Perimeter security isn’t sufficient for protecting agencies from breaches. Agencies need to safeguard their data, not just their network—that means encryption. Encryption inherently applies protection to the data itself so even if perimeters are breached, data is still protected.
There are three steps to implementing an effective encryption strategy:
Encrypt your Sensitive Data Wherever it Resides
Effective encryption should meet two core requirements:
In addition to strong, centralized key management, ensure your data protection solution can also encrypt your sensitive data wherever it resides both at rest and in motion.
Data-in-Motion Encryption Solutions
SafeNet Ethernet Encryptors: High Speed Encryption
SafeNet Ethernet Encryptors from Gemalto provide the assurance of FIPS certified security. Designed to support the growing movement towards these Ethernet services, the Ethernet Encryptors secure sensitive data more efficiently than higher layer protocols, thereby lowering the cost of network security and compliance. SafeNet’s wide range of Ethernet Encryptors address the security and performance demands of both the largest and smallest environment.
Data-at-Rest Encryption Solutions
SafeNet ProtectApp: Application-level Encryption
SafeNet ProtectApp from Gemalto provides an interface for key management operations, as well as encryption of sensitive data. Once deployed, application-level data is encrypted as soon as it is generated or first processed and kept secure across its entire lifecycle, no matter where it is transferred, backed up, or copied. The solution enables the implementation of granular access controls that decouple administrative duties from data and encryption key access.
SafeNet Tokenization : Application-level Tokenization Service
SafeNet Tokenization from Gemalto protects sensitive data (primary account numbers, social security numbers, phone numbers, passwords, email addresses, etc.) by replacing it with a unique token that is stored, processed or transmitted in place of the clear data.
SafeNet ProtectDB : Column-level Database Encryption
SafeNet ProtectDB provides transparent column-level encryption of structured data residing in databases. It enables large amounts of sensitive data to be moved in and out of the data stores rapidly by efficiently encrypting and decrypting specific fields in databases that may contain millions of records. The solution is extremely scalable and works across on- premises, virtual, and cloud environments.
SafeNet ProtectFile: File Encryption
SafeNet ProtectFile from Gemalto provides transparent and automated file-system level encryption of server data at rest in the distributed enterprise, including DAS, SAN, and NAS servers using CIFS/NFS file sharing protocols. The solution encrypts unstructured, sensitive data on servers including word processing documents, spreadsheets, images, database files, exports, archives, and backups, and big data implementations.
SafeNet ProtectV: Full Disk Encryption of Virtual Machines
SafeNet ProtectV from Gemalto encrypts sensitive data within instances, virtual machines, as well as attached storage volumes in virtual and cloud environments. The solution enables agencies to maintain complete ownership and control of data and encryption keys. With SafeNet ProtectV, data is safeguarded and completely isolated from the cloud service provider, tenants in shared environments, or any other unauthorized party. Through SafeNet ProtectV’s centralized management console, agencies can audit and obtain compliance reporting on users accessing secured data.
ProtectSED: Self-encrypting Drive Protection
ProtectSED manages and distributes cryptographic keys for self-encrypting drives located at disparate sites. The solution unifies and centralizes policy management, logging and auditing to make information more readily accessible and demonstrate compliance with data governance requirements. ProtectSED also gives agencies the ability to remotely wipe self-encrypting drives rendering them unusable and effectively protecting data from being compromised.
Cryptographic Key Management
KeySecure for Government: Centralized Key Management Platform
KeySecure for Government supports a broad encryption ecosystem for the protection of sensitive data in databases, file servers and storage, virtual workloads, and applications across traditional and virtualized data centers and public cloud environments. It is available in either a hardware or virtual appliance.
KeySecure for Government supports a hardware root of trust utilizing a FIPS 140-2 Level 2 or 3 Luna for Government hardware security module (embedded in hardware appliance or network-attached for virtual appliance) or the Amazon CloudHSM service (virtual appliance only).
Hardware Security Modules for Government
Hardware Security Modules for Government (HSMs) protect transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services for a wide range of applications. Dedicated crypto processors specifically designed for the protection of the encryption key lifecycle, HSMs act as trust anchors that protect an agency’s cryptographic infrastructure by securely managing, processing, and storing cryptographic keys inside a hardened, tamper-resistant device.