thales e-security corporate presentation

www.thales-esecurity.com OPEN

Thales e-Security + Vormetric

Together, Data Protection with Management, Speed and Trust.

2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.

OPEN

Increased connectivity drives need for trusted relationships


OPEN

169MM

… and relationships depend on trusting that data is secure

Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors.

$154The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record.

38%

In 2015, there were 38 percent more security incidents detected than in 2014.

74%

74 percent of CISOs are concerned about employees stealing sensitive company information.


OPEN

Encryption solves

Source: 2016 Vormetric Data Threat Report

Best Practice53%

Reputation41%

Compliance

52%Data

Residency38%

Legal/Financial31%

IP/Competitive

19%


OPEN

… and is now perceived as a strategic business enabler

Source: 2016 Global Encryption Trends Study

FY2005 FY2015

15%

38%37%

15%

Does YOUR company have an encryption strategy?

Company has an enterprise encryption strategyCompany does not have an enterprise encryption strategy


OPEN

Each use case requires individual infrastructure, management consoles and training

Complex • Inefficient • Expensive

CustomerRecords

DB/ File Encryptio

n

Secure Analytics

Big Data

PII

Application

Encryption

PCI,PHI

TokenizationData

Masking

Internet of

Things

Public KeyInfra (PKI)

Use Cases

CloudMigration

Cloud Security

Payment related apps

TransactionSecurity

ScriptDevelopmen

t

Code Signing

This increased adoption has created encryption silos


OPEN

Slide No: 7

THE COMBINATION OF THALES E-SECURITY AND VORMETRIC WILL CREATE A POWERHOUSE IN DATA

SECURITY, WITH A BROAD RANGE OF ENCRYPTION, KEY MANAGEMENT

AND TOKENIZATION CAPABILITIES THAT FEW VENDORS WILL BE ABLE TO MATCH.

GARRET BEKKER – SENIOR ANALYST


OPEN

Together, data protection with management, speed and trust

Vormetric + Thales e-Security provides the platform of trust with theworld’s best Key Management and

Data Encryption solutions

Data Protection Platform


Key Management Encryption



OPEN

The value we deliver together

▌ We protect data in more environments

On premise, in the cloud, database, file, applications, container, at rest and in motion

▌ In more ways

Encryption, Tokenization, Masking, Identity, Signing

▌ Providing the most comprehensive, automated key management

Through out the data life cycle

▌ With the highest levels of Assurance

FIPS Levels 1,2 &3, Common Criteria, PCI HSM, DPA (Side Channel Attack Mitigation)

▌ Using common platforms

The least disruptive, easiest to deploy, and manage at the lowest life cycle cost

+


Our Solutions


OPEN

Comprehensive data protection product portfolio

DATA PROTECTION SOFTWARE

DATA PROTECTION HARDWARE


OPEN



Together, removing complexity, inefficiency and cost

DATA PROTECTIONHARDWARE

DATA PROTECTIONSOFTWARE

CustomerRecords

DB/ File Encryptio

n

Secure Analytics

Big Data

PII

Application

Encryption

PCI, PHI

Tokenization

Data Masking

Internet of

Things

Public KeyInfra (PKI)

Use Cases

CloudMigration

Cloud Security

Payment related apps

Transaction

Security

ScriptDevelopmen

t

Code Signing


OPEN

Thales e-Security + Vormetric Prepared to Protect

▌ Our Company

750+ employees across 50+ countriesMore than 10,000 customers across 100 countriesGlobal Services and SupportLeader in certified security solutions - FIPS, Common Criteria, PCI HSM20 leading cloud service providers offer our solution

▌ Our Customer

19 of the 20 largest banks 15 of the fortune 30 companies3,000 financial institutions worldwide4 of 5 top energy companies4 out of the 5 aerospace companies


OPEN

More Environments

More Ways

Most Comprehensive

More Securely

Lowest Cost

More Ways

Most Comprehensive

More Securely

Lowest Cost

More Environments

www.thales-esecurity.comOPEN

THALES GROUP INTERNALTHALES GROUP CONFIDENTIAL

THALES GROUP SECRET

Thank You


For Legacy TeS Customers and ChannelsFor Identification of Vormetric Opportunity


OPEN

Questions leading to the value of the platform

▌Are you finding it costly and difficult to manage a large number of point encryption solutions?

▌Are you being asked to define a data-at-rest encryption strategy?

▌Do you want to reduce operational cost to your business by offering encryption-as-a-service?

Have you considered a key management strategy and the associated TCO?Are you considering current and future requirements? Such as environments and new technologies?Do you know when root users access data? When they SU and access data as a credentialed user? How do you automate and alarm on this data?


OPEN

Vormetric Data Security Platform: Qualifying Questions

▌ How are you currently protecting your sensitive and regulated data at rest?

What environments do you have? Windows, Unix, Linux; physical virtual cloud …Are your priorities to protect structured or unstructured data?What technologies for data-at-rest in Big Data or Containers are you using?Do you have multiple key managers? Need help with Nutanix, TDE keys or other devices with native encryption?

▌ Are you concerned about Root and IT Privileged user access?Do you need access controls that stops misuse of privilege user credentials?Are you interested in Security Intelligence logs that provide indicators of compromise and integrate with SIEMs?What about malware and APTs that are leveraging the privileged user credentials?


OPEN

Vormetric Data Security Platform: Qualifying Questions

▌ Are you planning to build security up the stack and into your applications?

To protect PII, PCI, PHI …Do you have users that need access to portions of the data?Are you considering Vaultless Tokenization, Data masking, or application encryption?

▌ Are your users storing information in S3, Box or other S3-like services (Caringo/object storage)

Do users have the ability to store files in the environments aboveDo want to encrypt on premise and keep your keys on premise before the data reaches the cloud?


OPEN

Customer Risk Determines Which Products to Position

Application/Database

File System

Disk

SECU

RITY

COM

PLEX

ITY


OPEN


File encryption with access control


File System

Disk

SECU

RITY

COM

PLEX

ITY

App Level Encryption, Tokenization,

TDE, Data Masking

Full Disk Encryption (FDE)

Protect From

vDatabase Admins, SQL Injections

Physical theft of media

External threats, Privileged User


OPEN


Do you want to encrypt specific fields in columns?

Do you want to encrypt files, file shares or databases?

Do you want mask data based on user authorization?

Do you have Full Disk Encryption?KMIP Client Devices?Certificates to vault?


File System

Disk


OPEN

Vormetric Products Protect at Different Levels in the Stack


File System

Disk Key Management

EncryptionGateway

TransparentEncryption

ApplicationEncryption Tokenization


OPEN

Products for Specific Use Cases

▌Do you have sensitive data in:Teradata?

SAP HANA?

S3, Box, S3-compatible services?

Do you want to store keys on a central KMS? (VAE/KMIP/Vault/TDE)

Encryption

Gateway

Key Managemen

t



OPEN

Differentiating with the Vormetric Data Security Platform▌ Vormetric Data Security Platform

Mix products and solutions Enterprise-wideDeliver centralized key managementFIPS and Common Criteria validatedAlways ready for the next use case

▌ EnvironmentsAny data: Structured and UnstructuredAny Server: Windows, Linux, UnixAnywhere: Hybrid clouds and physicalCutting edge: Big Data, Docker, REST APIs

▌ EffectiveFlexible, fast deploymentEfficient operations and performanceProven scalability

ApplicationEncryption

Encryption

Gateway

Vormetric Data Security

ManagerTokenizatio

n

DataMasking

Key Managemen

t

Security Intelligence



OPEN

More Environments

More Ways

Most Comprehensive

More Securely

Lowest Cost

More Ways

Most Comprehensive

More Securely

Lowest Cost

More Environments


For Legacy Vormetric Customers and ChannelsFor Identification of TeS Opportunity


OPEN

nShield HSMs are FIPS 140-2 Level 3 certified

The nShield HSM family

▌Market leading platform for trusted applications

Certified implementations of all leading algorithmsWorld’s fastest ECC performanceProven integration and developer supportSecure execution for tamper resistant applications

• Network attached appliance• Shared crypto resource• High-volume transactions• High availability

nShield Connect

• Server-embedded card• Dedicated processing• High performance• Compact PCIe design

nShield SolonShield Edge

• Portable HSM• Personal use• Small

footprint• USB interface


OPEN

Optimized key management architecture

Operational Ease

Hardened Security

• Strict policy enforcement

• No single point

of attack• Powerful separationof duties

• Zero-impact backups

• Unlimited key capacity

• Simplified key distribution

ThalesSecurityWorld

Architecture


OPEN

nShield use cases – a small sample

E-Ticketing

Digital Cinema

Manufacturing▌ Digitally signed barcode

helps ensure integrity and authenticity

▌ Authentication between playback devices and servers, content encryption, watermarking

▌ Unique identities & device authenticity to prevent counterfeiting

▌ Digital currency

▌ Cardholder data protection

Cloud▌ HSM provider for

Microsoft Azure Key Vault

▌ First to provide ability to Bring Your Own Key to the cloud


OPEN

nShield - Data Protection

▌ nShield

▌ Are you standing up or refreshing a public key infrastructure (PKI)?

▌ Does your organization hold sensitive card holder or personal identifying information (PII)?

▌ Is your organization required to follow data privacy regulations?

▌ Do you control confidential intellectual property or high technology manufacturing processes?

▌ Are you protecting critical applications using software-based cryptography and have a need for stronger controls, such as—

Isolation of encryption keys and crypto processes from the host environment Anti-tamper techniques for physical protection Strong authentication for administrators Strongly separated administrator domains Strongly enforced roles-based access and control High integrity random number generation to ensure key strength Processing offload to boost capacity?


OPEN

Payment HSM Typical applications

Card Issuing Payment Processing


OPEN

payShield use cases

Mobile Point of Sale (mPOS)

Mobile ProvisioningTransaction Processing▌PIN block translation and

card data validation to authorize transactions for any card scheme

▌ Point to Point Encryption (P2PE) protects payment data and reduces merchant PCI DSS scope

Host Card Emulation (HCE)

▌ Secure mobile contactless payments at the point of sale

▌ Secure Element key management and application personalization

Card Issuance▌ Secure EMV card

data preparation and PIN generation


OPEN

Payment Applications (Issuing / Acquiring)

▌ payShield

▌ Which payment application are you using – in-house or from a Thales ASAP partner (and If so, which one)?

▌ What unique security requirements do you have that are not fulfilled by off-the-shelf solutions?

▌ Do you require PCI HSM compliance in advance of card scheme mandates?

▌ Which new mobile payment solutions are you expecting to support?

▌ Have you considered HSM options to help lower your operating costs, including

payShield Manager to eliminate most travel to data centers? CipherTrust for 24 X 7 monitoring of HSM utilization to identify performance bottlenecks? Dedicated software base packages to lower deployment costs? High resilience configurations to help deliver maximum system uptime? Software performance upgrades to maximize HSM investment?

thales e-security corporate presentation

Technology