherTrust for 24 X 7 monitoring of HSM utilization to identify performance bottlenecks? Dedicated software base packages to lower deployment costs? High resilience configurations to help deliver maximum system uptime? Software performance upgrades to maximize HSM investment?