Merged with the leading cloud service provider platforms from Amazon Web Services (AWS), Google, Microsoft and Salesforce, Thales unveils its high-assurance data security technology to allow users to establish strong protect their sensitive data and applications in the cloud, and giving them greater control and flexibility.
As organisations move to digital business models, security is acknowledged as one of the biggest challenges to their digital transformation. By teaming up with the world's leading cloud service providers, Thales is making it easier to implement security in both traditional data centre and cloud deployments, ensuring organisations retain control over their encryption keys and their data.
Together with Microsoft, Thales pioneered "bring your own key" (BYOK), allowing enterprises to keep control of the keys used in Microsoft Azure. The resulting Microsoft Azure Key Vault with improved key controls, enabled by the Thales nShield hardware security module (HSM), enables enterprises to safeguard sensitive data, manage keys and maintain control. Thales announced a collaboration with Microsoft to offer key management services for Microsoft Azure and Microsoft Office 365 that will allow organisations to expand the control of their data and offer the highest levels of assurance, regardless of whether the data resides.
Organisations using Amazon Web Services Key Management (AWS KMS) can leverage enhanced security and control of the encryption keys they use in the cloud, and revoke or retire those keys as necessary through BYOK with hardware protection provided by Thales HSMs.
Also announced was support for Google Cloud Platform's Customer-Supplied Encryption Key (CSEK) functionality. Google Cloud Platform customers can now produce, protect and supply their encryption keys to the cloud using an on-premise, FIPS-certified nShield HSM from Thales. This encourages enterprise customers who want to shift workloads and data to the Google Cloud Platform but need to retain control of their key material on premise.
The Salesforce Shield Platform Encryption allows enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromising business functionality. Thales Key Management-as-a-Service for Salesforce adds controls that enable organisations to help meet compliance and best-practice requirements by storing, administering and maintaining tenant secrets used to derive encryption keys within a secure Thales-hosted environment.
Thales support for RESTful API offers crypto-as-a-service capabilities that allows organisations to deliver cryptographic services with more ease and flexibility, enabling easier integration with applications and deployment into public, private and hybrid cloud environments. Users can implement their key management and crypto functionality independently and without having to understand the details of the nShield HSM environment – ensuring the time from project inception to application deployment is reduced to a minimum.
According to Peter Galvin, Vice President Strategy at Thales e-Security, "The security of any cloud service depends on the level of protection given to the cryptographic keys used to protect the confidentiality and integrity of sensitive data. One cannot underscore enough how hugely important this is. These keys are the root of trust in an enterprise's entire system – if they are lost, so is the data. If they are stolen, secrets might not stay secret for long. Thales is collaborating with the leading cloud service providers to ensure enterprises are able to control their cryptographic keys and therefore trust that service with their most valuable assets, giving them the confidence to accelerate their cloud deployments."