Thales Key Management as a Service
As organisations turn to multiple cloud service providers to solve different challenges, they are faced with new risks and added responsibilities when it comes to encryption key management. Thales’s Key Management as a Service (KMaaS) puts you back in control and allows you to manage keys for multiple cloud deployments from a unified and central dashboard. KMaaS will also enables customers to separate key management from provider-controlled encryption.
The KMaaS solution is hosted in Australia and supports a growing list of infrastructure, platform and software as a service (IaaS, PaaS and SaaS) providers. This ensures that you can securely manage the lifecycle of all keys with ease and compliance.
TheThales KMaaS solution offers multiple capabilities to support enhanced IT efficiency:
- Access to each cloud provider (including multiple accounts and subscriptions) from a unified and central dashboard
- Key rotation is automated, and streamlines consistent delivery
- Federated login as a simple mechanism for granting access to key data. Cloud service logins are authenticated and authorised by the service provider – no login database. Active Directory or Lightweight Directory Access Protocol configuration is required
- Full lifecycle management for keys created at the cloud provider are available if required
- Synchronisation of the KMaaS database with keys created at the cloud provider
Click here to read more about KMaaS.
Governance, Risk and Compliance services
Thales’s Governance, Risk and Compliance (GRC) function serves to address the complexity of risk in an increasingly volatile business environment. Evolving technologies, cyber threats and regulatory requirements have created a dynamic global risk environment, emphasising minimal time to plan and prepare mitigation.
The GRC team at Thales understands that risk management and compliance is more than simply ‘ticking boxes’, mitigation strategies and avoiding risk. The team can support your organisation in taking a holistic, proactive and strategic approach to foster your organisations’ growth and avoid failure in the pursuit of success.
Why Thales GRC:
- Integrate governance, risk and compliance for effective decision making
- Protect company reputation through better risk management
- Assess and mature your state of risk and compliance management practices
- Elevate risk culture and awareness. Develop risk indicators and strategies to mitigate risk
- Evaluate compliance with Essential Eight, NIST/CSF, ISMS (ISO 27001, ISO 31001, C2M2
- End-to-end governance, risk management and compliance policies and procedures
Situational Awareness Managed Service
The Situational Awareness Managed Service will be scalable from a core baseline capability. The baseline service will be installed to monitor and maximise visibility of organisational behaviours and logging abnormalities. This is based on a Hybrid On-Premise / Cloud Based approach which can be easily transitioned in either direction dependent on requirements. The Situational Awareness baseline service has been configured around six base use cases.
The six base use cases are:
- Security Authentication
- Critical Database and File Systems
- USB Activity
- Malicious Activity
- FTP Workflows
- Cloud Visibility
Once operational, Thales will be able to immediately highlight areas for improvement. The continued aggregation, analysis and visualisation of cyber security posture, security threats and other risk factors will support analysts and executives to make informed, accurate decisions that directly mitigate areas of risk and vulnerability.
The Essential Eight (E8) Managed Service offers customers a core baseline monitoring service of E8 requirements using the Huntsman product tool. The E8 service will be installed to monitor and maximise visibility of organisational behaviours, and logging abnormalities in relation to the current E8 compliance regime enforced by government. This is based on a Hybrid On-Premise DC which can be easily transitioned in either direction dependent on requirements. This baseline service has been configured to track the components that are required in building a strong cyber security posture for your organisation’s systems.
This is a list of the Essential Eight mitigation strategies:
- Application Whitelisting (Mandatory top four requirement from ASD)
- Patching Applications (Mandatory top four requirement from ASD)
- Restricting Administrative Privileges (Mandatory top four requirement from ASD)
- Patching Operating Systems (Mandatory top four requirement from ASD)
- Disabling Untrusted Microsoft Office Macros
- Using Application Hardening
- Multi-Factor Authentication
- Daily Backups
Risk Management as a Service
The Risk Management as a Service offers customers a business risk management and monitoring service, combining a corporate risk dashboard for all major business risks. This, combined with Thales' international intelligence, insights and a real time executive focussed risk dashboard, will provide organisations with a tool that can truly monitor operational and strategic risk in one location. Our risk forecast tool will also be provided, so businesses can properly assess business changes over time through a risk.
Thales will conduct an initial risk health check which will inform a subsequent discussion with the customer on the risks, mitigations, reporting and level of investment required to proactively manage risk systematically.
Security Testing as a Service
The Risk Management as a Service Essential offers customers a business risk management and monitoring service, combining a corporate risk dashboard for all major business risks (i.e. WHS, Finance, business operations, personnel, program / portfolio, commercial and legal, property, investments, cyber and physical security). This, combined with Thales' international intelligence and insights and a real time executive focussed risk dashboard, will provide organisations with the first tool that can truly monitor operational to strategic risk in one location. A risk forecast tool will also be provided, so businesses can properly assess changing business over time through a risk lens (i.e. mergers and acquisitions, divestments and their impact on: cyber, commercial, finance etc..)
The service will leverage off existing tools for corporate risk management, Thales' insights and intelligence platform, and customised board / executive focussed risk reporting templates to deliver operational to executive risk transparency in a simple fashion.
Once initial risk health checks (consulting work) have been completed within an organisation, and they choose to investment in a centralised system, Thales can programmatically invest in each risk lens to build out capability in a low investment fashion (taking on little initial platform investment itself).