Thales

Thales Group offering includes technologically advanced solutions for land transportation, defense, security, aviation and space. Thanks to the merger with Gemalto, the offering has been expanded with cybersecurity solutions such as data encryption, strong authentication and access and digital identity management. The factory in Tczew, one of the largest and most advanced of its kind in the world, produces cryptographic cards, payment cards and other secure documents.

MORE INFORMATION

https://www.thalesgroup.com/en

* Please note that Thales solutions are not available in CLICO distribution in Estonia.

Description of technology

Data Encryption

High Speed Encryptor - fast network encryptor preventing eavesdropping of data on the telecommunications link between company branches. Enables encryption on the ISO/OSI Layer 2 and 3. Constant, microsecond latency, up to 100 GB bandwidth, FIPS-140-2 level 3 certification.

KMIP - Key Management Interoperability Protocol support, enabling you to connect third-party systems and secure data stored in them

KeySecure - centralized key management platform. It supports KMIP, so you can simply integrate it with your current systems (e.g. NetApp). FIPS-140-2 Level 1 and 3 certification (using HSM)

ProtectApp, Tokenization - programming library for the most aware users, which will enable you to encrypt any data at the point of their creation

ProtectDB - column-level protection of information stored in the database plus additional access control

ProtectFile - transparent file-level encryption (including files on network shares) plus additional access control

Vormetric - Vormetric offers transparent, on-the-fly encryption of data stored in various systems, regardless of the form in which they are stored. It enables integration with SQL database systems (e.g. MS SQL, Oracle), Big Data systems (e.g. Hadoop, Couchbase), containers (e.g. Docker, OpenShift) and cloud environments (e.g. AWS S3, Glacier, AZURE Storage, Files). Encrypted data is also protected by additional access control that enables access to data (or to cryptogram) only to authorized persons. Encryption keys as well as encryption and access control policies are administered from the central management platform, which can be integrated with HSM.

Database Security

ProtectDB - ProtectDB offers column-level cryptographic protection of data stored in databases. The encryption is transparent for the user and the application. Data backups are also protected. If ProtectDB is used in development projects, it will release developers from all responsibility for encryption. ProtectDB also allows the use of additional access control. Database administrators will not have access to stored data. However, they will be able to monitor the work of the database systems, make backups or manage database users. ProtectDB cooperates with the KeySecure centralized key storage with FIPS-140-2 Level 1 and 3 certification (using HSM).

HSM

Luna HSM - general-purpose hardware security module available in the network version (Network HSM), as a standalone PCI-E card and USB device; with authentication by password (PW Auth) or with a dedicated device using strong, two-factor authentication (PED Auth)

ProtectServer - configurable security modules with a higher level of flexibility and lower cost of ownership. ProtectServer HSM is available in the Network HSM and PCI-E variants

payShield HSM / Luna Payment HSM (Luna EFT) - specialized security module dedicated to handling financial transactions.

User Authentication

SafeNet Trusted Access - SafeNet Trusted Access (STA) is a state-of-the-art system for strong authentication and managing users' access to multiple systems and applications. It is very useful for securing remote employee access to company resources, but it has more uses. The manufacturer has tested and documented integration with over 300 third-party solutions, including products installed in the client's network and online services such as Office 365. STA can be integrated with multiple security solutions in Clico's portfolio. STA also secures users' login to their computers, thus protecting their identity from the very beginning. Logging in to subsequent applications is automated thanks to Smart SSO, which analyzes, among other things, who is gaining access to which application from what location and device, and requires an appropriate authentication method adequate to the risk associated with a given user access. Access to subsequent applications is also facilitated by the user portal embedded in STA. STA supports many authentication methods, including domain password, kerberos and one-time password, generated by a hardware or software token, including Push OTP, biometrics, digital certificate and other methods that do not require a token, e.g. grIDsure and one-time password sent via SMS or e-mail. With all these features, STA enables strong authentication and access management wherever it is needed, regardless of whether you need to secure access for employees, contractors or citizens. STA has been created to improve cloud identity management and eliminate the use of multiple user and administrator passwords which are difficult to maintain and manage. STA provides an intuitive management panel with insight into events within all applications to make sure that a user with the proper level of trust has access to the right application.

Smart cards, readers, USB tokens - Thales offers many types of cards for various purposes. The most common include standard smart cards, which in addition to logging into an operating system can be applied to encryption, signing of e-mails and files and authentication in combination with VPN — all thanks to the contact module enabling the use of the digital user certificate. Thales portfolio also includes dual cards which thanks to the use of an internal antenna connected to the chip enable contact and contactless access to data via NFC technology. The most popular cards in enterprises are hybrid cards, which in addition to the contact module have an independent chip (e.g. Mifare), making it possible to use the card with systems for regulating working time or physical access control, e.g. to the company, office and rooms where unauthorized access cannot be allowed. This convergent solution enables you to offer one card which serves as a single employee ID by combining logical access to IT systems and physical access to the premises. In all cases where the use of a card is not possible, e.g. due to the inability to use card readers, Thales offers the so-called eTokens, i.e. smart cards in the form of a small USB key. There are models equipped with a touch sensor which require proof of presence. With certifications such as Common Criteria, QSCD, or FIPS 140-2 Level 3, Thales solutions help to achieve compliance with regulations such as eIDAS and GDPR. The software available along with Thales cards makes it possible to use them by multiple operating systems and applications and saves time and resources by improving the management of cards and digital user credentials stored on them.

Helpful files