Leading cloud providers collaborate with Thales to give enterprise control of their encryption keys
Thales, a leader in critical information systems, cybersecurity and data security, announces its high-assurance data security technology is integrated with the leading cloud service provider platforms from Amazon Web Services (AWS), Google, Microsoft and Salesforce, allowing users to establish strong safeguards around their sensitive data and applications in the cloud, and giving them greater control and flexibility.
As organizations transition to digital business models, security is seen as one of the biggest inhibitors to their digital transformation. By collaborating with the world’s leading cloud service providers, Thales is making it easier to implement security in both traditional data center and cloud deployments, ensuring organizations retain control over their encryption keys and their data.
Together with Microsoft, Thales pioneered ‘bring your own key’ (BYOK), enabling enterprises to keep control of the keys used in Microsoft Azure. The resulting Microsoft Azure Key Vault with enhanced key controls, enabled by the Thales nShield hardware security module (HSM), allows enterprises to safeguard sensitive data, manage keys and maintain control. Today we announced a collaboration with Microsoft to provide key management services for Microsoft Azure and Microsoft Office 365 that will allow organizations to maximize the control of their data and provide the highest levels of assurance, regardless of whether the data is on premise or in the cloud.
Organizations using Amazon Web Services Key Management (AWS KMS) can take advantage of enhanced security and control of the encryption keys they use in the cloud and revoke or retire those keys as necessary through BYOK with hardware protection provided by Thales HSMs.
Also announced today is support for Google Cloud Platform’s Customer-Supplied Encryption Key (CSEK) functionality. Google Cloud Platform customers can now generate, protect and supply their encryption keys to the cloud using an on-premise, FIPS-certified nShield HSM from Thales, empowering enterprise customers who want to move workloads and data to the Google Cloud Platform but need to retain control of their key material on-premise.
The Salesforce Shield Platform Encryption enables enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromise to business functionality. Thales Key Management-as-a-Service for Salesforce adds controls that enable organizations to help meet compliance and best-practice requirements by storing, managing and maintaining tenant secrets used to derive encryption keys within a secure Thales-hosted environment.
Thales support for RESTful API provides crypto-as-a-service capabilities that enables organizations to deliver cryptographic services with more ease and flexibility, allowing easier integration with applications and deployment into public, private and hybrid cloud environments. Users can implement their key management and crypto functionality independently and without needing to understand the details of the nShield HSM environment – ensuring the time from project inception to application deployment is reduced to a minimum.
The security of any cloud service depends on the level of protection given to the cryptographic keys used to protect the confidentiality and integrity of sensitive data. One cannot underscore enough how hugely important this is. These keys are the root of trust in an enterprise’s entire system – if they are lost, so is the data. If they are stolen, secrets might not stay secret for long. Thales is collaborating with the leading cloud service providers to ensure enterprises are able to control their cryptographic keys and therefore trust that service with their most valuable assets, giving them the confidence to accelerate their cloud deployments.
Peter Galvin, vice president strategy at Thales e-Security