Skip Navigation
  • Encrypt Everything

    Perimeter security isn’t sufficient for protecting agencies from breaches. Agencies need to safeguard their data, not just their network—that means encryption. Encryption inherently applies protection to the data itself so even if perimeters are breached, data is still protected.

    There are three steps to implementing an effective encryption strategy:

    • Identify sensitive data. Inventory your data and determine what is sensitive. Check data-at-rest in storage, file servers, applications, databases and removable media. Check in both on-premises data centers and cloud and virtual environments. Don’t lose sight of data that travels across networks. Data-in-motion is often sensitive too.
    • Protect sensitive data. After identifying data in need of protection, encrypt the data to keep it safe.
      • Encrypt data-in-motion - Secure data as it travels across the network with high speed encryption.
      • Encrypt data-at-rest  - Apply granular encryption and role-based access control for data residing in databases, applications, files and storage both on-premises and in the cloud.
    • Manage the protection. In addition to employing strong encryption, it’s critical that your cryptographic keys are treated with the same level of care. For maximum security, dedicated hardware key management protects sensitive cryptographic keys from attack.

    Encrypt your Sensitive Data Wherever it Resides

    Effective encryption should meet two core requirements:

    • Provide access controls - define who and what can access your data
    • Protect the data directly - apply protection and controls that sit with the data itself

    In addition to strong, centralized key management, ensure your data protection solution can also encrypt your sensitive data wherever it resides both at rest and in motion. 

  • Solutions

    Data-in-Motion Encryption Solutions

    SafeNet Ethernet Encryptors: High Speed Encryption
    SafeNet Ethernet Encryptors from Gemalto provide the assurance of FIPS certified security. Designed to support the growing movement towards these Ethernet services, the Ethernet Encryptors secure sensitive data more efficiently than higher layer protocols, thereby lowering the cost of network security and compliance.  SafeNet’s wide range of Ethernet Encryptors address the security and performance demands of both the largest and smallest environment.

    More Information

    Data-at-Rest Encryption Solutions

    SafeNet ProtectApp: Application-level Encryption
    SafeNet ProtectApp from Gemalto provides an interface for key management operations, as well as encryption of sensitive data. Once deployed, application-level data is encrypted as soon as it is generated or first processed and kept secure across its entire lifecycle, no matter where it is transferred, backed up, or copied. The solution enables the implementation of granular access controls that decouple administrative duties from data and encryption key access.

    ProtectApp Product Brief

    SafeNet Tokenization : Application-level Tokenization Service
    SafeNet Tokenization from Gemalto protects sensitive data (primary account numbers, social security numbers, phone numbers, passwords, email addresses, etc.) by replacing it with a unique token that is stored, processed or transmitted in place of the clear data.

    SafeNet ProtectDB : Column-level Database Encryption
    SafeNet ProtectDB provides transparent column-level encryption of structured data residing in databases. It enables large amounts of sensitive data to be moved in and out of the data stores rapidly by efficiently encrypting and decrypting specific fields in databases that may contain millions of records. The solution is extremely scalable and works across on- premises, virtual, and cloud environments.

    ProtectDB Product Brief

    SafeNet ProtectFile: File Encryption
    SafeNet ProtectFile from Gemalto provides transparent and automated file-system level encryption of server data at rest in the distributed enterprise, including DAS, SAN, and NAS servers using CIFS/NFS file sharing protocols. The solution encrypts unstructured, sensitive data on servers including word processing documents,  spreadsheets,  images,  database files, exports, archives, and backups, and big data implementations.

    ProtectFile Product Brief

    SafeNet ProtectV: Full Disk Encryption of Virtual Machines
    SafeNet ProtectV from Gemalto encrypts sensitive data within instances, virtual machines, as well as attached storage volumes in virtual and cloud environments. The solution enables agencies to maintain complete ownership and control of data and encryption keys. With SafeNet ProtectV, data is safeguarded and completely isolated from the cloud service provider, tenants in shared environments, or any other unauthorized party. Through SafeNet ProtectV’s centralized management console, agencies can audit and obtain compliance reporting on users accessing secured data.

    ProtectV Product Brief

    ProtectSED: Self-encrypting Drive Protection
    ProtectSED manages and distributes cryptographic keys for self-encrypting drives located at disparate sites. The solution unifies and centralizes policy management, logging and auditing to make information more readily accessible and demonstrate compliance with data governance requirements.  ProtectSED also gives agencies the ability to remotely wipe self-encrypting drives rendering them unusable and effectively protecting data from being compromised.

    ProtectSED Information

    Cryptographic Key Management

    KeySecure for Government: Centralized Key Management Platform
    KeySecure for Government supports a broad encryption ecosystem for the protection of sensitive data in databases, file servers and storage, virtual workloads, and applications across traditional and virtualized data centers and public cloud environments. It is available in either a hardware or virtual appliance.

    KeySecure for Government supports a hardware root of trust utilizing a FIPS 140-2 Level 2 or 3 Luna for Government hardware security module (embedded in hardware appliance or network-attached for virtual appliance) or the Amazon CloudHSM service (virtual appliance only).

    KeySecure for Government Information

    Hardware Security Modules for Government
    Hardware Security Modules for Government (HSMs) protect transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services for a wide range of applications. Dedicated crypto processors specifically designed for the protection of the encryption key lifecycle, HSMs act as trust anchors that protect an agency’s cryptographic infrastructure by securely managing, processing, and storing cryptographic keys inside a hardened, tamper-resistant device.

    HSMs for Government Information

  • Encrypt Everything Ecosystem


Connect with us

Learn more about our products, solutions and services Contact SafeNet AT